UGTS Document #56 - Last Modified: 8/29/2015 3:23 PM
Tracing HTTP Traffic

When a website request results in one or more redirects, it can be difficult to tell what is going on in the browser, especially when the requests are encrypted with SSL (because then you can no longer easily watch the traffic with a utility like Network Monitor).

The general solution to this problem is to install an HTTP Trace add-in to your web browser so that you can see the HTTP requests that are being made. This is a better solution than trying to follow what is going on with Network Monitor or some other packet watcher because a browser add-in sits above any SSL encryption, and it shows you activity at the higher logical level that you need it - HTTP rather than TCP/IP. Several good free HTTP tracing programs are available:
  • IE Developer Tools - Starting with IE9, you can press F12 to open the Developer Tools in Internet Explorer.  These tools include some very nice features, including a profiler, a network trace, the ability to select a tag and jump to the HTML which produced it, and an image and link report.
  • HTTP Watch Studio Basic Edition - Though this version is limited compared to the full version (which costs about $400 per user), it can still show you the URLs being requested and a breakdown of the time spent waiting. The user interface is excellent - it uses a pane at the bottom of your browser window so that you can see real-time what is going on alongside the browser display. HTTP Watch Studio works in IE or Firefox, so usually there is no need to change your default browser to use it, unless you use Chrome. First download and install it. Then launch your browser, and right-click the browser area and select 'HttpWatch Basic' in the context menu. The watch pane will display at the bottom. Press the Record button to start recording activity.
  • Tamper Data (Firefox only) - To use this, set Firefox as your default web browser temporarily, and then install the Add-in 'Tamper Data'. This add-in intercepts each HTTP POST or GET reqest, placing it on hold to let you view and optionally the request before proceeding.  It also accumulates a log of all the requests and cookie values on the client so that you can follow what is going on. To use it after installing it, first restart Firefox, then right-click the top of the browser window to show the Menu Bar (if it isn't already shown). Then go to the menu, Tools, Tamper Data, and press the 'Start Tamper' button in the upper left. Then start making web requests and watch the activity. This works even when the requests are done with SSL, and it gives you a higher level view than Network Monitor would be able to do.

    Note - Tamper Data was originally written to do penetration testing, but it is also an excellent debugging tool in general.