Hello fellow engineers,
I want to establish a connection between game and web server (WebAPI by Microsoft). Everything seems to be working just fine, but I was wondering if the data sent could be captured by some skilled network hackers or engineers. I have tried WireShark but for some reason it doesn’t capture the HTTP protocol at all. Sending data like world’s position, inventory, xp stats and all that is fine, but what about sensitive information like passwords.
Example scenario:
- Client connects to server requesting login token by username and password with POST
- Server sends back the token that the user logged
- Client starts game with token, and sets all gameplay sensitive information
Here the password could be captured and hacked.