hoping you could help out... is there a way of getting Fiddler2 to monitor just tcp traffic as opposed to looking for HTTP?
I have a legacy application that sends TCP text and need to capture it to track an issue.. Fiddler2 is great for web based http monitoring and if possible i'd like to use this for TCP based monitoring as well (I understand the layout & format) .. is this possible or do I need to look at WireShark or something similar?
Thanks!
As explained on the Fiddler website, Fiddler is a HTTP/HTTPS proxy server. You cannot debug TCP with it; use Microsoft Network Monitor or Wireshark for those tasks.
Related
With Tools like Charles or Telerik's Fiddler you can set up your own proxy server on your home PC, intercepting in- and outgoing traffic on a more High-Level (but easier to read) view than e.g. wireshark.
Is there a way to actually analyze and or intercept the real outgoing traffic without needing to use a proxy? Just by somehow catching all the Traffic before it gets sent out to the wire? It doesn't need to be on bit layer (the plain HTTP requests would be just fine ;) )
Regards
If you're mentioning about iOS app, you can do it by Atlantis Framework + Proxyman app.
Instead of proxying your traffic to a proxy server, like Charles, Fiddler does, Atlantis will capture your traffic on-the-wire (by using the Method Swizzling technique) and broadcast it to the Proxyman app for previewing.
I was playing around with fiddler (http proxy) and I noticed that some apps are making http get/post requests in the background and sending data and stats to and from the web. This got me interested and a little concerned to see what data various apps were sending but it seems that most of them are not doing it on port 80 via http but presumably on another port so you can't see the data in fiddler. Is there some way to view and/or potentially block the data being sent?
You're asking: "Using Fiddler, I saw that traffic was being sent by clients to servers. How can I see that traffic?"
Might I suggest you use Fiddler?
You can see the process sending the traffic in the Process column, and you can view the contents of the requests and responses using the Inspectors tab.
I would check out burp suite. It is a proxy you set up in your web browser and shows all of the data that passes through it. There's plenty of tutorials online. Check it out here
When I use display filter for HTTP it shows only HTTP packets when HTTP message is on standard port i.e. on port 80. But, when message is not using standard port, then display filter not works for HTTP and I need to filter for TCP and then need to find out HTTP packets manually.
I want to know why this happen? Is it standard behavior or I am doing (or expecting) it wrongly.
Thanks.
I had to enable the HTTP protocol by doing the following:
"Analyze -> Enabled Protocols"
This solution was for version 1.12.2 (and disabled by default in
version 2.0.2) but should work for any variant of version 1 and 2.
If you have HTTP not on its usual port, you can use the "Analyze -> Decode As" tool in Wireshark to tell it to treat all traffic on this port as a certain protocol.
The well-known port for HTTP is port 80. If you're looking at traffic on a different port Wireshark would normally expect traffic to be in the form for whatever service normally uses that port (if any). It has no way to know that traffic on, say, port 1080 is actually HTTP. This is not a bug, but a limitation of the way you are trying to use TCP
I am using version 1.10.2 and it will classify any port as HTTP as long as it sees HTTP data in it.
I have web application that runs on Tomcat (and gets HTTP requests) and some other backend standalone application that gets only TCP. For some reasons, I can use outside only port 8080. So, I need to get all TCP requests (from outside) to port 8080 and forward HTTP ones to web application on Tomcat and all TCP pure requests (that are not HTTP) - to standalone application. Internal forwarding could be done to any port, e.g. 8181 on Tomcat and 8282 on standalone application. Is it possible to setup such configuration? How it could be done?
Thanks in advance.
TCP and HTTP are protocols in different networking stack layer. If you want to use some application to filter HTTP requests, your application should deal with Application-Layer information, not Network-Layer(like TCP/UDP).
I don't see how this can be possible generally. You could look packet-by-packet, but the middle of an http body can be arbitary so you can't just look at the data of each packet
If any particular client will send you either http or general TCP but not both, can you do this by source-IP address? Do you know the addresses of either the servers that will send you http requests or the ones that will send you TCP requests?
If you don't know the source IPs, you could heuristically look at the first packet from some previously unknown IP and see if it looks like http, then tag that address as containing http traffic.
What is the content/format ot the TCP communication? Is there any pattern you can detect in that?
Y
Perhaps you could do something like this using iptables + L7 filter. Of course this will only work if you run Linux on your box. Also I don't know how recently l7 filter project has been updated.
Java servlet technology is not limited to Http. The servlet interface lets you read in the incoming input stream via ServletRequest.getInputStream(). So you can create an implementation of Servlet interface and map it in web.xml and you are all set to receive any TCP traffic.
Once you have the read the input stream to sniff the content you will want to forward HTTP requests to an HttpServlet. To do this you will need to make sure that the input stream you pass on is positioned at the very beginning of the input.
EDIT: On reading your question once again, I noticed that you don't plan to expose the Tomcat directly on external port as I originally thought. If you are willing to make the tomcat listen on the external port, you can try the approach described above
I want to sniff a local HTTP request to an ASP.NET web application.
Is telnet an option?
How do you capture packets to a web application?
Depending on your exact requirements, Fiddler may be sufficient.
http://www.wireshark.org/ is a very advanced and free sniffer/protocol analyzer. I use it on our servers to monitor things from sip protocol info to raw http data. Its all you need and you can add filter rules to just get the data from certain IP etc. ie:
ip.addr == 192.168.1.1
Raw packets and headers all included.
For ease of setup, I personally would use either the Tamper Data (https://addons.mozilla.org/en-US/firefox/addon/966) or Live HTTP Headers (https://addons.mozilla.org/addon/3829) plugin for the FireFox browser - or for a lower level solution WireShark (http://www.wireshark.org/)
Have you tried browser plugins that allow you to do this? Firebug, etc.
I found this in another post, it works
http://socketsniff.nirsoft-freeware.qarchive.org/_download2.html
There are browser add-ins that can make sniffing of the HTTP requests easy:
For Internet Explorer, there is the Fiddler Web Debugger.
For Firefox, there is the Live HTTP Headers add-in.