Replay attacks for HTTPS requests
HTTPS is not replayable, the first server response in the handshake sequence includes a server-chosen random number. What Fiddler does is act as a proxy, meaning it intercepts your browser’s requests, and then generates an identical request to the server, meaning it has access to the plaintext, which is what it will be replaying. Your … Read more