1

I'm developing a project with Delphi 2010, at some point this project connects to internet and send some data to a php file via POST/IDHTTP, those parameters encrypted with aes and as you know there is no way to get source code of php files via browser. But when i use sniffer on my project sniffer software shows full path of php file and parameters. I was wondering is there any chance to hide path and parameters with IDHTTP. For example when i try on Skype sniffer only shows decimal characters on skype's transmission. Is it possible to do same or totally hide the traffic ?

Thanks in advance.

mjn
  • 36,362
  • 28
  • 176
  • 378
Sheshman
  • 88
  • 3
  • 10
  • 1
    Totally hide traffic from sniffer ? Well, maybe IPoAC protocol could meet this requirement (see [RFC 2549](http://tools.ietf.org/html/rfc2549) for details). However, I don't think Indy ships with equipment for this protocol. – TLama Jun 25 '14 at 09:00
  • @Graymatter i didn't said skype using http posting, open sniffer and select update form skype's menu and all traffic is encrypted, that is what i'm talking about. – Sheshman Jun 25 '14 at 10:19
  • @TLama, I believe what my cat can sniff avian carriers as well if I allow her into promiscuous mode. – Free Consulting Jun 25 '14 at 17:00

3 Answers3

3

You can use HTTPS, it is supposed to be standard way to transmit HTTP traffic through SSL-protected channel. Example of code you can find for example here.

Community
  • 1
  • 1
Andrei Galatyn
  • 3,322
  • 2
  • 24
  • 38
0

In addition to Andrei's answer, you can consider encrypting your traffic on-top of using HTTPS.

In other words, 1) Use HTTPS protocol. 2) Add your own layer of encryption to encrypt all data coming to and from your server.

buttercup
  • 1,096
  • 16
  • 37
0

In addition to HTTPs and encrypted data, you can also add security by using client certificates. See https://security.stackexchange.com/questions/3605/certificate-based-authentication-vs-username-and-password-authentication

The answers explain the advantages of using CBA, one of them is

certificate usage never involves revealing any secret data to the peer, so an attacker impersonating the server cannot learn anything of value that way

Community
  • 1
  • 1
mjn
  • 36,362
  • 28
  • 176
  • 378