Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Capture http request

  • 19-07-2011 10:41pm
    #1
    Registered Users, Registered Users 2 Posts: 208 ✭✭


    I want to write an application that involves analysing the data sent in a http request. Like this -

    User visit's a website on their browser
    They enter some details on a form and click submit

    I want to capture this particular request. I have downloaded the application Fiddler and I can see it captures http requests...which is what I need, except I will only be capturing it for certain sites.

    So any ideas how this can be done? Im using C# by the way.


Comments

  • Closed Accounts Posts: 2,219 ✭✭✭Lab_Mouse


    and whats on the form?credit card?

    sounds like you need a key logger here's one

    http://www.refog.com/free-keylogger/key-logger.html


  • Registered Users, Registered Users 2 Posts: 208 ✭✭httpete


    No, not credit card details, just selections people make on certain sites. I dont see how a logger would be any use for this, how would you tell when the form was submitted? And users wont really be entering text anyway, most of what they enter is making selections using checkboxes.


  • Registered Users, Registered Users 2 Posts: 2,751 ✭✭✭MyPeopleDrankTheSoup


    Kinda hard to understand what you want.

    Do you want to capture the HTTP request to write a bot in C#. Eg, you want to write a program that will take users Facebook username/pass and emulate the browser going to FB and posting a status.

    Or do you want to write a program that installs on users PCs and actually captures each individual HTTP request of them going to Facebook?


  • Registered Users, Registered Users 2 Posts: 208 ✭✭httpete


    Kinda hard to understand what you want.

    Do you want to capture the HTTP request to write a bot in C#. Eg, you want to write a program that will take users Facebook username/pass and emulate the browser going to FB and posting a status.

    Or do you want to write a program that installs on users PCs and actually captures each individual HTTP request of them going to Facebook?

    Basically they install the application and then fire up their browser and go to, for example, a car website. They will click various check boxes that describe the car...for example they would click the checkboxes like 'Ford' under the car make section, and click 'less than €10000' in the price section. Then when they've fully described the car they will click submit. I want to capture this http request so I can store the data they have entered in the form.


  • Registered Users, Registered Users 2 Posts: 2,751 ✭✭✭MyPeopleDrankTheSoup


    So basically you want to write a HTTP sniffer like Fiddler or Charles Web Proxy? I've no clue where to help you. Good luck, sounds like a big job.


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 523 ✭✭✭mwrf


    http://www.wireshark.org/ does what you want to do.

    Is uses http://www.tcpdump.org/ under the hood, so you can use this to capture the traffic you want.

    Why don't you capture it server side though? This screams malicious to me, In can't see why you would have good reason to write application that does this?


  • Registered Users, Registered Users 2 Posts: 208 ✭✭httpete


    Cool, that tcpdump looks like it could do the job, Ill check it out.

    It sounds malicious alright hehe but its not, it's just an application that will come in handier for certain people.


  • Closed Accounts Posts: 18,163 ✭✭✭✭Liam Byrne


    httpete wrote: »
    Cool, that tcpdump looks like it could do the job, Ill check it out.

    It sounds malicious alright hehe but its not, it's just an application that will come in handier for certain people.

    As long as those 'certain people" are the people who are submitting the data and not other parties.

    It definitely sounds suspect.

    If I send data to a website then the only place I'm expecting it to go is to that website.

    If you own that website then you have access to the data.

    Not only that but how will you filter the sites whose data you are recording ? If the sniffer is installed then it's listening to everything and only deciding to record some.

    So it sounds like something a decent antivirus/antispyware would object to.


  • Registered Users, Registered Users 2 Posts: 1,110 ✭✭✭Skrynesaver


    While Wireshark and tcpdump will get the data you are after they may be overkill for what you seem to require, a HTTP Proxy seems to be what you are after, take a look at Paros (similar to Charles, but free)


  • Registered Users, Registered Users 2 Posts: 208 ✭✭httpete


    Liam Byrne wrote: »
    As long as those 'certain people" are the people who are submitting the data and not other parties.

    It definitely sounds suspect.

    If I send data to a website then the only place I'm expecting it to go is to that website.

    If you own that website then you have access to the data.

    Not only that but how will you filter the sites whose data you are recording ? If the sniffer is installed then it's listening to everything and only deciding to record some.

    So it sounds like something a decent antivirus/antispyware would object to.

    Well I suppose users will have to make an exception for the application in their antivirus/spyware. And as it will be monitoring every http request I would make that clear on the download page and then it's up the user if he/she wanted to run it.


  • Advertisement
  • Closed Accounts Posts: 25 iDigian


    Liam Byrne wrote: »
    As long as those 'certain people" are the people who are submitting the data and not other parties.

    It definitely sounds suspect.

    If I send data to a website then the only place I'm expecting it to go is to that website.

    If you own that website then you have access to the data.

    Not only that but how will you filter the sites whose data you are recording ? If the sniffer is installed then it's listening to everything and only deciding to record some.

    So it sounds like something a decent antivirus/antispyware would object to.

    If you are working for an organisation using their internet connection then they (the organisation employing you) are perfectly entitled to analyse the information going out/coming in over the wire.


  • Registered Users, Registered Users 2 Posts: 7,468 ✭✭✭Evil Phil


    This sounds dodgy to me, but I guess there could be a legitimate purpose for this.

    httpete, if you want the thread unlocked pm me and let me know the actual purpose of this tool.


This discussion has been closed.
Advertisement