I need help. I need log(safe full request) in iis 5(with headers etc) or look on it in proxy,fiddler etc
I use fiddler/ I have web config
Do you know HOW TO see ALL REQUEST,request from ALL PORTS and applications?
Can y recommend me proxy or http debugger?
I can not see request to my website in fiddler((((((
Maybe i need add propertyes in iis? I have tcp port in iis(default web site, and this site is default in root of wwwroot
TCP port 80? and proxy address 8888????????????? MAYBE
Maybe i need change port of tcp to 8888?
I add to web.comfig
In fiddler is option Monitor all connections i check it. I don't use filters
I have web site on my own machine and fiddler on it
GMAIL send request on my site( get rss)
74.125.16.68 - W3SVC1 HOUSE 217.76.185.140 80 GET /24.rss - 200 1398 202 HTTP/1.1 217.76.185.140
I don't see this query in fiddler, but i see
GET /mail/channel/bind?at=xn3j35onw91kr1q7zyzwjdx2653kr7&VER=6&it=548812&RID=rpc&SID=8787BE0499898773&CI=1&AID=78&TYPE=html&zx=bf28pr-v4mnm7&DOMAIN=mail.google.com&t=1 HTTP/1.1
Accept: /
Referer: http://mail.google.com/mail/?ui=2&
IN FIDDLEr i see
POST /mail/?ui=2&ik=ba4ed7ee39&view=cps&q=http%3A%2F%2F217.76.185.140%2F25.rss&cps=r&rt=j HTTP/1.1
answer
Content-Type: text/javascript; charset=UTF-8
while(1);
[[["v","NEGbCBCSn-c.en.","8","55f6abc2045673de",,]
,["di",749,"",""]
,["ub",[["^i",1240327921200]
,["^f",1240327921200]
CHEERS
Unfortunately, I have no experience with fiddler (although I hear it is cool).
Try wireshark: here: http://www.wireshark.org/
It is a network packet analyzer with filtering, so you could set the filters to capture the messages you want.
Related
I have a SIM900 GSM module that I use to send GET and POST requests to servers.
Recently I rented a host for this purpose. I wrote a simple page using asp.net webforms to parse incoming data from the GSM module, everything was working until a few days ago I noticed that I no longer can receive data from my gsm module.
After investigating further I found out that the host I rented keeps returning HTTP 400 errors to my GSM module. These responses are not from IIS but from Microsoft-HTTPAPI/2.0. The request header is this:
GET /test/data?meow HTTP/1.1
Host : www.whatever.com
Connection : keep-alive
And this is the server response(body omitted):
HTTP/1.1 400 Bad Request
Content-Type: text/html; charset=us-ascii
Server: Microsoft-HTTPAPI/2.0
Date: Sun, 11 Oct 2020 12:08:28 GMT
Connection: close
Content-Length: 339
I used Postman (application) to simulate the same request and everything worked just fine.
I also made an exact copy of a chrome request header and gave it to the module, but that didn't work either.
Note: I am not using sim900's HTTP commands I am connecting to a certain port(80 in this case) and making a get request manually.
Note 2:I have been given a Plesk panel to manage my website and do not have access to certain server settings.
The request will pass through the http.sys module before entering iis, which will intercept requests that do not comply with the rules, so your response comes from Microsoft-HTTPAPI / 2.0 with a status code of 400. The solution to this can be to modify the registry, but the setting in the registry is based on your application and request, and there is no universal modification method.
How to troubleshoot HTTP 400 errors
Http.sys registry settings for Windows
Another method is to suggest that you use a tool similar to Fiddler to capture the request sent by sim900 and the request sent by postman respectively. After the capture, compare them in detail to find out the differences, and modify the sim900 request to be the same as the postman request, conforming to http .sys rules.
I am following a course on lynda.com. We are experimenting with sending HTTP requests by using a command-line telnet app.
However, in the video, the "teacher" is explicitly typing:
telnet www.httpbin.org 80
GET /ip HTTP/1.0
Which returns the local IP address. Unfortunately, this doesn't work for me, although I did exactly what he did. When I type the GET /ip HTTP/1.0 line, I get a 400 Bad Request response, but the page /ip does exist. What am I doing wrong? Why does it work for the teacher in the video, but not for me?
Edit: Also, when it tried to connect to www.httpbin.org, I can see:
Trying "IP_FROM_WEBSITE"
Connected to www.httpbin.org.herokudns.com
The part of .herokudns.com is only on my side, in the video I can only see Connected to www.httpbin.org.
Looks like the server doesn't support HTTP 1.0. Maybe the video is older and it used to.
A valid HTTP 1.1 request would look like this:
telnet www.httpbin.org 80
GET /ip HTTP/1.1
Host: www.httpbin.org
so i am in a place where i have access to only 5 websites and i am trying to bypass this restrection
when i try to browse any of those website i don't have any problem, for example stackoverflow.com , but i can't access 1.1.1.1 (which is the ip of stackoverflow)
it means that what ever is blocking the other website allow only those 5 domains
is there anyway i can sumbit a web request to 2.2.2.2 but in the headers i am requesting stackoverflow.com to bypass this restrection
i have no idea how does dns or a simple http request work , i aperciate any idea to start with or at least something to read
also i can't change my dns servers
You can try it with any telnet application:
telnet google.com 80
GET / HTTP/1.1
Host: stackoverflow.com
End your request with double enter.
If you receive html then the proxy is letting the request pass.
After receiving http packets from a website I see a request packet which its http header is like this,what does it mean "OpenNMS HttpMonitor\r\n" ?Its source address is not from that web page which I open!
GET / HTTP/1.1\r\n
[Expert Info (Chat/Sequence): GET / HTTP/1.1\r\n]
Request Method: GET
Request URI: /
Request Version: HTTP/1.1
Connection: CLOSE \r\n
User-Agent: OpenNMS HttpMonitor\r\n
\r\n
I believe this may well be Rackspace's monitoring solution for cloud servers. Might be wrong though. Might be worth contacting your hosting provider to see if it's them. You can sort of check this by seeing if your server IP is in the same subnet.
Um, not sure why it is appearing in your context, but OpenNMS is a network monitoring suite that we used to use at work to monitor our network nodes.
http://www.opennms.org/
Your IP may be erroneously being monitored by some corporation? ^^
Say I make an HTTP request to: foosite.com but the port I actually send the request to is 6103 and I DON'T put that port in the Host header for example:
GET /barpage HTTP/1.1
Host: foosite.com
Method: GET
Should http server then recognize that I'm trying to talk to it on port 6103? Or since it was omitted in the request header am I gambling on if the server actually recognizes this?
I ask that question to say this: I've found that browsers, at least firefox + chrome, put the port in the Host header. But the Java app I'm using does not. And when the port is not passed in the Host the server responds back thinking I'm on port 80. So who do I need to badger? The server operator, or the Java programmer?
See section 14.23 of the HTTP spec which specifies that the port # should be included if it's not the default port (80 for HTTP, 443 for HTTPS).
UPDATED for modern day browsers:
Browsers (and curl) will add the port only when it is not the standard port, as required by the HTTP spec and noted in #superfell's answer.
Browsers this day (2013), will actually strip the port from the Host Header when the port is the standard (http port 80, https port 443). Some clients, which use their own method, like the Baidu Spider, include the port number even when the port is 80.
Whether this is proper or not, I don't know. The spec doesn't say whether it's OK or not to include the port number when the port used IS the default.
To answer your comment, servers will do whatever they need to do to comply with the spec, and the spec suggests only the cases WHEN it's needed. Because of this, I feel It's not really a question of how the server deals with it - it's more how the client issues the request: includes the port number in the Host Header, or not.
RFC2616 states that
A "host" without any trailing port information implies the default
port for the service requested (e.g., "80" for an HTTP URL). For
example, a request on the origin server for
http://www.w3.org/pub/WWW/ would properly include:
GET /pub/WWW/ HTTP/1.1
Host: www.w3.org
This means that https://example.com would not need a trailing port as well since the default port is known for https. I have checked the HTTP requests from Firefox, Chrome and Edge and found that none of them added the port number for the host header when the domain protocole was https. For sure the port number is added when the port number was also added to the URL. The following screenshots below come from Google chrome
Sample headers of an actual request to a hopefully non existent server 'http://myhost.com:3003/content/page.htm'
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-US;q=0.9,en;q=0.8,nb;q=0.7,de;q=0.6
Connection: keep-alive
Host: myhost.com:3244
Referer: http://myhost.com:3244/content/page.htm
The RFC https://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html requires some training to read.
Section 14:24 not so easy to translate all elements to the simple reality:
Host = "Host" ":" host [ ":" port ] ;
Host Header Syntax:
Host: :
if its not default than put port after host:
Host: example.com:1337