Best IT Recipes

How to track all incoming HTTP requests?

I need to track my application from incoming HTTP POST and GET requests coming from outside, and sometimes inside the machine.

Is it possible?

A violinist is used, but it only makes the outgoing not incoming (from the outside of the machine), or did I configure it incorrectly?

This is for my web application designed to receive POST from an external server.

+55
wireshark fiddler
Dec 13 '10 at 12:12
source share
9 answers

The guys found the perfect way to track ALL traffic that flows locally between requests from my machine to my machine:

  • Install Wireshark

  • When you need to capture traffic that goes from the local host to the local host, it will be difficult for you to use wirehark, since it only controls incoming traffic on the network card. The way to do this is to add a route to the windows, which will force all traffic through the gateway, and this will be fixed in the network interface.

    To do this, add a route using <ip address> <gateway> :

     cmd> route add 192.168.20.30 192.168.20.1

  • Then run capture on wirehark (make sure you select an interface with bytes passing through it). Then filter.

Newly added routes appear in black. (since they are local addresses)

+9
Dec 13 2018-10-12
source

What you need to do is configure Fiddler to work as a “reverse proxy”

There are instructions on 2 different ways you can do on the Fiddler website. Here is a copy of the steps:



Step # 0

Before working with one of the following options, you must allow other computers to connect to Fiddler. To do this, select "Tools"> "Violinist Settings"> "Connections" and check the box "Allow remote computers to connect." Then close Fiddler.

Option # 1: configure Fiddler as a reverse proxy

Fiddler can be configured so that any traffic sent to http://127.0.0.1:8888 is automatically sent to another port on the same computer. To install this configuration:

  • Launch REGEDIT
  • Create a new DWORD named ReverseProxyForPort inside HKCU \ SOFTWARE \ Microsoft \ Fiddler2.
  • Install DWORD on the local port to which you want to redirect incoming traffic (usually this is port 80 for a standard HTTP server).
  • Restart fiddler
  • Go to the browser http://127.0.0.1:8888

Option # 2: Write a FiddlerScript Rule

Alternatively, you can write a rule that does the same.

Suppose you are using a website on port 80 of a machine named WEBSERVER. You connect to the website using Internet Explorer Mobile Edition on a Windows SmartPhone device for which you cannot configure a web proxy. You want to capture traffic from your phone and server response.

  • Run Fiddler on the WEBSERVER machine, running on the default port 8888.
  • Click "Tools" | Fiddler Options and check the box "Allow remote clients to connect." Restart if necessary.
  • Select Rules | Customize the rules.
  • Inside the OnBeforeRequest handler, add a new line of code:
    if (oSession.host.toLowerCase () == "webserver: 8888") oSession.host = "webserver: 80";
  • On your smartphone, go to http://webserver:8888

Requests from SmartPhone will appear in Fiddler. Requests are forwarded from port 8888 to port 80, where the web server is running. Responses are sent back through Fiddler to the SmartPhone, which does not know that the content was originally sent from port 80.

+55
Dec 13 '10 at 12:21
source

I would install Microsoft Network Monitor, configure the tool so that it can only see HTTP packets (filter the port) and trigger packet capture.

You can download it here.

+32
Dec 13 '10 at 12:32
source

Configure Fiddler as a "reverse proxy" on Windows

(for Mac, see the link in the Partizano comment below)

I know that there is already an answer offering this, however I want to give explanations and instructions for this, which Telerik had to provide, as well as cover some "gotchas", so here goes:

What does it mean to configure Fiddler as a "reverse proxy"?

  • By default, Fiddler only monitors outgoing requests from the computer on which you run Fiddler
  • To track incoming requests, you need to configure Fiddler to work as a "reverse proxy"
  • This means that you need to install Fiddler as a “proxy” that will intercept incoming HTTP requests that are sent to a specific port (8888) on the computer where you want to listen to incoming requests. Fiddler then forwards these requests to a web server on the same computer, sending them to a regular port for HTTP requests (usually port 80 or 443 for https). It is really very fast and easy to do!
  • The standard way to set this with Fiddler is to force Fiddler to intercept the entire request sent to port “8888” (since this will usually not be used by anything else, although you can just as easily use another port)
  • Then you need to use the registry editor to force Fiddler to forward any HTTP requests that Fiddler receives to port 8888 so that they are redirected to the standard http port (port 80, port 443 for the https request, or another custom port that your web is configured to server)

NOTE. For this to work, any request you want to intercept must be sent to port 8888

You do this by adding: 8888 to your hostname, for example, for an MVC route, for example:

Http: // myhostname: 8888 / controller / action



Walkthrough

Make sure Fiddler can accept remote HTTP requests on port 8888:

Run Fiddler as an administrator . Choose Tools> Fiddler Settings> Connections and make sure “Allow remote computers to connect” is checked and “Fiddler listenens on port” is set to 8888:

enter image description here

Configure Fiddler to forward requests received on port 8888 to port 80

  • Close Fiddler
  • Launch REGEDIT
  • Create a new DWORD named ReverseProxyForPort inside HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Fiddler2.
    • Now set the DWORD value for the local port to which you want to redirect incoming traffic (usually this is port 80 for a standard HTTP server).
  • To do this, right-click the created DWORD and select Modify. Make sure Base is set to Decimal and enter 80 (or another port) as the value data:

Verify that port 8888 is open on the firewall

  • You must make sure that port 8888 is open to external requests (it will not be the default if your server is protected by a firewall).

What is it! Fiddler should now be configured as a reverse proxy to intercept all requests from port 8888 (so you can view them in Fiddler), and then it will redirect them to your web server for actual management.

Check Request

  • Restart fiddler
  • To verify that Fiddler intercepts external requests, open a browser on the same computer on which you installed Fiddler as a reverse proxy. Go to the browser http://127.0.0.1:8888
  • This test makes a basic request to port 8888
  • You should see a request intercepted by Fiddler
  • Now you can test the request from another computer, for example by making a request from a browser on another computer like this (where "remoteHostname" is the host name on the computer on which you installed Fiddler as a reverse proxy)

Http: // RemoteHostName: 8888 / controller / action

  • Alternatively, you can compose a request using another instance of Fiddler on the remote computer using a URL similar to the one above. This will allow you to execute a GET or POST request.

IMPORTANT: after you finish viewing your requests, go back to Tools> Fiddler Settings> Connections and remove the "Allow remote computers to connect" option, otherwise third parties will be able to scan traffic through your server

+8
Aug 01 '16 at 1:11
source

Microsoft Message Analyzer is the successor to Microsoft Network Monitor 3.4

If your incoming HTTP traffic goes to your web server with port 58000, start the analyzer in administrator mode and press a new session:

Use filter: tcp.Port = 58000 and HTTP

trace: “Local network interfaces (Win 8 and earlier)” or “Local network interfaces (Win 8.1 and later)” depend on your OS

Analysis Level: Complete

+5
23 Oct '15 at 9:06
source

You might consider running Fiddler as a reverse proxy, you should be able to connect clients to the Fiddler address, and then redirect requests from Fiddler to your application.

This will require either a little port manipulation or a client configuration, whichever is easier depending on your requirements.

Details on how to do this: http://www.fiddler2.com/Fiddler/Help/ReverseProxy.asp

+3
Dec 13 '10 at 12:20
source

Use TcpView to see port listening and connections. This will not give you requests.

To see the requests, you need the opposite of the proxy server, of which I do not know any such tools.

Use tracing to provide you parts of the requests (first 1 Kbyte of the request).

+2
Dec 13 '10 at 12:17
source

Using Wireshark ..

I have not tried: http://wiki.wireshark.org/CaptureSetup/Loopback

If this works, you can filter the http / http contains GET / http contains POST traffic.

You may need to run two instances of Wireshark, one local capture and one remote control. I'm not sure.

+2
Dec 13 2018-10-12
source

You can also try HTTP Debugger , it has a built-in ability to display incoming HTTP requests and does not require any changes to the system configuration.

HTTP debugger

0
Sep 07 '17 at 5:05
source


More articles:


All Articles