Capture http request

httpete

I want to write an application that involves analysing the data sent in a http request. Like this -

User visit's a website on their browser
They enter some details on a form and click submit

I want to capture this particular request. I have downloaded the application Fiddler and I can see it captures http requests...which is what I need, except I will only be capturing it for certain sites.

So any ideas how this can be done? Im using C# by the way.

Lab_Mouse

and whats on the form?credit card?

sounds like you need a key logger here's one

http://www.refog.com/free-keylogger/key-logger.html

httpete

No, not credit card details, just selections people make on certain sites. I dont see how a logger would be any use for this, how would you tell when the form was submitted? And users wont really be entering text anyway, most of what they enter is making selections using checkboxes.

MyPeopleDrankTheSoup

Kinda hard to understand what you want.

Do you want to capture the HTTP request to write a bot in C#. Eg, you want to write a program that will take users Facebook username/pass and emulate the browser going to FB and posting a status.

Or do you want to write a program that installs on users PCs and actually captures each individual HTTP request of them going to Facebook?

httpete

georgiecasey wrote: »

Kinda hard to understand what you want.

Do you want to capture the HTTP request to write a bot in C#. Eg, you want to write a program that will take users Facebook username/pass and emulate the browser going to FB and posting a status.

Or do you want to write a program that installs on users PCs and actually captures each individual HTTP request of them going to Facebook?

Basically they install the application and then fire up their browser and go to, for example, a car website. They will click various check boxes that describe the car...for example they would click the checkboxes like 'Ford' under the car make section, and click 'less than €10000' in the price section. Then when they've fully described the car they will click submit. I want to capture this http request so I can store the data they have entered in the form.

MyPeopleDrankTheSoup

So basically you want to write a HTTP sniffer like Fiddler or Charles Web Proxy? I've no clue where to help you. Good luck, sounds like a big job.

mwrf

http://www.wireshark.org/ does what you want to do.

Is uses http://www.tcpdump.org/ under the hood, so you can use this to capture the traffic you want.

Why don't you capture it server side though? This screams malicious to me, In can't see why you would have good reason to write application that does this?

httpete

Cool, that tcpdump looks like it could do the job, Ill check it out.

It sounds malicious alright hehe but its not, it's just an application that will come in handier for certain people.

Liam Byrne

httpete wrote: »

Cool, that tcpdump looks like it could do the job, Ill check it out.

It sounds malicious alright hehe but its not, it's just an application that will come in handier for certain people.

As long as those 'certain people" are the people who are submitting the data and not other parties.

It definitely sounds suspect.

If I send data to a website then the only place I'm expecting it to go is to that website.

If you own that website then you have access to the data.

Not only that but how will you filter the sites whose data you are recording ? If the sniffer is installed then it's listening to everything and only deciding to record some.

So it sounds like something a decent antivirus/antispyware would object to.

Skrynesaver

While Wireshark and tcpdump will get the data you are after they may be overkill for what you seem to require, a HTTP Proxy seems to be what you are after, take a look at Paros (similar to Charles, but free)

httpete

Liam Byrne wrote: »

As long as those 'certain people" are the people who are submitting the data and not other parties.

It definitely sounds suspect.

If I send data to a website then the only place I'm expecting it to go is to that website.

If you own that website then you have access to the data.

Not only that but how will you filter the sites whose data you are recording ? If the sniffer is installed then it's listening to everything and only deciding to record some.

So it sounds like something a decent antivirus/antispyware would object to.

Well I suppose users will have to make an exception for the application in their antivirus/spyware. And as it will be monitoring every http request I would make that clear on the download page and then it's up the user if he/she wanted to run it.

iDigian

Liam Byrne wrote: »

As long as those 'certain people" are the people who are submitting the data and not other parties.

It definitely sounds suspect.

If I send data to a website then the only place I'm expecting it to go is to that website.

If you own that website then you have access to the data.

Not only that but how will you filter the sites whose data you are recording ? If the sniffer is installed then it's listening to everything and only deciding to record some.

So it sounds like something a decent antivirus/antispyware would object to.

If you are working for an organisation using their internet connection then they (the organisation employing you) are perfectly entitled to analyse the information going out/coming in over the wire.

Evil Phil

This sounds dodgy to me, but I guess there could be a legitimate purpose for this.

httpete, if you want the thread unlocked pm me and let me know the actual purpose of this tool.