Assuming I'm writing a desktop application with .NET that utilizes an API key, if I make an https request with my API key in the url can an application like wireshark or fiddler intercept that traffic and in turn discover my API key?
Asked
Active
Viewed 1,276 times
1 Answers
0
I suggest using Fiddler instead of Wireshark as it's higher-level and the UI is better suited for working with HTTP. It also includes a built-in SSL proxy which allows for MITM attacks against processes running on your own system which would enable you to look at and modify HTTPS requests.
Dai
- 141,631
- 28
- 261
- 374
-
So it is possible to grab the full url from https requests using fiddler? – Rawr Jul 09 '14 at 22:49
-
@Rawr Yes. You can get the domain name from the `Host:` header (or the certificate Common Name) and the resource path from each HTTP request. – Dai Jul 09 '14 at 23:55