1

I was trying to make a website that require the user to log in to do something, but I want to know the advantage and disadvantage from HTTP and HTTPS first.

I was using a program called Fiddler that allowed you to logs all HTTP(s) traffic between your computer and the Internet

if I try to log in with the program on, I could see the username and the password that I used to log in to the website, even if it's HTTP or HTTPS using fiddler

so what's the use of HTTPS compared with HTTP?

This is what I am thinking.

The browser is supposed to enscrypt the password using the server's public key right? Then the server will descript it with the private key.

But fiddler doesn't know the server's private key. So how can it sees the plain password?

Am I wrong?

4

1 回答 1

2

在 HTTPS 中,通信通过加密通道发送,而 HTTP 以纯文本形式发送。最重要的是,他的意思是第三者不能仅仅通过嗅探网络流量来读取服务器和浏览器之间发送的信息,但它还有其他用途,例如确保服务器就是它所说的那个人,而你就是那个人你说你有证书。

Fiddler2 只能在用户合作的情况下解密流量:如果您将操作系统配置为信任 Fiddler 的根证书,则 Fiddler 提供给客户端的证书仅受浏览器信任。

于 2013-08-12T11:18:00.730 回答