HTTP request and response data tool: Difference between revisions
Jump to navigation
Jump to search
(14 intermediate revisions by the same user not shown) | |||
Line 18: | Line 18: | ||
</pre> | </pre> | ||
* [https://chrome.google.com/webstore/detail/postman/fhbjgbiflinjbdggehcddcbncdddomop?hl=zh-TW Postman] ([https://www.getpostman.com/docs/ documentation]) & | * [https://chrome.google.com/webstore/detail/postman/fhbjgbiflinjbdggehcddcbncdddomop?hl=zh-TW Postman] ([https://www.getpostman.com/docs/ documentation]) & [https://chrome.google.com/webstore/detail/postman-interceptor/aicmkgpgakddgnaphhhpliifpcfhicfo?hl=zh-TW Postman Interceptor] for {{Chrome}} | ||
=== Display HTTP headers of a web page === | === Display HTTP headers of a web page === | ||
* [ | * {{Gd}} [https://www.getpostman.com/ Postman | API Development Environment] | ||
* {{Chrome}}: Press {{kbd | key = F12}} to open the '''Developer Tools''' window -> Switch to ''Network'' panel -> Click the ''Headers'' to display the HTTP headers of a web page. (1)Section ''Query String Parameters'' for HTTP GET request (2)Section ''Form Data'' for HTTP POST request. Further reading: [https://developers.google.com/chrome-developer-tools/docs/network?hl=zh-TW Chrome DevTools — Google Developers] | |||
* [https://www.mozilla.org/zh-TW/firefox/new/ Firefox]: [https://developer.mozilla.org/en-US/docs/Tools/Web_Console/Opening_the_Web_Console Opening the Web Console - Firefox Developer Tools | MDN] --> Switch to "Network" label --> Click one of URLs --> Show the Headers. (formerly [http://getfirebug.com/ Firebug]) | |||
* [http://livehttpheaders.mozdev.org/ LiveHTTPHeaders] for {{Fx}} | * [http://livehttpheaders.mozdev.org/ LiveHTTPHeaders] for {{Fx}} | ||
* [http://www.ericgiguere.com/articles/masquerading-your-browser.html Masquerading Your Browser]: also offer the tool [http://www.ericgiguere.com/tools/http-header-viewer.html HTTP Header Viewer] {{access | date=2012-05-16}} | * [http://www.ericgiguere.com/articles/masquerading-your-browser.html Masquerading Your Browser]: also offer the tool [http://www.ericgiguere.com/tools/http-header-viewer.html HTTP Header Viewer] {{access | date=2012-05-16}} | ||
* {{ | |||
* [https://curl.haxx.se/ curl] e.g. Input the command {{kbd | key=<nowiki>curl -L -I <URL></nowiki>}}{{access | date=2018-09-20}} | |||
** Option {{kbd | key=<nowiki>-L, --location</nowiki>}} "If the server reports that the requested page has moved to a different location (indicated with a Location: header and a 3XX response code)." quoted from [https://curl.haxx.se/docs/manpage.html manual]. | |||
** Option {{kbd | key=<nowiki>-I, --head</nowiki>}} "Fetch the headers only!" quoted from manual. | |||
* [https://www.gnu.org/software/wget/ Wget - GNU Project - Free Software Foundation] e.g. Input the command {{kbd | key=<nowiki>wget -S --spider <URL></nowiki>}} <ref>[https://www.zyxware.com/articles/2402/viewing-http-headers-using-wget Viewing HTTP Headers using Wget | Zyxware Technologies]</ref>{{access | date=2018-09-20}} | |||
** Option {{kbd | key=<nowiki>-S, --server-response</nowiki>}} "Print the headers sent by HTTP servers and responses sent by FTP servers." quoted from manual. | |||
** Option {{kbd | key=<nowiki>--spider</nowiki>}} "When invoked with this option, Wget will behave as a Web spider, which means that it will not download the pages, just check that they are there." quoted from manual. | |||
* ''$'' [https://paw.cloud/ Paw – The most advanced API tool] for {{Mac}} | |||
Example result after executed {{kbd | key=curl}} command: | |||
<pre> | |||
$ curl -L -I https://www.google.com | |||
HTTP/2 200 | |||
date: Thu, 20 Sep 2018 02:56:29 GMT | |||
expires: -1 | |||
cache-control: private, max-age=0 | |||
content-type: text/html; charset=ISO-8859-1 | |||
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info." | |||
server: gws | |||
x-xss-protection: 1; mode=block | |||
x-frame-options: SAMEORIGIN | |||
set-cookie: 1P_JAR=2018-09-20-02; expires=Sat, 20-Oct-2018 02:56:29 GMT; path=/; domain=.google.com | |||
set-cookie: NID=139=DXgMIx0L06ZUBLaTUD2J_pqIvfgSEo945An0URyIwGqVf_NOxPcHcaAxhNwNforv-Lw0-m6DSKX-y1wz0EhuC-tdzLHPyWYqLVOdu7VBgjH9spnMr_2MfY79uh05aYuH; expires=Fri, 22-Mar-2019 02:56:29 GMT; path=/; domain=.google.com; HttpOnly | |||
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35" | |||
accept-ranges: none | |||
vary: Accept-Encoding | |||
</pre> | |||
=== other tools === | === other tools === | ||
Line 31: | Line 64: | ||
* [http://www.httpwatch.com/ HttpWatch 9.0: HTTP Sniffer] for {{IE}}, {{Fx}} and iPhone | * [http://www.httpwatch.com/ HttpWatch 9.0: HTTP Sniffer] for {{IE}}, {{Fx}} and iPhone | ||
** Steps to view the POST data: (1)start recording HTTP requests (2)click URL (3)switch the label to '''POST Data''' | ** Steps to view the POST data: (1)start recording HTTP requests (2)click URL (3)switch the label to '''POST Data''' | ||
echo | |||
* [https://httpbin.org/ httpbin.org] "A simple HTTP Request & Response Service." | |||
web security | |||
* [https://tools.geekflare.com/tools/x-frame-options-test X-Frame-Options Header Checker Tool] {{access | date=2019-03-06}} | |||
* [https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project OWASP Zed Attack Proxy Project - OWASP] {{access | date=2019-03-06}} | |||
== Web page compression check == | == Web page compression check == | ||
Line 46: | Line 86: | ||
== references == | == references == | ||
<references/> | <references/> | ||
[[Category:WebDesign]] | [[Category:WebDesign]] | ||
[[Category:Programming]] | |||
[[Category:Data collecting]] | |||
[[Category:Security]] |
Revision as of 11:26, 27 September 2019
<< Testing
HTTP request and response data tool
Testing the API or pressure test.
HTTP headers generator
- Apache Jmeter v. 2.7[1]
- approach 1: (1) Add config element: HTTP request defaults (2) Add Sampler: HTTP request (3) Add Listener: View results tree (4) Run the test plan
- approach 2: (1) install unofficial jmeter-plugins (2) Add Sampler: jp@gc - HTTP Raw Request[2] (3) Add Listener: View results tree (4) Run the test plan
- Fiddler free web debugging proxy for Win
telnet localhost 80 "header content" Enter Enter
- Postman (documentation) & Postman Interceptor for Chrome
Display HTTP headers of a web page
- Postman | API Development Environment
- Chrome : Press F12 to open the Developer Tools window -> Switch to Network panel -> Click the Headers to display the HTTP headers of a web page. (1)Section Query String Parameters for HTTP GET request (2)Section Form Data for HTTP POST request. Further reading: Chrome DevTools — Google Developers
- Firefox: Opening the Web Console - Firefox Developer Tools | MDN --> Switch to "Network" label --> Click one of URLs --> Show the Headers. (formerly Firebug)
- LiveHTTPHeaders for Firefox
- Masquerading Your Browser: also offer the tool HTTP Header Viewer [Last visited: 2012-05-16]
- curl e.g. Input the command curl -L -I <URL>[Last visited: 2018-09-20]
- Option -L, --location "If the server reports that the requested page has moved to a different location (indicated with a Location: header and a 3XX response code)." quoted from manual.
- Option -I, --head "Fetch the headers only!" quoted from manual.
- Wget - GNU Project - Free Software Foundation e.g. Input the command wget -S --spider <URL> [3][Last visited: 2018-09-20]
- Option -S, --server-response "Print the headers sent by HTTP servers and responses sent by FTP servers." quoted from manual.
- Option --spider "When invoked with this option, Wget will behave as a Web spider, which means that it will not download the pages, just check that they are there." quoted from manual.
- $ Paw – The most advanced API tool for Mac
Example result after executed curl command:
$ curl -L -I https://www.google.com HTTP/2 200 date: Thu, 20 Sep 2018 02:56:29 GMT expires: -1 cache-control: private, max-age=0 content-type: text/html; charset=ISO-8859-1 p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info." server: gws x-xss-protection: 1; mode=block x-frame-options: SAMEORIGIN set-cookie: 1P_JAR=2018-09-20-02; expires=Sat, 20-Oct-2018 02:56:29 GMT; path=/; domain=.google.com set-cookie: NID=139=DXgMIx0L06ZUBLaTUD2J_pqIvfgSEo945An0URyIwGqVf_NOxPcHcaAxhNwNforv-Lw0-m6DSKX-y1wz0EhuC-tdzLHPyWYqLVOdu7VBgjH9spnMr_2MfY79uh05aYuH; expires=Fri, 22-Mar-2019 02:56:29 GMT; path=/; domain=.google.com; HttpOnly alt-svc: quic=":443"; ma=2592000; v="44,43,39,35" accept-ranges: none vary: Accept-Encoding
other tools
- Packet sniffer: Wireshark, URL Snooper
- Poster[1] for Firefox
- HttpWatch 9.0: HTTP Sniffer for IE , Firefox and iPhone
- Steps to view the POST data: (1)start recording HTTP requests (2)click URL (3)switch the label to POST Data
echo
- httpbin.org "A simple HTTP Request & Response Service."
web security
- X-Frame-Options Header Checker Tool [Last visited: 2019-03-06]
- OWASP Zed Attack Proxy Project - OWASP [Last visited: 2019-03-06]
Web page compression check
online gzip test
- GIDZipTest: Web Page Compression (Deflate / Gzip) Test - GIDNetwork: A simple online web page compression / deflate / gzip test tool
- Port80 Software » Products » File Compression for IIS Servers
- Web Ping
- List of HTTP status codes - Wikipedia, the free encyclopedia
- html - capturing ajax requests - Stack Overflow [Last visited: 2015-09-01]