view response content of ajax,flash http requests - ajax

I'm interested if there is some tool (preferably a firefox addon) that allows you to record http requests and view their response header and content.

Try HttpFox :
HttpFox monitors and analyzes all
incoming and outgoing HTTP traffic
between the browser and the web
servers.
It aims to bring the functionality
known from tools like HttpWatch or
IEInspector to the Firefox browser.
Information available per request
includes:
- Request and response headers
Sent and received cookies
Querystring parameters
POST parameters
Response body

Firefox's firebug and webkits developer tools.

I recommend using Charles, http://www.charlesproxy.com/.
Charles is a stand-alone application, not a browser addon (but it has browser integration) which I personally prefer, since it can monitor http traffic also outside the browser, for example when a swf is run locally or from an IDE, or any other http traffic on your system.
If you prefer a browser addon, I believe Fiddler is quite popular, http://www.fiddler2.com/.

Related

Jmeter send requests that are not on my request list

I noticed this when analyzing wireshark. under thread group those requests are:
homepage/Account/Login
homepage/
homepage/LiveAlarm
and so on.
on wireshark there are some other requests that jmeter sends. but when i test this with browser, that requests wont be send.
after request 2)
HTTP GET /Content/css?v=........... HTTP/1.1\r\n
HTTP GET /Content/cus-css-plugins?v=......-..... HTTP/1.1\r\n
HTTP GET /images/logo/logo.._...png HTTP/1.1\r\n
and so on, totally 6 inintended requests are sent. there are not in the sampler list. and not sent when using browser.
the test script is recorded by blazemeter chrome plugin.
another unintended request
HTTP GET /signalr/hubs HTTP/1.1\r\n is sent by jmeter, but it is also sent when using browser.
because it is not in the sample list, the "Accept" field is very different between browser and jmeter. it is another issue. so, should i add this request to jmeter manually and control the fields?
BlazeMeter Chrome Extension generates a JMeter Test Plan with HTTP Request Defaults configuration element configured to "Retrieve Resources from HTML Files"
This is normal as it replicates real browser behaviour, real browsers download the HTML content from the response and then execute parallel HTTP Requests to download images, scripts, styles, fonts, sounds, etc. and this setting instructs JMeter to behave like a real browser when it comes to these embedded resources handling.
If you open your browser developer tools you should see the same requests (just tick "Disable cache" if you don't see them)
More information: Web Testing with JMeter: How To Properly Handle Embedded Resources in HTML Responses

Get post data from a website using firefox addon or any other tool

I want to get the post request data of a website. Is there any tool or addon for this? I can't see in the browser firebug as the page refreshes when the browser sends a request.
Install Httpfox.
You can see all the incoming and outgoing http traffic with it

AJAX request to https php server from Firefox and Chrome extensions

I'm working on extensions for Firefox and Chrome. The data used by my extensions is mostly generated from ajax requests. The type of data being returned is private, so it needs to be secure. My server supports https and the ajax calls are being sent to an https domain. Information is being sent back and forth, and the extensions are working correctly.
My questions are:
Do the extensions actually make secure connections with the server, or is this considered the same as cross domain posting, sending a request from a http page to a https page?
Am I putting my users' information at more risk during the transfers than if the user were to access the information directly from an https web page in the browser?
Thanks in advance!
The browser absolutely makes a secure connection when you use HTTPS. Certainly, a browser would never downgrade the security of your connection without telling you: it will either complete the request as written or it throw some sort of error if it is not possible.
Extensions for both Chrome and Firefox are permitted to make cross-domain AJAX requests. In Chrome, you simply need to supply the protocol/name of the host as a permission in your manifest.json. In Firefox, I think you may need to use Components.classes to get a cross-domain requester, as described in the MDN page for Using XMLHttpRequest, but I'm not 100% sure about that. Just try doing a normal request and see if it succeeds; if not, use the Components.classes solution.

It is possible to view what httprequest was sent by the browser when submitting a form?

When I submit a form on a site I want to know what HttpRequest was sent from the browser to the server, is this possible from any browser, or is there any firefox addon to do this ?
IE9 has this functionality in the Developer Tools (press F12). In Firefox you can use the extension Firebug. For Opera you can use Dragonfly.
There is also an application that has much more functionality and allows you to change any values in the request: Fiddler. Fiddler works with pretty much all browsers on Windows.
For Firefox there is the Live HTTP Headers extension.
For Internet Explorer, there is the ieHTTPHeaders extension which shows you HTTP requests and responses.

How to see all HTTP Get request sent from browser without debugging tool?

so, I have page doing a number of ajax and jsonp(i.e. injection) to get data. I would like to know how to find out the request URL I have made without using debugging tools, like firebug. etc. i.e. the history of GET request of the browser. Thanks
For the most part, browsers do NOT log a history of their HTTP GET requests. Also, if you're using ajax, you're probably doing HTTP POST requests as well.
You don't have to use an in-browser tool like Firebug, but you will need some tool to actually get a history of requests and the request bodies.
You can use a tool like Fiddler2, which is a proxy that gets all HTTP traffic outgoing from your computer (including from your browser and all other applications).
If you have control of the server environment, you can also set up logging on the server to capture this data.
You can use WireShark or a similar tool to monitor the network traffic and inspect the packets.

Resources