Fog Creek Software
g
Discussion Board

Spying on HTTP (hacking it two)

Has anyone heard of / seen software to do this:
* From a client machine view the HTTP traffic (especially headers) to a particular server.
* Have the ability to "play with" HTTP requests (e.g. take complex post submit, edit it with a text editor and resubmit it)

I've wanted something like this in all my years as a web developer.  I imagine so has other people. 

Ken Klose
Monday, March 22, 2004

You mean like this one

http://www.bayden.com/fiddler/

?

Damian
Monday, March 22, 2004

Its a little rough around the edges, but yeah it's what I'm looking for.  Thanks!

Ken Klose
Monday, March 22, 2004

This post is from Fiddler not IE

Ken Klose
Monday, March 22, 2004

There are many tools that do this.

Unfortunately I used them a long, long time ago (in a galaxy far, far away) so I don't remember them.

MX
Monday, March 22, 2004

You might try Paros.  Runs as a proxy server, does just what you're asking for.  A fine tool.

Matt Conrad
Monday, March 22, 2004

Firebird lets you view HTTP headers in real time (I think it's an add-in). During a security overview some vendor was giving once, they kept naming the "Achilles" browser. I don't know if it's any better or worse than what's been mentioned so far.

www.MarkTAW.com
Monday, March 22, 2004

Search for HTTPLiveHeaders on www.mozdev.org.

Truly a must have when dealing with this kind of thing.

Jilles / www.jillesoldenbeuving.nl
Monday, March 22, 2004

You can do that with NetMon - install it via "Add/Remove Windows Components"

ken
Monday, March 22, 2004

If all you want is seeing the headers you can also use http://www.blunck.info/iehttpheaders.html

Just me (Sir to you)
Monday, March 22, 2004

Apache has a tool called TcpTunnel that is included with their SOAP implementation.  It simply lists outbound messages on the left and the inbound on the right.

You can find it at:
http://ws.apache.org/soap/

Very helpful little tool.

Russell Thackston
Monday, March 22, 2004

Also http://www.pocketsoap.com/tcptrace/pt.aspx and analog...

R Chevallier
Monday, March 22, 2004

I wrote a tool like that during my internship for Sybase a year ago. Unfortunately, it is not publicly available yet.

However, it was a lot of fun to write.

Pavel Levin
Monday, March 22, 2004

ethereal can filter HTTP.  I use it all the time.

christopher baus (www.baus.net)
Monday, March 22, 2004

I'd love to hear about and suggestions for Fiddler.  Feel free to send them via the Contact link at www.fiddlertool.com

Thanks!

Eric Lawrence
Monday, March 22, 2004

Is this sponsored by Microsoft?  The return email is, (was?) a Microsoft email address.

christopher baus (www.baus.net)
Tuesday, March 23, 2004

I second the suggestion of ethereal.

It sent shudders through my spine when I discovered it can spy on a heck of a lot more HTTP. In fact, it may be crucial to your investigation of browser bugs.

Various revisions of Internet Explorer 6.0 will send you not 1 but 2 submissions for each form submission. It sends all of the POST/GET and cuts off the connection, reconnects and does it right the second time (listens and reads the answer page)... various of the simpler monitoring tools (free or otherwise) lied and said only one connection went out. The minute I popped open ethereal it showed both connections.

Li-fan Chen
Thursday, March 25, 2004

*  Recent Topics

*  Fog Creek Home