Parse platform 解析安全性:能够通过代理服务器以纯文本形式查看请求/响应
我正在尝试破解Parse SDK,我们似乎能够通过Parse和应用程序之间的代理服务器看到纯文本的请求和响应。我假设数据是加密的,但是恶意用户能够看到我们的请求并修改它们,从而从本质上提取我们所有的用户信息 有人对此有什么想法吗 以下是通过代理的自定义请求和响应示例:Parse platform 解析安全性:能够通过代理服务器以纯文本形式查看请求/响应,parse-platform,Parse Platform,我正在尝试破解Parse SDK,我们似乎能够通过Parse和应用程序之间的代理服务器看到纯文本的请求和响应。我假设数据是加密的,但是恶意用户能够看到我们的请求并修改它们,从而从本质上提取我们所有的用户信息 有人对此有什么想法吗 以下是通过代理的自定义请求和响应示例: POST /1/classes/_User HTTP/1.1 Host: api.parse.com Content-Type: application/json; charset=utf8 Cookie: _parse_sess
POST /1/classes/_User HTTP/1.1
Host: api.parse.com
Content-Type: application/json; charset=utf8
Cookie: _parse_session=---
Accept: */*
Proxy-Connection: keep-alive
X-Parse-Application-Id: ---
X-Parse-Client-Key: ---
X-Parse-Installation-Id: ---
Accept-Encoding: gzip, deflate
X-Parse-OS-Version: 8.2 (12D508)
Accept-Language: en-us
X-Parse-Client-Version: i1.6.5
Content-Length: 51
Connection: keep-alive
X-Parse-App-Build-Version: 11
X-Parse-App-Display-Version: 1.0.0
{"where":{"email":"joe@joe.com"},"_method":"GET"}
HTTP/1.1 200 OK
Access-Control-Allow-Methods: *
Access-Control-Allow-Origin: *
Content-Type: application/json; charset=utf-8
Date: Fri, 10 Apr 2015 01:02:55 GMT
Server: nginx/1.6.0
X-Parse-Platform: G1
X-Runtime: 0.013113
Content-Length: 246
Connection: keep-alive
{"results":[{"company":"","createdAt":"2015-04-10T01:02:35.670Z","discoverable":true,"email":"joe@joe.com","firstName":"Joe","lastName":"Smith","objectId":"yPTx1kyHei","title":"","updatedAt":"2015-04-10T01:02:35.670Z","username":"joe@joe.com"}]}
您应该得到证书错误添加了一个例子,我看到@slaks请求是通过HTTPS发生的吗?您的代理是否安装了受信任的证书?