Menu
I did an interesting experiment today.
I opened Amazon.com in my browser, logged in, brought up Fiddler, and tried to add a brand new credit card.
I typed in my credit card number, expiration, and card holder name. When I submitted the request I didn't see any POST to Amazon in Fiddler. The UI said there was a problem submitting my information, and that I should try again.
I repeated it and got the identical response.
I shut down Fiddler and hit submit. My information was accepted instantly.
I'd like to know how Amazon accomplished this feat. Is it common knowledge? Is there an HTTP header involving certificates that makes it easy?
948
I think it is certificate pinning or something like it. Server certificate is pinned in application, so app accept only it, not any other certs even they are valid.
166
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
