10

I am exposing a few REST methods on a server for an mobile app.

I would like to avoid that users can sniff how HTTP methods are built (from the mobile app) and then send them again to the server. Example :

  • The mobile app send a request
  • The user uses a proxy and can check what's going on on the network
  • The user sees and save the request that the mobile just sent
  • => Now I don't want the user to be able to send over manually that request

Is it enough to secure the server over HTTPS?

Oded
  • 53,326
  • 19
  • 166
  • 181
MartinMoizard
  • 203
  • 2
  • 5

2 Answers2

10

HTTPS simply means that the data being transported is encrypted so that only the client and server can decrypt it (in an ideal world, not talking about MITM attacks etc).

As such, nothing in the protocol will stop replay attacks from happening.

You will need to build in some sort of replay attack avoidance mechanism (something like expiring tokens, or tokens that invalidate after the process has finished) to ensure that your application is not vulnerable to replay attacks. This mechanism can be used with normal HTTP.

Oded
  • 53,326
  • 19
  • 166
  • 181
  • 8
    This answers seems to suggest the opposite: http://stackoverflow.com/questions/2769992/replay-attacks-for-https-requests Any idea why the difference? – Brian Armstrong Aug 08 '12 at 23:14
  • 1
    @BrianArmstrong I think the issue is that HTTPS has different implementations as mentioned by Emirikol's answer. Some protocols prevent replay attacks, while some do not. (It happens when doing key exchange, RSA key exchange prevents but Anonymous key exchange does not. ref: https://tools.ietf.org/html/draft-ietf-tls-ssl-version3-00#appendix-F) So that's why tokens (like csrf) are important (reference scenario is here: https://stackoverflow.com/a/2770135/4206925 ) – MewX Oct 26 '18 at 01:32
7

HTTPS can be enough to secure the server from replay attacks (the same message being sent twice) if the server is configured to only allow the TLS protocol as per rfc2246 section F.2.

Outgoing data is protected with a MAC before transmission. To prevent message replay or modification attacks, the MAC is computed from the MAC secret, the sequence number [...]

Emirikol
  • 186
  • 1
  • 2
  • 1
    This is **no longer true** with (draft) TLS 1.3 if [0-RTT tickets](https://blog.cloudflare.com/introducing-0-rtt/) are enabled. Also—though not strictly within scope for the question—a replay attack [can still be mounted](https://vnhacker.blogspot.com/2015/12/bad-life-advice-never-give-up-replay.html) even with current TLS versions if using a _web browser_. – Alex Shpilkin Jul 28 '18 at 14:37