HTTPNetworkSniffer

HTTPNetworkSniffer

HTTPNetworkSniffer v1.35
Copyright (c) 2011 - 2014 Nir Sofer
Web site: http://www.nirsoft.net

Description

HTTPNetworkSniffer is a packet sniffer tool that captures all HTTP requests/responses sent between the Web browser and the Web server and displays them in a simple table. For every HTTP request, the following information is displayed: Host Name, HTTP method (GET, POST, HEAD), URL Path, User Agent, Response Code, Response String, Content Type, Referer, Content Encoding, Transfer Encoding, Server Name, Content Length, Cookie String, and more...

You can easily select one or more HTTP information lines, and then export them to text/html/xml/csv file or copy them to the clipboard and then paste them into Excel.

System Requirements

  • This utility works on any version of Windows, starting from Windows 2000 and up to Windows 8, including 64-bit systems.
  • One of the following capture drivers is required to use HTTPNetworkSniffer:
    • WinPcap Capture Driver: WinPcap is an open source capture driver that allows you to capture network packets on any version of Windows. You can download and install the WinPcap driver from this Web page.
    • Microsoft Network Monitor Driver version 2.x (Only for Windows 2000/XP/2003): Microsoft provides a free capture driver under Windows 2000/XP/2003 that can be used by HTTPNetworkSniffer, but this driver is not installed by default, and you have to manually install it, by using one of the following options:
    • Microsoft Network Monitor Driver version 3.x: Microsoft provides a new version of Microsoft Network Monitor driver (3.x) that is also supported under Windows 7/Vista/2008.
      The new version of Microsoft Network Monitor (3.x) is available to download from Microsoft Web site.
  • You can also try to use HTTPNetworkSniffer without installing any driver, by using the 'Raw Sockets' method. Unfortunately, Raw Sockets method has many problems:
    • It doesn't work in all Windows systems, depending on Windows version, service pack, and the updates installed on your system.
    • On Windows 7 with UAC turned on, 'Raw Sockets' method only works when you run HTTPNetworkSniffer with 'Run As Administrator'.

Known Limitations

  • HTTPNetworkSniffer cannot capture HTTP data of a secured Web site (HTTPS)

Versions History

  • Version 1.35:
  • Version 1.32:
    • Added 'Show Time In GMT' option.
  • Version 1.31:
    • Fixed bug: The 'Promiscuous Mode' check-box in the 'Capture Options' window was not saved to the configuration file.
  • Version 1.30:
    • Added 'Response Time' column, which calculates and displays the time (in milliseconds) passed between the moment that the client sent the HTTP request and the moment that the HTTP server response received by the client.
      To get more accurate result on this column, it's recommended to use the WinPcap driver or the Microsoft Network Monitor driver (version 3.4 or later) to capture the packets.
  • Version 1.27:
    • Added 'Scroll Down On New Line' option. If it's turned on, HTTPNetworkSniffer automatically scrolls to the bottom when a new line is added.
  • Version 1.26:
    • Fixed the flickering problem on Windows 7.
  • Version 1.25:
    • Added 'Load From Capture File' option. Allows you to load a capture file created by WinPcap/Wireshark (Requires the WinPcap driver) or a capture file created by Microsoft Network Monitor driver (Requires the Network Monitor driver 3.x) and displays the captured data in the format of HTTPNetworkSniffer.
    • Added /load_file_pcap and /load_file_netmon command-line options.
  • Version 1.22:
    • Added 'Mark Odd/Even Rows' option, under the View menu. When it's turned on, the odd and even rows are displayed in different color, to make it easier to read a single line.
  • Version 1.21:
    • Added 'Auto Size Columns+Headers' option, which allows you to automatically resize the columns according to the row values and column headers.
    • Fixed issue: The properties dialog-box and other windows opened in the wrong monitor, on multi-monitors system.
  • Version 1.20:
    • Added URL column.
    • Fixed bug: When opening the 'Capture Options' dialog-box after Network Monitor Driver 3.x was previously selected, HTTPNetworkSniffer switched back to Raw Sockets mode.
  • Version 1.15:
    • Added new column: Last Modified Time.
  • Version 1.10:
    • Added 3 new columns: Location, Server Time, and Expiration Time.
  • Version 1.06:
    • Fixed the accelerator key of 'Stop Capture' (F6)
  • Version 1.05:
    • Added 'Copy URLs' option (Ctrl+U), which copies the URLs of the selected HTTP items into the clipboard
  • Version 1.00 - First release.

Start Using HTTPNetworkSniffer

Except of a capture driver needed for capturing network packets, HTTPNetworkSniffer doesn't require any installation process or additional dll files. In order to start using it, simply run the executable file - HTTPNetworkSniffer.exe

After running HTTPNetworkSniffer in the first time, the 'Capture Options' window appears on the screen, and you're requested to choose the capture method and the desired network adapter. In the next time that you use HTTPNetworkSniffer, it'll automatically start capturing packets with the capture method and the network adapter that you previously selected. You can always change the 'Capture Options' again by pressing F9.

After choosing the capture method and network adapter, HTTPNetworkSniffer captures and displays every HTTP request/response sent between your Web browser and the remote Web server.

Command-Line Options

/load_file_pcap <Filename> Loads the specified capture file, created by WinPcap driver.
/load_file_netmon <Filename> Loads the specified capture file, created by Network Monitor driver 3.x.

Integration with IPNetInfo utility

If you want to get more information about the server IP address displayed in HTTPNetworkSniffer utility, you can use the Integration with IPNetInfo utility in order to easily view the IP address information loaded directly from WHOIS servers:
  1. Download and run the latest version of IPNetInfo utility.
  2. Select the desired connections, and then choose "IPNetInfo - Server IP" from the File menu (or simply click Ctrl+I).
  3. IPNetInfo will retrieve the information about server IP addresses of the selected items.

Translating HTTPNetworkSniffer to other languages

In order to translate HTTPNetworkSniffer to other language, follow the instructions below:
  1. Run HTTPNetworkSniffer with /savelangfile parameter:
    HTTPNetworkSniffer.exe /savelangfile
    A file named HTTPNetworkSniffer_lng.ini will be created in the folder of HTTPNetworkSniffer utility.
  2. Open the created language file in Notepad or in any other text editor.
  3. Translate all string entries to the desired language. Optionally, you can also add your name and/or a link to your Web site. (TranslatorName and TranslatorURL values) If you add this information, it'll be used in the 'About' window.
  4. After you finish the translation, Run HTTPNetworkSniffer, and all translated strings will be loaded from the language file.
    If you want to run HTTPNetworkSniffer without the translation, simply rename the language file, or move it to another folder.

License

This utility is released as freeware. You are allowed to freely distribute this utility via floppy disk, CD-ROM, Internet, or in any other way, as long as you don't charge anything for this and you don't sell it or distribute it as a part of commercial product. If you distribute this utility, you must include all files in the distribution package, without any modification !

Disclaimer

The software is provided "AS IS" without any warranty, either expressed or implied, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose. The author will not be liable for any special, incidental, consequential or indirect damages due to loss of data or any other reason.

Feedback

If you have any problem, suggestion, comment, or you found a bug in my utility, you can send a message to [email protected]