Is there a way to go through a series of request and see what pages they are coming from? I am getting all HTTP requests sent from my PC. I am trying to see if there is a way in which I can just find out the main request. Like if a page has images on it, when the images request is sent, is there a way to see if the images are coming from another page using just HTTP requests. I don't know if I explained this well enough, so please ask any questions. I don't know if there is a way to do this, but I hope there is. Thanks!
If you're using Windows: Fiddler.
Related
The referer header does not always provide the full url of the site spawning the http request, and I would like to know if there is any way I could figure out the source url of the site that is making the request.
I am currently using OWASP ZAP as a proxy, but am unable to trace some of the http requests back to the source site due to the incomplete referer.
Try searching for the full URL in the ZAP Search tab. If that doesnt work try searching for just the path.
If the URL is generated by JavaScript then that might not work.
Depending on how you are exploring the app you may be able to work back through the history and work it out by a process of elimination, but that could take a while...
I have a question, I am a bit confused, I don't really understand why this is happening.
I have a website which works well over http. When I force redirect to https something happens. Even if I replace all my urls in my code, only GET request will work. Anybody has any idea why is this happening?
I also have admin part of the website. it works to login into the admin but it doesn't work to make any requests on it. I am trying to post or delete but I receive a 401 err, even if I am logged in and set the token right...
So bottom line is:
On Https, the website works, it shows all the resources from the db, I can login in the Admin but I can not post or delete.
On Http everything works.
I am in a huge need of advice or ideas.
thanks.
From my experience you cannot serve mixed content, that's my first suggestion is to call all your scripts/dependencies without the prefix; ie: script src="https://blahblah" to "script src="//blahblah"; you're going to make sure you are sticking consistently to one serving source; so that's the first thing I'd check (also look at console logs, they often give hints as to what failed);
Secondly I am unsure of the response or how the server handles traffic from non https, possibly there's a rule in htaccess or some form of redirection trying to force the call via https so http fails? these are all steps in debugging right you need to troubleshoot and play process of eliminations; first though I'd make sure we are serving everything from // or https; when on http I would look at console logs for clues but even more so I would force a redirect to use https exclusively (as most sites do now)
Check for mixed content issues first though, this is something that can have a multitude of solutions based on the many variations of what could be causing this issue.
Disclaimer: I am not good at understanding http requests, so please bear with me
I am trying to change the content of an html web page whenever an http GET/POST request is made. It would work something like this:
What I want to accomplish
When my phone is charging, it is going to send an http request to the web server. The web server is going to change the content of the webpage to say something like "Phone is charging."
What I've done so far
I managed to send an HTTP request from my phone to the server every time the phone connects to a charger, I just don't know what to do with the http request that arrives to the server.
Thanks ahead of time!
EDIT: I figured out, according to #LawrenceCherone (thanks Lawrence!) that I can't do this with a static html page and just nginx. He said that I have to use a scripting language. Does bash work for this? Or should I learn something like python, PHP or something else?
I can't find any tutorials online for what I am trying to accomplish for some reason. Haven't seen any tutorials on how to 'react' to a POST request
I need to know which requests a webpage sends. Basically the site i call, calls another service/api/url whatever and receives the data (probably within javascript) and show me this. Can i see all the calls it make?
Edit: concrete example:
From this site (http://www.flickriver.com/lenses/nikon/) you can choose a lens, at that moment, the page sends a request to flickr, and get all the data. But in chrome developer tools i could not see this request.
Here is a screenshot of get requests. I have looked through them but could not see any request to flickr.
The first is request to the page. And the sixth one is the picture request already, where it requests the picture by its id. So in between other 4 requests should contain a request to the external source which gives the picture id in return or do i miss sth?
And what if the backend makes this request? Do i still need to see this request in developer tools?
No, of course you cannot see the calls made by some server to another server. Why would you expect to be able to do that? Those calls have nothing to do with the browser. The browser knows nothing about those requests. The browser knows only about requests that it itself initiated. Devtools can only report on requests made by the browser. If in fact there were some way to spy on the requests made by a server to another server, it would be gaping security hole.
Strange one here folks.
I'm studiying a web application's inner workings using Fiddler and have become a bit stumped. I'm requesting /account via the browser and Fiddler shows in the "Host" column website.local as expected since this is the URL the browser is pointing at.
Immediately after this a second request is made, however this time the host is services.website.com. I also cannot find any script in /account that makes this request.
So how can the Host change? Where is the response being sent to? Where can this be getting called from?
I'd expect that the server is sending a redirect to services.website.com: Fiddler isn't showing any redirects?
It depends on what really is in the first response that you receive. When you see a second request in Fiddler, does the page change too (in the browser)?
It will help a great deal if you could share the part of the Fiddler trace.