Android Question Hide my info from the fiddler program

Discussion in 'Android Questions' started by Lucas Eduardo, Feb 26, 2018.

Tags:
  1. Lucas Eduardo

    Lucas Eduardo Member Licensed User

    Hi community,
    I am studying a way to hide my information from being shown in the Fiddler Program, but I did not succeed.
    I was reading in the stackoverflow forum and I came across a post similar to my doubt. In it is placed a code that prevents you from using Proxy while you are using your application, Would it have How to use that some code in b4a??

    https://stackoverflow.com/questions/42602832/hide-https-traffic-made-by-my-application-from-fiddler


    code > "HttpWebRequest.DefaultWebProxy = new WebProxy();"
     
    Last edited: Feb 26, 2018
  2. OliverA

    OliverA Well-Known Member Licensed User

    Use SSL. Only accept trusted SSL certificates. For Fiddler's man in the middle to work with SSL your application has to blindly trust all SSL certificates.
     
  3. Lucas Eduardo

    Lucas Eduardo Member Licensed User

    I would like to ban any proxy change, I get error in android smaller than 5 when I use SSL, my SSL is verified and correct green stamp but still giving the same error.
     
  4. OliverA

    OliverA Well-Known Member Licensed User

    What error?
     
  5. Lucas Eduardo

    Lucas Eduardo Member Licensed User

    javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.

    I do not like using hc.InitializeAcceptAll ("hc") because it shows my information
     
  6. OliverA

    OliverA Well-Known Member Licensed User

    You should not. This is only for extreme cases, cases where you accept the risks that come with accepting all certificates. The problem most likely is that you are using a CA that was unknown to older versions of Android. If these older versions of Android are important to you, then you need to get an SSL certificate from a CA that is known to the older Android versions. Another approach is described in the Android documentation here: https://developer.android.com/training/articles/security-ssl.html#CommonProblems
     
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice