How can a HTTP request be instantiated with a different host? - http

Strange one here folks.
I'm studiying a web application's inner workings using Fiddler and have become a bit stumped. I'm requesting /account via the browser and Fiddler shows in the "Host" column website.local as expected since this is the URL the browser is pointing at.
Immediately after this a second request is made, however this time the host is services.website.com. I also cannot find any script in /account that makes this request.
So how can the Host change? Where is the response being sent to? Where can this be getting called from?

I'd expect that the server is sending a redirect to services.website.com: Fiddler isn't showing any redirects?

It depends on what really is in the first response that you receive. When you see a second request in Fiddler, does the page change too (in the browser)?
It will help a great deal if you could share the part of the Fiddler trace.

Related

When I make a request to a server can I see all the requests made by that server to another server?

I need to know which requests a webpage sends. Basically the site i call, calls another service/api/url whatever and receives the data (probably within javascript) and show me this. Can i see all the calls it make?
Edit: concrete example:
From this site (http://www.flickriver.com/lenses/nikon/) you can choose a lens, at that moment, the page sends a request to flickr, and get all the data. But in chrome developer tools i could not see this request.
Here is a screenshot of get requests. I have looked through them but could not see any request to flickr.
The first is request to the page. And the sixth one is the picture request already, where it requests the picture by its id. So in between other 4 requests should contain a request to the external source which gives the picture id in return or do i miss sth?
And what if the backend makes this request? Do i still need to see this request in developer tools?
No, of course you cannot see the calls made by some server to another server. Why would you expect to be able to do that? Those calls have nothing to do with the browser. The browser knows nothing about those requests. The browser knows only about requests that it itself initiated. Devtools can only report on requests made by the browser. If in fact there were some way to spy on the requests made by a server to another server, it would be gaping security hole.

Web. Some nuances of difference between forward and redirect

I'm starting to learn web-programming. I've read about the difference between forward and redirect. But two questions not fully understood still:
In which case does the process access to a server-side and in which case without server-side?
When does URL change and when doesn't change? Does URL changes always when redirecting? Does URL changes never when forwarding?
I would be very grateful for the clear answers and explanations! Thanks in advance!
They are not hard and fast terms.
A redirect usually means an HTTP redirect, which is an HTTP response that instructs the client to make a new HTTP request to a different URI.
An internal redirect is a common description of a redirect that is handled internally by the webserver / web application / etc and doesn't send the browser to a different URI.
Forward is not a particularly common term, but when I've encountered it it usually means a form of internal redirect.
Forward happens on serverside, server forwards the same request to another resource. whereas redirect happens on the browser side, server sends http status code 302 to browser so browser makes new request.
Redirect requires one more round trip from browser to server.
One more difference is redirect reflects in browser address bar forward doesnt.

get know if request is subrequest of opening site or independent request to site

Is there any way to recognize (by process http packet or filtering tcp connections) does several requests belong to one opening url or another?
Try to explain in more detail.
When we open any page in browser it also initializes different requests to download images, resources, scripts. I d like to get know that some scope of requests was invoked by opening site (call it main site).
I can get referer property but in that case how to distinguish request to resorce from request to different site link on which was clicked on main site. In both cases referer will be the same.
I suspect that this problem could not be resolved, but I hope that I'm mistaken. Or you can offer some workaround.
If you are in control of the site, set a cookie or a URL parameter and check if it exists in subsequent requests.

Tamper with first line of URL request, in Firefox

I want to change first line of the HTTP header of my request, modifying the method and/or URL.
The (excellent) Tamperdata firefox plugin allows a developer to modify the headers of a request, but not the URL itself. This latter part is what I want to be able to do.
So something like...
GET http://foo.com/?foo=foo HTTP/1.1
... could become ...
GET http://bar.com/?bar=bar HTTP/1.1
For context, I need to tamper with (make correct) an erroneous request from Flash, to see if an error can be corrected by fixing the url.
Any ideas? Sounds like something that may need to be done on a proxy level. In which case, suggestions?
Check out Charles Proxy (multiplatform) and/or Fiddler2 (Windows only) for more client-side solutions - both of these run as a proxy and can modify requests before they get sent out to the server.
If you have access to the webserver and it's running Apache, you can set up some rewrite rules that will modify the URL before it gets processed by the main HTTP engine.
For those coming to this page from a search engine, I would also recommend the Burp Proxy suite: http://www.portswigger.net/burp/proxy.html
Although more specifically targeted towards security testing, it's still an invaluable tool.
If you're trying to intercept the HTTP packets and modify them on the way out, then Tamperdata may be route you want to take.
However, if you want minute control over these things, you'd be much better off simulating the entire browser session using a utility such as curl
Curl: http://curl.haxx.se/

Weblogic server: Why response sent prior to post completion

When analyzing traffic with a packet sniffer, we are seeing an http response from a weblogic server prior to the completion of the http post to that server.
In this case, the jsp page on the server is basically a static page, no logic to do anything with the contents of the post at this time.
But why would the server send the response prior to completion of the post?
I found Weblogic documentation about how to configure the server to ignore a denial-of-service attack using Http post. Maybe that is what is happening?
No one I know has seen this behaviour before. Maybe some weblogic-savvy person will know what is going on.
Thanks
I don't think that Weblogic is analyzing the JSP to determine whether it is static or not.
My guess is that either
someone else was accessing the server at the same time
you saw the answer to a previous request
[EDIT] To determine what is going on, I suggest to set a breakpoint in the JSP. If you still get an answer without hitting the breakpoint, something further up the stack must be intercepting the request (for example, a cache).

Resources