Is it possible to capture data sent from client game to http server

Young_Wolf · December 23, 2015, 11:32am

Hello fellow engineers,

I want to establish a connection between game and web server (WebAPI by Microsoft). Everything seems to be working just fine, but I was wondering if the data sent could be captured by some skilled network hackers or engineers. I have tried WireShark but for some reason it doesn’t capture the HTTP protocol at all. Sending data like world’s position, inventory, xp stats and all that is fine, but what about sensitive information like passwords.

Example scenario:

Client connects to server requesting login token by username and password with POST
Server sends back the token that the user logged
Client starts game with token, and sets all gameplay sensitive information

Here the password could be captured and hacked.

Mielke · December 23, 2015, 11:44am

For sensitive information you should use HTTPS. I am just not sure if UE4 supports it out of the box.

anonymous_user_2b10dd13 · December 25, 2015, 6:30am

Agreed, you’d have to use HTTPS (POST) to login and retrieve the token. That part is quite well-established.

On the client side there’s quite a lot of “anti-cheat” stuff you would need to do. That’s an active area of development.