Support Forums - View Thread

View Thread

The following is the text of the current message along with any replies.

Messages 1 to 4 of 4 total

Sun, Jan 21 2018 6:27 AM	Permanent Link
thomh	Hi, When using HTTPS communication I thought that the server address portion of the URL is not encrypted but the rest of the URL is. I am sending a JSON containing username and password like this: ServerRequest.RequestHeaders.Values['Content-Type'] := 'application/json'; ServerRequest.RequestHeaders.Values['Content-Length'] := IntToStr(Length(LJsonData)); ServerRequest.RequestContent.Text := LJsonData; However, when running Fiddler I am able to see this JSON in plain text without any encryption. Is there another way to send this JSON across HTTPS so that it will be encrypted? Thanks. // Thom
Mon, Jan 22 2018 3:49 AM	Permanent Link
Matthew Jones	thomh wrote: > when running Fiddler I am able to see this JSON in plain text without any encryption. Fiddler is a higher level than the wire, so it can intercept this stuff. You'd need Wireshark to see the encrypted data. (Fiddler uses the Microsoft stack, and doesn't work for Delphi with Indy for example as it cannot hook it.) -- Matthew Jones
Mon, Jan 22 2018 5:49 AM	Permanent Link
thomh	Hi Matthew, > Fiddler is a higher level than the wire, so it can intercept this stuff. You'd need Wireshark to see the encrypted data. >(Fiddler uses the Microsoft stack, and doesn't work for Delphi with Indy for example as it cannot hook it.) So if you were examining the "wire" using WireShark you would see the encrypted data and not the actual data? // Thom
Mon, Jan 22 2018 10:13 AM	Permanent Link
Matthew Jones	thomh wrote: > So if you were examining the "wire" using WireShark you would see the encrypted data and not the actual data? I believe so. You can check of course by telling it to not decrypt https: http://docs.telerik.com/fiddler/Configure-Fiddler/Tasks/DecryptHTTPS -- Matthew Jones