Hi, I have an android application which uses HTTPS to contact with it's main server. I would like to know what's being transferred in this HTTPS session. I will pay 5$ for someone who can give me a way to sniff this session. (a link to a WORKING tutorial would be great). You will get paid after session is decrypted successfully using your guide. Thanks
It's probably using PHP or another programming language more advanced than HTML. Session variables are global and can send just about any kind of information. Here's an example of using the session variable to count how many times a guy has been on the site, and say you've been here X amount of times. <?php session_start(); if (empty([B]$_SESSION[/B]['count'])) { [B]$_SESSION[/B]['count'] = 1; } else { [B]$_SESSION[/B]['count']++; } ?> <p> Hello visitor, you have seen this page <?php echo [B]$_SESSION[/B]['count']; ?> times. </p> <p> To continue, <a href="nextpage.php?<?php echo htmlspecialchars(SID); ?>">click here</a>. </p> Code (markup): I could tell you a lot more if I saw the code to your app.
He's saying he doesn't have the code, and wants to sniff the communication from the app running on his phone, to whatever server it's communicating to. Realistically, this isn't going to happen, at least not over an HTTPS connection. The typically HTTPS connection is a 128-bit TLS connection. As long as the certificates are managed properly and the server using it has a fairly competent admin, it's very secure. In short: you aren't going to find someone who can snoop the traffic for you. There ARE people who could do it, but there AREN'T people who can do it and would take $5 for the trouble. Find another way.
Out of curiosity, how did you manage to snoop it? Get access to the source code itself, or catch it before it was encrypted for transmission? Because I'm doubting you were able to decipher SSL traffic :-p