I'm wondering if there are any utilities out there that will display the request/response headers sent/received by my web browser during a browsing session. Does anyone know of anything useful?
I'm familiar with the Modify Headers add-on for Firefox 4 and the HTTP Client utility for MacOSX but neither of these do quite what i'm looking for.
I suspect Fiddler might help here - it captures all of the traffic, including headers, content, etc. It works on startup with IE or Chrome; Firefox needs to be configured to use it as a web proxy.
Related
I am working on an API in .NET core 2.
Everything works great when testing on https://localhost:44333, but when trying on http://localhost:44333 it does not work anymore. It just loads, and loads, and loads.... Nothing to see in the logs or anything like that.
The thing is, I need to get it working on HTTP because I want to try it on my phone in the app. So I use iisexpress-proxy to proxy it. This works when I can access the API on HTTP, but it doesn't work with HTTPS.
So therefor I need it to work with HTTP, but I have no idea why it does not work on HTTP. All my previous projects worked fine on HTTP and for some reason this one does not. I have looked in my startup if it might be forced or something like that, but I cannot find any...
You probably need more information than this, but I don't know what you need, so If you ask in the comments I will provide some more information/logs/code you name it.
The http version will be served on a different port. You'll need to look at your project properties to see which port it's being served on.
Just as some background:
There's effectively a client-side and server-side component to SSL. The http or https is the client-side component. That means the browser or other web client will either try to negotiate a secure socket or not, respectively. The server-side component is the port binding, which will either be a secure socket or not.
The forever-loading is because your client is trying to make a non-secure request, but the server's socket is attempting to negotiate SSL. It's like one person speaking Chinese and the other speaking Spanish. They're both communicating, but nothing gets accomplished.
I am working on creating an chrome extension to filter http requests. That means when request an URL, chrome extension can filter some object requests and do not send them to web server. I searched for a while, did not find a solution in chrome.* API. Does anyone know ifGoogle chrome support this, or is there any way to accomplish this function?
There is webRequest API. At the moment it is still experimental but will apparently become stable with Chrome 17 (can be tested in Canary builds). There the API is called chrome.webRequest rather than chrome.experimental.webRequest and requires webRequest permission (plus webRequestBlocking if you want to block requests). Other than that the current documentation is correct.
I often have to go into other people's work to make modifications for short-term contracts and a lot of times I have to deal with security warnings throwing in IE because something is including HTTP content from maybe an image, or css or whatever, onto a HTTPS secure page.
I was just curious if there is a well known program or service that will scan a URL and come back with exactly what is coming from HTTP instead of HTTPS on a page?
I use fiddler, but for reasons having to do with my own inadequacies, I find the program difficult at times, and am un-able to zero in on the offending content in a timely manner.
Any advice from the true pros?
Using Fiddler:
In main menu > Tools > Fiddler options, tab HTTPS, uncheck Capture HTTPS CONNECTs. Then, in main menu > Rules, check Hide HTTPS CONNECTs.
This way, the only thing you'll see in your Fiddler capture will be the HTTP requests and responses (without the HTTPS requests or CONNECTs getting in the way).
I would load up the page in Firefox and use Firebug's Net panel to examine all the resources that the page loads.
There's no 'set in stone' way as far as I know, but the easiest way I know of is to either use a tool such as Opera Dragonfly or Chrome's Web Inspector, view the 'Network' tab and see where the resources are being loaded from. You can sometimes (depending on what you use) order this alphabetically and you will clearly see between http:// and https://.
Also as already mentioned, you could just search the source for http://.
I have a really buggy web application at work. In order to avoid using its interface, I want something that will save the HTTP requests I send with it, and enable me to resend them whenever I want. Do you know of anything that does that? Maybe there is an add-on for Firefox (I searched, but didn't find one)?
I need to be able to do this on Linux.
You can use Fiddler to intercept HTTP requests and responses between the browser and the client.
Fiddler also supports handcrafting and sending HTTP requests using its Request Builder feature:
Try iMacros for firefox
According to plugin description:
"Automate Firefox. Record and replay repetitious work. If you love the Firefox web browser, but are tired of repetitive tasks like visiting the same sites every days, filling out forms, and remembering passwords, then iMacros for Firefox is the solution you’ve been dreaming of!"
https://addons.mozilla.org/en-US/firefox/addon/3863/
What is the easiest way to obtain a complete log of all HTTP/HTTPS requests issued by Firefox during a browser session?
The question is programming related insofar that obtaining a log of all HTTP/HTTPS requests issued is a great troubleshooting tool when developing webapps.
Wireshark is the most complete tool for logging all http activity
Fiddler tool might be easier to get started with, and comes with built in HTTPS-decryption
TamperData addon for Firebug is a very good addon for changing the requests ad hoc
Firefox works with Fiddler.
LiveHttpHeaders is a great add-on for Firefox. It traces all the requests along with header information and post data. You can save the log to a file if you want to.
Safari has a built in Activity monitor - Window->Activity list all http requests I believe.