Android Question What the best way to protect urls (GET POST) ?

Douglas Farias · Jan 25, 2018

Hi all.
i made some tests in some apps of google play with Fiddler.
this programm get the GET and POSTS of apps, if your app make a get ou post i can get it with fiddler.

my question, its possible block the fiddler and another programs like fiddler?
the fiddler use a proxy and you see on pc all the url requests. (HEADER,XML,JSON etc...)

this is a big problem for a lot of apps, with register/login or selects etc....

what the best way to protect one app of this program? (if possible

)

what the best way to hide a url inside the app?

thx

OliverA · Jan 25, 2018

Use SSL?

Douglas Farias · Jan 25, 2018

OliverA said:
Use SSL?

Just add a https?
i think this is not the solution xD
And fiddler have support to ssl too

https://www.google.com.br/search?q=...mfLYAhWEnJAKHVG1CX8Q_AUICigB&biw=1366&bih=637

OliverA · Jan 25, 2018

Don’t trust any un-trusted certificates. See https://www.fiddlerbook.com/fiddler/help/httpsdecryption.asp

KMatle · Jan 25, 2018

I use POST requests only and I encrypt the content. On the php side decrypt it. You can use 2 different keys. One standard for the login and a 2nd (changing) key for the "session" to encrypt the data.

Arthur Ávila · Jul 31, 2018

KMatle said:
I use POST requests only and I encrypt the content. On the php side decrypt it. You can use 2 different keys. One standard for the login and a 2nd (changing) key for the "session" to encrypt the data.

I understand the idea, but could you show a small example with the implementation?
Thank you.

MarkusR · Jul 31, 2018

Just add a https?

at least you must be sure you connect to the correct server or it looks like client-ssl-anyserver-ssl-yourserver

Android Question What the best way to protect urls (GET POST) ?

Douglas Farias

Expert

OliverA

Expert

Douglas Farias

Expert

OliverA

Expert

KMatle

Expert

Arthur Ávila

Member

MarkusR

Well-Known Member

Similar Threads