While perusing the contents of pcap files I've noticed some URLs appear to be visible despite being HTTPS. These mainly occur inside payloads that contain cert URLs too, but I also see HTTPS URLs inside what appear to be HTTP payloads.
Can someone say conclusively whether HTTPS URLs are truly kept secret?
I'm concerned about this because I want to put some parameters in the URL and I don't want these to be easily uncovered.
Aucun commentaire:
Enregistrer un commentaire