5 Replies Latest reply on Feb 9, 2010 3:41 AM by BorekB

    Can HTTPS traffic from SWF file be viewed without Flex source?

    BorekB

      Say that I have a Flex application that uses HTTPService with HTTPS URL (like myService.url = "https://example.com/path/to/resource"). When I deploy this application but don't provide the source code, is there any way a hypothetical attacker could find out the URL or some other details without decompiling the SWF? In other words, could a tool like Fiddler or Charles Proxy be used to intercept the HTTPS traffic? (These tools can do it for browser traffic but seem to fail for Flash Player, even if I install the self-signed certificate that those tools usually use as a trusted one.)

       

      Thanks,

      Borek