SYSK 194: “X-Ray Vision” of HTTP Traffic


Your browser knows that


http://www.microsoft.com is running IIS 6.0/.NET 2.0 as the web server


http://www.google.com ‘s web server is GWS 2.1


http://www.eweek.com is running on IIS 5.0


http://www.shopping.com uses Apache 1.3.33


http://en.wikipedia.org uses PHP 5.1.2 running on an Apache server


and so could you….


 


In fact, you could view much of the data that is not displayed in the Web browser, such as the HTTP headers that are included in the Request and Response packets.


 


Why would you want to do that?  How about troubleshooting web site problems?!!


 


There is a great tool that comes with IIS resource kit — WFetch — (available for download at http://www.microsoft.com/downloads/details.aspx?FamilyID=56fc92ee-a71a-4c73-b628-ade629c89499&DisplayLang=en) that allows you to:



  1. Issue commands using multiple HTTP verbs — GET, HEAD, PUT, DELETE, TRACE, POST, OPTIONS – entered either manually or read from a file.
  2. Set the server (host) name
  3. Configure TCP port to be used
  4. Use either HTTP 1.0 or HTTP 1.1
  5. Choose between multiple authentication types — Anonymous, Basic, NTLM, Kerberos, Digest, and Negotiate
  6. Use different connection types — HTTP, HTTPS, PCT 1.0, SSL 2.0, SSL 3.0, TLS 3.1
  7. Choose a proxy (or no proxy)
  8. Use client-side certificates

 


Once you issue a command, you can view the results, i.e. the HTTP traffic that goes between client and server, either on the screen or log it to a file.


 


As a web developer, this is one of the tools you definitely want to have in your tool belt!


 

Comments (5)

  1. Peter Ritchie says:

    Great little nexus!  Is there a name for this IRKT tool of which you speak?

  2. Perry says:

    Why not just use Fiddler? Or is this Fiddler being packaged up with the IIS tools?

    http://www.fiddlertool.com/fiddler/

  3. Michael says:

    I have been using this tool for a while and it is indeed the swiss army knife of http debugging and diagnostics.

    However it has a few silly bugs such as not allowing you to cut from the body box, you would have to copy and then delete. Not a break-feature, but just an annoyance.

    I recommend this to anyone, web developers, system administrators who want to debug their site or just see what is going on under the hood.