7

I'm using a flash application in my browser to send http requests to a server. The server returns http responses to the browser. I would like to access the body/payload of these http responses with another program in real time.

I tried two approaches.

1.

I can see all the responses that Firefox receives in the Network Monitor tool that comes with Firefox. I just don't know how to access the data from any other program.

2.

I tried logging the network data in Firefox with about:networking using these log modules:

timestamp,sync,nsHttp:3

This logged the headers as expected, but omitted the bodies of the responses. Higher levels of nsHttp logged more info, but not the body.

Additional info that may be relevant:

  • I cannot send requests from any other program. The flash application in the browser must make all http requests.
  • I'm not stuck with Firefox, it's just my preference. A solution for a different browser is acceptable.
Jemi Salo
  • 3,401
  • 3
  • 14
  • 25
  • The accepted answer in [this question](https://stackoverflow.com/questions/9241391/how-to-capture-all-the-http-packets-using-tcpdump) may work for this usecase. – mmlr Dec 30 '17 at 23:01
  • @mmlr I was able to capture and isolate all interesting packets with ngrep. The output was garbled nonsense, however. I think the packets are encrypted. Wireshark shows the packets similarly. – Jemi Salo Dec 31 '17 at 10:45
  • That's quite the narrow dilemma you've got there. I'm not sure if what you want here is even possible. Maybe there's a different way to do whatever you're trying to do. – ImprobabilityCast Jan 02 '18 at 01:29
  • It would help if you told us why you want to capture this information, e.g. its relatively easy to do with a proxy - while you say you're not bothered about what browser you use, that doesn't mean you have control over all aspects of the infrastructure. In a similar vein its a lot simpler to do this On Unix than on MS Windows. There's no point capturing it in real time if you can't process it in realtime - implying you either have software which can ingest this (meaning it needs to be in a specific format) or you have the capability to develop such software. This question is too broad. – symcbean Jan 08 '18 at 14:13

3 Answers3

2

(I asume you are working on windows)

You could use fiddler to intercept the traffic between browser and server.

Fiddler acts as a Proxy and there is an add on which generates cap files from the traffic called fiddlerCap

If on a Mac or Linux you could use other command line proxys which allow you to intercept and log the traffic.

Another solution could be to make the server log its responses. This could be done be using modsecurity, check out the section about audit-log

macbert
  • 772
  • 2
  • 11
  • 29
1

I'm using a flash application in my browser to send http requests to a server.

I would figure out what requests you are making then use a tool such as Postman to directly query the server and parse the results.

dwright
  • 504
  • 3
  • 7
  • Problem is, I still need the flash application for other tasks. The flash application must send the requests regardless of any other program. Sending the same requests from another program would effectively double my traffic, which isn't fair. This is why I clarified in the question body that "I cannot send requests from any other program." I wish not to send/receive any more packets than I need. – Jemi Salo Jan 06 '18 at 00:12
  • I see, my misunderstanding, thanks. Can you use alter the Flash application, parse the HTTP results with action script? https://help.adobe.com/en_US/FlashPlatform/reference/actionscript/3/flash/net/URLRequest.html – dwright Jan 06 '18 at 18:42
  • I can tamper with the flash application, but it must retain its original functionality. I've no experience with flash and I know nothing of the inner workings of the application. – Jemi Salo Jan 06 '18 at 20:00
1

The reason it was garbled when you intercepted the traffic with ngrep was because the session is encrypted.

The best way to intercept and log secure session data is to set up a MITM proxy with a fake certificate on your local machine.

For Windows, I think Fiddler is your best bet. Fiddler has a simple and effective workflow for doing this. The following documentation page, "Decrypting HTTPS-protected traffic", describes the steps involved: https://www.fiddlerbook.com/fiddler/help/httpsdecryption.asp

If you're on macOS, you could try Charles Proxy or Fiddler for Mac (which is currently still in Beta).

FireFox and Chrome also have built-in ways to log and export session data, but I think you'll find Fiddler/Charles and similar tools to be more flexible, especially if you need to consume the data elsewhere.

Roy Tinker
  • 10,044
  • 4
  • 41
  • 58