2

I'm developing new app. This is app need to get information from my website so I use HTTP request using vb.net. 

Sub Main()
'Address of URL
Dim URL As String = http://whatever.com
' Get HTML data
Dim client As WebClient = New WebClient()
Dim data As Stream = client.OpenRead(URL)
Dim reader As StreamReader = New StreamReader(data)
Dim str As String = ""
str = reader.ReadLine()
Do While str.Length > 0
    Console.WriteLine(str)
    str = reader.ReadLine()
Loop

My problem is , I found an app called fiddler http://www.fiddler2.com/fiddler2/

This app could find all HTTP request that maked using my app , so this put my website at risk.

Is There any way how to hide HTTP request from been detected ????

Improve this question
1
  • It's the users machine. If it makes a connection to your website, there will be a way to detect it. You need to rethink your security; if being able to see the traffic causes a security issue, then you need to rethink how you authenticate and authorize your users. Commented Nov 9, 2012 at 17:50

2 Answers 2

Reset to default
1

I'm not familiar with this "fiddler" product, but just from reading the page that you reference, it is something that runs on the user's machine and monitors traffic between that computer and the Internet. I don't see how it would be even theoretically possible to prevent this. Signals are moving over wires leaving the user's computer. He presumably has physical access to his own computer. If nothing else, he could attach something to the cable coming out the back of the computer that monitors the signals moving over the wire.

You could encrypt messages so that it's difficult for the user to interpret what they mean, but you can't stop him from reading the message as it was sent.

I wonder, by the way, how it is a security problem for a user to know what messages are being sent from his own computer. Are you trying to hide what you are doing from the person using your program? Frankly, if I discovered that an application I have on my computer was trying to hide what it was doing from me, I would immediately delete it. Why would someone want to hide what he's doing to MY computer unless what he is doing is something sinister, trying to steal my personal data or some such?

Just to be slightly sarcastic, your question sounds a little like asking, When I visit a business associate, how can I prevent him from finding out out what I did in his office when he stepped out for a few minutes?

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Thanks for reply. I will consider it in my app. Also, I'm not hide any information for bad reason e.g my app run to collect points and then I will sent HTTP GET like example.com/api/addpoint.php?user=user01&point=1000000 Then this user Will be able to cheat. This is all about. Thanks and I will rethink about my security.
I think the simple answer is: Either encrypt the message, or attach some sort of authentication code. Or don't do the point calculation, whatever it is, on the client: do it on the server. I don't know what kind of points you're awarding here or on what basis. But in general, anything that's done on the client will be much easier for a sufficiently-clever hacker to fake out.
0

There is a way using the Proxy method just add this Code in the HTTP request:

Request.Proxy = New WebProxy()

cause how fiddler works it sets itself as the proxy using the above code it cannot set fiddler proxy and thats how you stop it from reading anything

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.