What is the best windows tool to capture HTTP traffic?

Question

When you want to capture browser traffic or general windows HTTP traffic what tool do you use?

Another helpful "not constructive" question, viewd 26,000 times. Thanks a lot voretaq7! — hopeseekr, Jul 04 '13 at 17:33

score 37 · Answer 1 · answered May 02 '09 at 02:27

37

Wireshark. Gets HTTP and anything else you want to look at (DNS, usually).

answered May 02 '09 at 02:27

womble

97,049

+1 Wireshark will get anything that's going through the net card. – Jonathon Watney May 02 '09 at 03:00
7

While Wireshark will capture anything, Fiddler is specialized in looking at HTTP traffic. If you're going to look at HTTP / browser traffic, I'd definitely use Fiddler over Wireshark. – Mark S. Rasmussen May 02 '09 at 12:29
8

+1. A little known feature is that Wireshark is also capable of decrypting SSL-traffic if you have the receiver's private certificate. Extremely useful imo! – Commander Keen May 28 '09 at 12:01

score 35 · Accepted Answer · answered May 02 '09 at 02:04

35

Fiddler, hands down! http://www.fiddler2.com/fiddler2/

answered May 02 '09 at 02:04

Mark S. Rasmussen

2,138
2
21
31

1

Will Fiddler intercept requests made to localhost? – Jonathon Watney May 02 '09 at 02:53
1

Yes, Fiddler can also capture localhost traffic. – Mark S. Rasmussen May 02 '09 at 12:28
couldn't get it to work, it just says fiddler failed to decrypt https, and the website just loads till infinty – ImGeorge Oct 28 '14 at 17:31

score 3 · Answer 3 · answered May 02 '09 at 02:04

3

General HTTP traffic:

Fiddler (free)

Internet Explorer and Firefox traffic:

HttpWatch (crippleware & pay)

answered May 02 '09 at 02:04

Omar Shahine

3,749

score 2 · Answer 4 · edited Apr 13 '17 at 12:14

Recommend Fiddler and Fiddler2 [Mark. Rasmussen above], and another GUI http(s) capture that runs on MS Windows and 'other' systems.

WebScarab

Looks to have the same feature/functionality as Fiddler2, with the addition that it can run on non MS platforms (could be useful for some.)

The Sales Pitch?

WebScarab is a framework for analysing applications that communicate using the HTTP and HTTPS protocols. WebScarab has several modes of operation, implemented by a number of plugins. In its most common usage, WebScarab operates as an intercepting proxy, allowing the operator to review and modify requests created by the browser before they are sent to the server, and to review and modify responses returned from the server before they are received by the browser. WebScarab is able to intercept both HTTP and HTTPS communication. The operator can also review the conversations (requests and responses) that have passed through WebScarab

Some of the basic functionality of value to web developers, security reviews, in WebScarab include: (from their website)

Fragments - extracts Scripts and HTML comments from HTML pages as they are seen via the proxy, or other plugins
Proxy - observes traffic between the browser and the web server. The WebScarab proxy is able to observe both HTTP and encrypted HTTPS traffic, by negotiating an SSL connection between WebScarab and the browser instead of simply connecting the browser to the server and allowing an encrypted stream to pass through it. Various proxy plugins have also been developed to allow the operator to control the requests and responses that pass through the proxy.
Manual intercept - allows the user to modify HTTP and HTTPS requests and responses on the fly, before they reach the server or browser.
Beanshell - allows for the execution of arbitrarily complex operations on requests and responses. Anything that can be expressed in Java can be executed.
Reveal hidden fields - sometimes it is easier to modify a hidden field in the page itself, rather than intercepting the request after it has been sent. This plugin simply changes all hidden fields found in HTML pages to text fields, making them visible, and editable. Bandwidth simulator - allows the user to emulate a slower network, in order to observe how their website would perform when accessed over, say, a modem.

OWASP, the developers of WebScarab also have a number of other Open Source Projects relevant to reviewing website performance, functionality, security et. al.

score 1 · Answer 5 · answered Oct 17 '11 at 11:16

1

justniffer It can capture all http traffic, produce apache log, save content as files, measure response time . etc.

Bye,

answered Oct 17 '11 at 11:16

Mole24

11

score 0 · Answer 6 · answered Jan 21 '10 at 08:05

0

Yes, fiddler2 is very handy. Took me a minute to find out that you can use ipv4.fiddler:/ instead of localhost:/ The tool is fast and stable on the first glimpse

answered Jan 21 '10 at 08:05

score 0 · Answer 7 · answered Mar 16 '10 at 19:13

0

You can also check this HTTP post or Get tool (free tool)

answered Mar 16 '10 at 19:13

score 0 · Answer 8 · answered May 28 '09 at 12:05

0

i link using packetyzer for capturing.

its free and it has a easy to use gui.

http://sourceforge.net/projects/packetyzer/

answered May 28 '09 at 12:05

coding Bott

568

score 0 · Answer 9 · edited Dec 17 '10 at 13:05

0

maybe you can try this iehttptools

edited Dec 17 '10 at 13:05

Antoine Benkemoun

7,314

answered Dec 17 '10 at 08:55

Neatsoft

1

Using a link is cool, but still write the essential parts of the link please. – Marko Dec 04 '12 at 18:42

score 0 · Answer 10 · answered May 02 '09 at 03:32

0

nmap / zenmap from insecure.org

answered May 02 '09 at 03:32

Brad Gilbert

2,533

score 0 · Answer 11 · answered Jul 16 '09 at 08:54

There is little know but rather good Microsoft product for this:

Microsoft Visual Roundtrip Analyzer

It's built on top of Microsoft's Netmon and provides an insane amount of detail. It shows http traffic, including all the packet transfer details and any related DNS requested performed. It also has a go at giving you advice on the results.

Oh did I mention that it's free?

What is the best windows tool to capture HTTP traffic?

11 Answers11