Android Question Hide my info from the fiddler program

Lucas Eduardo

Active Member
Licensed User
Hi community,
I am studying a way to hide my information from being shown in the Fiddler Program, but I did not succeed.
I was reading in the stackoverflow forum and I came across a post similar to my doubt. In it is placed a code that prevents you from using Proxy while you are using your application, Would it have How to use that some code in b4a??

https://stackoverflow.com/questions/42602832/hide-https-traffic-made-by-my-application-from-fiddler


code > "HttpWebRequest.DefaultWebProxy = new WebProxy();"
 
Last edited:

OliverA

Expert
Licensed User
Use SSL. Only accept trusted SSL certificates. For Fiddler's man in the middle to work with SSL your application has to blindly trust all SSL certificates.
 

Lucas Eduardo

Active Member
Licensed User
I would like to ban any proxy change, I get error in android smaller than 5 when I use SSL, my SSL is verified and correct green stamp but still giving the same error.
 

OliverA

Expert
Licensed User

Lucas Eduardo

Active Member
Licensed User
javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.

I do not like using hc.InitializeAcceptAll ("hc") because it shows my information
 

OliverA

Expert
Licensed User
I do not like using hc.InitializeAcceptAll ("hc") because it shows my information
You should not. This is only for extreme cases, cases where you accept the risks that come with accepting all certificates. The problem most likely is that you are using a CA that was unknown to older versions of Android. If these older versions of Android are important to you, then you need to get an SSL certificate from a CA that is known to the older Android versions. Another approach is described in the Android documentation here: https://developer.android.com/training/articles/security-ssl.html#CommonProblems
 
Top