encrypt the http request url on the local machine

Tue Dec 9 10:31:41 EST 2014

On 12/09/2014 07:43 AM, iMath wrote:
> 在 2014年12月9日星期二UTC+8下午2时58分36秒，iMath写道：
>> my software on the local machine needs to send http request to a specific web server , is there any way to protect the http request url from being found by Packet analyzer software like Wireshark and fiddler. The sever is not mine, so I can do nothing in the server .
>>
>> It would be better to show some code, I am an absolutely newbie in encryption .
>
> I don't know any  form of encryption that the server _does_ support, the sever is not mine.
> Here I just don't want to any other guys using packet analyzer software know which server my software is sending data to
>

There's a lot you're leaving out about the network topology.

The answers to avoiding/confusing someone else's packet sniffer are either:

1) change the content so they can see where it's going, but have no idea why
3) use a route that doesn't go past their sniffing software
2) change the data traffic so they don't recognize where it's going

Encryption solves the 1st.  The problem is that the other end has to 
know the encryption scheme you're using, and cooperate in using it. 
 From what you're saying, that can't happen.

The best way to solve the 2nd is to move your laptop to some place your 
sniffers don't have visibility to.  And make sure the route from your 
laptop to the server does not go near the sniffers.  Maybe you could 
talk the receptionist of the building where the server is into letting 
you plug in there.  Or you could use a library or other public wifi, 
where you hope they're not nearby (in a network topology sense).

The third approach involves something like a proxy.  You send encrypted 
data to the proxy, which then decrypts it and resends it to the server. 
The server responds to the proxy, which encrypts the response and sends 
it to you.  There are many things similar to this, used by crackers all 
over the world, as well as for some legitimate purposes.  One legitimate 
proxy-like thing many of us have used is an ip-tunnel like a VPN.  I 
have telecommuted to jobs where my access into the corporate network is 
via VPN, and all a sniffer at my house would see is access to a single 
machine, not to the final machine within the company network.

It probably would be best if you explained the actual scenario.  Are you 
trying to get to black-listed sites from within a corporate environment, 
and afraid the company IT department will detect it and get you fired? 
Best answer is to do it at home instead, where they're unlikely to have 
access.

If you wind up needing a proxy, you have to open an account with them, 
and make the arrangements.  I've enabled a proxy for my machine when it 
was necessary, but have no idea how to program it;  it also may vary 
depending on the proxy server.

-- 
DaveA