Tips for pen testing a non-standard HTTPS server?
I'm working with the developer of a game to pentest their login server. Their login server does not respond to GET requests but it does respond to POST requests if they're crafted properly. Since it's a working login server, I can access their login server normally through the game client. How would I decrypt the game client's traffic from my end so I can peak into the communications? Would I have to try to man-in-the-middle or decompile the game client?
At Cyber Info, we strive to empower every individual with easy access to cybersecurity education
179,925Members
Resources
Recent Announcements
Similar Threads
Was this page helpful?
