I need to see exactly what the browser sends to a form, for debugging purposes.
I have the “tamper data” addon for Mozilla, but it doesn’t show me what I am looking for.
What I need is a text file with all that the browser sends, it should look like this:
Content-Type: multipart/form-data; boundary=AaB03x --AaB03x Content-Disposition: form-data; name="submit-name" Larry --AaB03x Content-Disposition: form-data; name="files" Content-Type: multipart/mixed; boundary=BbC04y --BbC04y Content-Disposition: file; filename="file1.txt" Content-Type: text/plain
For more detailed information you could use WireShark. This program allows you monitor just about all traffic. It has a rather steep learning curve, when you get it, it is an awesome help.
Mostly I use Firebug. Setting the Console to ‘persist’ allows you to check GET/POST when submitting your form.
The Firebug addon for Firefox can capture the data that you want. You will need to manually compile the data captured into the format that you want though.
The best tool that I’ve used for the job is Fiddler. It lets you see the content of all the HTTP requests to and from your machine. One gotcha on Firefox though – make sure you restart once Fiddler is installed, and then go to the “Fiddler: Disabled” button in your status bar and select an option so that your Firefox traffic is watched as well.
You can use Live HTTP Headers (for Firefox).
Once you switch it ON, you can view all the HTTP headers that the browser sends (including form data etc.). VERY USEFUL for development purposes.
There are a few methods, but it depends on your software. If your using Apache, you can look at the following:
apache_request_headers() getallheaders() apache_response_headers()
for figuring out what you are going to send back.
I believe that all of those links above require that apache be configured as a module, and not as a cgi. You can check your current settings if you are unsure by using your phpinfo() and seeking Server API. If it says CGI, your out of luck on these functions.
There are however additional variables that you can use if your looking at the CGI installation. These exist both with the module and the CGI/CLI API’s btw, and are all children of the $_ENV/$HTTP_ENV_VARS (envirornmental) superglobal:
You may have more depending on your configurations, but chances are these are containing all the information you are looking for.
If your php version is >= 5.0.0, you can also use
get_headers() which I believe is API independant.
Hope that helps!
For more information please check,
I’m quite fond of Burpsuite, it allows you to inspect and manipulate HTTP requests.
My favourite feature is the ability to intercept a request, modify parameters and then send it on. Very useful for security testing and debugging.
If you are using Forefox use Firebug, you can really good see what is happining. In Google Chrome and Safari you have BuildIn Developertools, so you can also see the same informations.
I found Fiddler a little bit difficult…