Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Detect Man In The Middle From An Application [closed]

I did an interesting experiment today.

I opened Amazon.com in my browser, logged in, brought up Fiddler, and tried to add a brand new credit card.

I typed in my credit card number, expiration, and card holder name. When I submitted the request I didn't see any POST to Amazon in Fiddler. The UI said there was a problem submitting my information, and that I should try again.

I repeated it and got the identical response.

I shut down Fiddler and hit submit. My information was accepted instantly.

I'd like to know how Amazon accomplished this feat. Is it common knowledge? Is there an HTTP header involving certificates that makes it easy?

like image 948
duffymo Avatar asked Apr 26 '16 18:04

duffymo


1 Answers

I think it is certificate pinning or something like it. Server certificate is pinned in application, so app accept only it, not any other certs even they are valid.

like image 166
Dmitry Avatar answered Sep 30 '22 16:09

Dmitry