Wednesday, February 02, 2011

HTTP Viewers

I found something that is very similar to Web-sniffer.net (an HTTP viewer/proxy)...it is called "Rex Swain's HTTP Viewer". That's a mouthful, so I'll call it RSHV.

One thing that Web-sniffer can't do is allow for referer configuration. RSHV will let you configure the referer (in fact, this appears to be a recently added feature). Why is this sometimes important? Read here. In comparison to Web-Sniffer.net, RSHV is better documented. A con of RSHV is that it won't do HTTPS.

Why do I call these HTTP viewers proxies? Well, they are. When you utilize those tools to view, for example, pages/headers at wigglit.ath.cx, if you check the web logs at wigglit.ath.cx, you'll see the traffic you generated came from someone else's IP (and not the one that was assigned to your machine when you visited wigglit.ath.cx). That's a protection, in my opinion...this means you can conduct research without having to use a lab system to prevent infection.

Note that the services these two tools provide can be done on pretty much any computer (*nix or win32/64). Just use telnet. Of course, wget can also be used (or fetch or curl), but I consider that to be a more cumbersome solution (although you may be able to create scripts that you can use wget/fetch/curl with).

Utilizing such tools in such a manner is important when conducting security analysis (for instance, validating that a certain website is or isn't compromised and serving malware).