Download

Is it possible to capture data sent from client game to http server

Hello fellow engineers,

I want to establish a connection between game and web server (WebAPI by Microsoft). Everything seems to be working just fine, but I was wondering if the data sent could be captured by some skilled network hackers or engineers. I have tried WireShark but for some reason it doesn’t capture the HTTP protocol at all. Sending data like world’s position, inventory, xp stats and all that is fine, but what about sensitive information like passwords.

Example scenario:

  1. Client connects to server requesting login token by username and password with POST
  2. Server sends back the token that the user logged
  3. Client starts game with token, and sets all gameplay sensitive information

Here the password could be captured and hacked.

For sensitive information you should use HTTPS. I am just not sure if UE4 supports it out of the box.

Agreed, you’d have to use HTTPS (POST) to login and retrieve the token. That part is quite well-established.

On the client side there’s quite a lot of “anti-cheat” stuff you would need to do. That’s an active area of development.