Sunday, April 17, 2005
Debugging HTTP traffic
Are you trying to figure out why your webpage is so slow even after you switched from that old slow host to a new host that is supposed to be so much better? It could be that your website is producing bad header information or other wierdness in the HTTP traffic. Fear not! Programs such as Fiddler, Netmon and Achilles can help. Fiddler is described as:
Fiddler is a HTTP Debugging Proxy which logs all HTTP traffic between your computer and the Internet. Fiddler allows you to inspect all HTTP Traffic, set breakpoints, and "fiddle" with incoming or outgoing data. Fiddler is designed to be much simpler than using NetMon or Achilles, and includes a simple but powerful JScript.NET event-based scripting subsystem.Fiddler can help with performance testing by revealing missing headers that would allow client or proxy caching.
Additionally, by exposing HTTP Headers in the Session list, the user can see whether pages are missing HTTP Expiration headers that permit client or proxy caching. If a response does not contain Expires or Cache-Control headers, it might not be cached by the client.Fiddler can help debug and enhance security for your website by using its "break points" feature.
When the Enable Single Step Debugging option is checked on the Rules menu, or when the properties of the HTTP Request or Response match the target criteria, Fiddler can pause HTTP traffic and allow edits. This feature proves useful for security testing, as well as for general functionality testing, because all code paths can be exercised.Fiddler has flexibility and can be extended via the .NET framework. See more information on MSDN.
A 2003 survey lists the Top 75 Security Tools (go to their site for wonderful descriptions including clarification of cost and platform (Linux/BSD/Windows):
- Nessus
- Ethereal
- Snort
- Netcat
- Tcpdump / Windump
- hping2
- DSniff
- GFI LANguard
- Ettercap
- Whisker/Libwhisker
- John the Ripper
- OpenSSH / SSH
- Sam Spade
- ISS Internet Scanner
- Tripwire
- Nikto
- Kismet
- SuperScan
- L0phtCrack 4 (now called "LC4")
- Retina
- Netfilter
- traceroute/ping/telnet/whois
- Fport
- SAINT
- Network Stumbler
- SARA
- N-Stealth
- AirSnort
- NBTScan
- GnuPG / PGP
- Firewalk
- Cain & Abel
- XProbe2
- SolarWinds Toolsets
- NGrep
- Perl / Python
- THC-Amap
- OpenSSL
- NTop
- Nemesis
- LSOF
- Hunt
- Honeyd
- Achilles
- Brutus
- Stunnel
- Paketto Keiretsu
- Fragroute
- SPIKE Proxy
- THC-Hydra
- OpenBSD
- TCP Wrappers
- pwdump3
- LibNet
- IpTraf
- Fping
- Bastille
- Winfingerprint
- TCPTraceroute
- Shadow Security Scanner
- pf
- LIDS
- hfnetchk
- etherape
- dig
- Crack / Cracklib
- cheops / cheops-ng
- zone alarm / Kerio Personal Firewall
- Visual Route
- The Coroner's Toolkit (TCT)
- tcpreplay
- snoop
- putty
- pstools
- arpwatch
djuggler's personal blog is Reality Me and consults as Superior Internet Designs.
Microsoft stuff, Linux stuff, Visual Basic stuff, Coldfusion and PHP stuff and other geeky stuff.
Contributors
Welcome
Welcome to the Tech Tips blog. Hints and tips for programmers, sysadmins and web developers and other geeky stuff that didn't fit anywhere else.
Advertisement
Subscribe Me
Previous Posts
- Annotating the planet with Google Maps
- Moving house - no posts for a week
- Moving House
- Ineen Video Conferencing
- Website for cracking Windows Password Hashes
- NonoGrid and Canasta
- Syndication
- Jut when I thought I was clean - Hyperbar woes
- Prefetch, Stupid Jump Tray and Registry Cleans
- CORRECTED: The power of Amazon Web Services
My Blogs and Websites
- Spy Journal Home
- Spy Journal Archives
Personal Blog- Excel Tips Blog
- Blog Tips Blog
- Tech Tips Blog
- Urban Space Novel
- Photo Archive
- Parklife Results
- Parklife Soccer Club Website
- KROSTech LAN Parties
- Jethro Management
- Jethro Consultants
- Oz Bush Poet
