HTTP request and response data tool: Difference between revisions
Jump to navigation
Jump to search
(→Display HTTP headers of a web page: add chrome) |
|||
| (37 intermediate revisions by the same user not shown) | |||
| Line 2: | Line 2: | ||
== HTTP request and response data tool == | == HTTP request and response data tool == | ||
Testing the <span title="應用程式介面 (Application Programming Interface, API)"><span style="cursor:help; Border-bottom-style:dotted; Border-bottom-width:thin;" class="acronym">API</span></span> or pressure test. | |||
* | |||
=== HTTP headers generator === | |||
* [[Apache Jmeter]] v. 2.7<ref>[http://jmeter.apache.org/usermanual/jmeter_proxy_step_by_step.pdf JMeter proxy Step-by-step]</ref> | |||
** approach 1: (1) Add config element: HTTP request defaults (2) Add Sampler: HTTP request (3) Add Listener: View results tree (4) Run the test plan | ** approach 1: (1) Add config element: HTTP request defaults (2) Add Sampler: HTTP request (3) Add Listener: View results tree (4) Run the test plan | ||
** approach 2: (1) install unofficial [http://code.google.com/p/jmeter-plugins/ jmeter-plugins] (2) Add Sampler: jp@gc - HTTP Raw Request<ref>[http://code.google.com/p/jmeter-plugins/wiki/RawRequest RawRequest - jmeter-plugins - Every load test needs some sexy features! - Google Project Hosting]</ref> (3) Add Listener: View results tree (4) Run the test plan | ** approach 2: (1) install unofficial [http://code.google.com/p/jmeter-plugins/ jmeter-plugins] (2) Add Sampler: jp@gc - HTTP Raw Request<ref>[http://code.google.com/p/jmeter-plugins/wiki/RawRequest RawRequest - jmeter-plugins - Every load test needs some sexy features! - Google Project Hosting]</ref> (3) Add Listener: View results tree (4) Run the test plan | ||
* [[Packet sniffer]] | |||
* [http://www.telerik.com/fiddler Fiddler free web debugging proxy] for {{Win}} | |||
* [http://blog.darkthread.net/post-2015-03-12-http-request-with-telnet.aspx 網站除錯小技巧-用TELNET模擬HTTP請求 - 黑暗執行緒] | |||
<pre> | |||
telnet localhost 80 | |||
"header content" Enter | |||
Enter | |||
</pre> | |||
* [https://chrome.google.com/webstore/detail/postman/fhbjgbiflinjbdggehcddcbncdddomop?hl=zh-TW Postman] ([https://www.getpostman.com/docs/ documentation]) & [https://chrome.google.com/webstore/detail/postman-interceptor/aicmkgpgakddgnaphhhpliifpcfhicfo?hl=zh-TW Postman Interceptor] for {{Chrome}} | |||
=== Display HTTP headers of a web page === | |||
* {{Gd}} [https://www.getpostman.com/ Postman | API Development Environment] | |||
* {{Chrome}}: Press {{kbd | key = F12}} to open the '''Developer Tools''' window -> Switch to ''Network'' panel -> Click the ''Headers'' to display the HTTP headers of a web page. (1)Section ''Query String Parameters'' for HTTP GET request (2)Section ''Form Data'' for HTTP POST request. Further reading: [https://developers.google.com/chrome-developer-tools/docs/network?hl=zh-TW Chrome DevTools — Google Developers] | |||
* [https://www.mozilla.org/zh-TW/firefox/new/ Firefox]: [https://developer.mozilla.org/en-US/docs/Tools/Web_Console/Opening_the_Web_Console Opening the Web Console - Firefox Developer Tools | MDN] --> Switch to "Network" label --> Click one of URLs --> Show the Headers. (formerly [http://getfirebug.com/ Firebug]) | |||
* [http://livehttpheaders.mozdev.org/ LiveHTTPHeaders] for {{Fx}} | |||
* [http://www.ericgiguere.com/articles/masquerading-your-browser.html Masquerading Your Browser]: also offer the tool [http://www.ericgiguere.com/tools/http-header-viewer.html HTTP Header Viewer] {{access | date=2012-05-16}} | |||
* [https://curl.haxx.se/ curl] e.g. Input the command {{kbd | key=<nowiki>curl -L -I <URL></nowiki>}}{{access | date=2018-09-20}} | |||
** Option {{kbd | key=<nowiki>-L, --location</nowiki>}} "If the server reports that the requested page has moved to a different location (indicated with a Location: header and a 3XX response code)." quoted from [https://curl.haxx.se/docs/manpage.html manual]. | |||
** Option {{kbd | key=<nowiki>-I, --head</nowiki>}} "Fetch the headers only!" quoted from manual. | |||
* [https://www.gnu.org/software/wget/ Wget - GNU Project - Free Software Foundation] e.g. Input the command {{kbd | key=<nowiki>wget -S --spider <URL></nowiki>}} <ref>[https://www.zyxware.com/articles/2402/viewing-http-headers-using-wget Viewing HTTP Headers using Wget | Zyxware Technologies]</ref>{{access | date=2018-09-20}} | |||
** Option {{kbd | key=<nowiki>-S, --server-response</nowiki>}} "Print the headers sent by HTTP servers and responses sent by FTP servers." quoted from manual. | |||
** Option {{kbd | key=<nowiki>--spider</nowiki>}} "When invoked with this option, Wget will behave as a Web spider, which means that it will not download the pages, just check that they are there." quoted from manual. | |||
* ''$'' [https://paw.cloud/ Paw – The most advanced API tool] for {{Mac}} | |||
Example result after executed {{kbd | key=curl}} command: | |||
<pre> | |||
$ curl -L -I https://www.google.com | |||
HTTP/2 200 | |||
date: Thu, 20 Sep 2018 02:56:29 GMT | |||
expires: -1 | |||
cache-control: private, max-age=0 | |||
content-type: text/html; charset=ISO-8859-1 | |||
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info." | |||
server: gws | |||
x-xss-protection: 1; mode=block | |||
x-frame-options: SAMEORIGIN | |||
set-cookie: 1P_JAR=2018-09-20-02; expires=Sat, 20-Oct-2018 02:56:29 GMT; path=/; domain=.google.com | |||
set-cookie: NID=139=DXgMIx0L06ZUBLaTUD2J_pqIvfgSEo945An0URyIwGqVf_NOxPcHcaAxhNwNforv-Lw0-m6DSKX-y1wz0EhuC-tdzLHPyWYqLVOdu7VBgjH9spnMr_2MfY79uh05aYuH; expires=Fri, 22-Mar-2019 02:56:29 GMT; path=/; domain=.google.com; HttpOnly | |||
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35" | |||
accept-ranges: none | |||
vary: Accept-Encoding | |||
</pre> | |||
=== other tools === | |||
* [[Packet sniffer]]: Wireshark, URL Snooper | |||
* [https://addons.mozilla.org/en-US/firefox/addon/poster/ Poster][http://code.google.com/p/poster-extension/] for {{Fx}} | * [https://addons.mozilla.org/en-US/firefox/addon/poster/ Poster][http://code.google.com/p/poster-extension/] for {{Fx}} | ||
* [http://www.httpwatch.com/ HttpWatch 9.0: HTTP Sniffer] for {{IE}}, {{Fx}} and iPhone | * [http://www.httpwatch.com/ HttpWatch 9.0: HTTP Sniffer] for {{IE}}, {{Fx}} and iPhone | ||
** Steps to view the POST data: (1)start recording HTTP requests (2)click URL (3)switch the label to '''POST Data''' | ** Steps to view the POST data: (1)start recording HTTP requests (2)click URL (3)switch the label to '''POST Data''' | ||
echo | |||
* [ | * [https://httpbin.org/ httpbin.org] "A simple HTTP Request & Response Service." | ||
* [ | |||
* [ | web security | ||
* [https://tools.geekflare.com/tools/x-frame-options-test X-Frame-Options Header Checker Tool] {{access | date=2019-03-06}} | |||
* [https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project OWASP Zed Attack Proxy Project - OWASP] {{access | date=2019-03-06}} | |||
== HTTP & HTTPS Proxy == | |||
* [https://mitmproxy.org/ mitmproxy - an interactive HTTPS proxy] ([https://github.com/mitmproxy/mitmproxy/blob/main/LICENSE MIT license] {{Gd}}) on {{Win}}, {{Mac}} & {{Linux}}<ref>[https://docs.mitmproxy.org/stable/overview/installation/ Installation]</ref> | |||
* [https://portswigger.net/burp Burp Suite - Application Security Testing Software - PortSwigger] | |||
* ''$'' [https://www.charlesproxy.com/ Charles Web Debugging Proxy • HTTP Monitor / HTTP Proxy / HTTPS & SSL Proxy / Reverse Proxy] on {{Mac}} | |||
* ''$'' [https://www.telerik.com/fiddler Fiddler - Web Debugging Proxy - Telerik] on {{Win}}, {{Mac}} & {{Linux}} | |||
* ''$'' [https://proxyman.io/ Proxyman · Native, Modern Web Debugging Proxy · Inspect network from Mac, iOS, Android devices with ease] | |||
== Web page compression check == | == Web page compression check == | ||
| Line 25: | Line 87: | ||
related | == related article == | ||
* [[Web Ping]] | |||
* [https://en.wikipedia.org/wiki/List_of_HTTP_status_codes List of HTTP status codes - Wikipedia, the free encyclopedia] | |||
* [http://stackoverflow.com/questions/3390547/capturing-ajax-requests html - capturing ajax requests - Stack Overflow] {{access | date = 2015-09-01}} | |||
== | == References == | ||
<references/> | <references/> | ||
[[Category:Design]] | |||
[[Category: | [[Category:Programming]] | ||
[[Category:Data collecting]] | |||
[[Category:Security]] | |||
Latest revision as of 22:39, 3 May 2025
<< Testing
HTTP request and response data tool[edit]
Testing the API or pressure test.
HTTP headers generator[edit]
- Apache Jmeter v. 2.7[1]
- approach 1: (1) Add config element: HTTP request defaults (2) Add Sampler: HTTP request (3) Add Listener: View results tree (4) Run the test plan
- approach 2: (1) install unofficial jmeter-plugins (2) Add Sampler: jp@gc - HTTP Raw Request[2] (3) Add Listener: View results tree (4) Run the test plan
- Fiddler free web debugging proxy for Win
telnet localhost 80 "header content" Enter Enter
- Postman (documentation) & Postman Interceptor for Chrome
Display HTTP headers of a web page[edit]
Postman | API Development Environment- Chrome : Press F12 to open the Developer Tools window -> Switch to Network panel -> Click the Headers to display the HTTP headers of a web page. (1)Section Query String Parameters for HTTP GET request (2)Section Form Data for HTTP POST request. Further reading: Chrome DevTools — Google Developers
- Firefox: Opening the Web Console - Firefox Developer Tools | MDN --> Switch to "Network" label --> Click one of URLs --> Show the Headers. (formerly Firebug)
- LiveHTTPHeaders for Firefox
- Masquerading Your Browser: also offer the tool HTTP Header Viewer [Last visited: 2012-05-16]
- curl e.g. Input the command curl -L -I <URL>[Last visited: 2018-09-20]
- Option -L, --location "If the server reports that the requested page has moved to a different location (indicated with a Location: header and a 3XX response code)." quoted from manual.
- Option -I, --head "Fetch the headers only!" quoted from manual.
- Wget - GNU Project - Free Software Foundation e.g. Input the command wget -S --spider <URL> [3][Last visited: 2018-09-20]
- Option -S, --server-response "Print the headers sent by HTTP servers and responses sent by FTP servers." quoted from manual.
- Option --spider "When invoked with this option, Wget will behave as a Web spider, which means that it will not download the pages, just check that they are there." quoted from manual.
- $ Paw – The most advanced API tool for macOS
Example result after executed curl command:
$ curl -L -I https://www.google.com HTTP/2 200 date: Thu, 20 Sep 2018 02:56:29 GMT expires: -1 cache-control: private, max-age=0 content-type: text/html; charset=ISO-8859-1 p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info." server: gws x-xss-protection: 1; mode=block x-frame-options: SAMEORIGIN set-cookie: 1P_JAR=2018-09-20-02; expires=Sat, 20-Oct-2018 02:56:29 GMT; path=/; domain=.google.com set-cookie: NID=139=DXgMIx0L06ZUBLaTUD2J_pqIvfgSEo945An0URyIwGqVf_NOxPcHcaAxhNwNforv-Lw0-m6DSKX-y1wz0EhuC-tdzLHPyWYqLVOdu7VBgjH9spnMr_2MfY79uh05aYuH; expires=Fri, 22-Mar-2019 02:56:29 GMT; path=/; domain=.google.com; HttpOnly alt-svc: quic=":443"; ma=2592000; v="44,43,39,35" accept-ranges: none vary: Accept-Encoding
other tools[edit]
- Packet sniffer: Wireshark, URL Snooper
- Poster[1] for Firefox
- HttpWatch 9.0: HTTP Sniffer for IE
, Firefox and iPhone
- Steps to view the POST data: (1)start recording HTTP requests (2)click URL (3)switch the label to POST Data
echo
- httpbin.org "A simple HTTP Request & Response Service."
web security
- X-Frame-Options Header Checker Tool [Last visited: 2019-03-06]
- OWASP Zed Attack Proxy Project - OWASP [Last visited: 2019-03-06]
HTTP & HTTPS Proxy[edit]
- mitmproxy - an interactive HTTPS proxy (MIT license ) on Win , macOS & Linux
[4] - Burp Suite - Application Security Testing Software - PortSwigger
- $ Charles Web Debugging Proxy • HTTP Monitor / HTTP Proxy / HTTPS & SSL Proxy / Reverse Proxy on macOS
- $ Fiddler - Web Debugging Proxy - Telerik on Win , macOS & Linux
- $ Proxyman · Native, Modern Web Debugging Proxy · Inspect network from Mac, iOS, Android devices with ease
Web page compression check[edit]
online gzip test
- GIDZipTest: Web Page Compression (Deflate / Gzip) Test - GIDNetwork: A simple online web page compression / deflate / gzip test tool
- Port80 Software » Products » File Compression for IIS Servers
[edit]
- Web Ping
- List of HTTP status codes - Wikipedia, the free encyclopedia
- html - capturing ajax requests - Stack Overflow [Last visited: 2015-09-01]