Saturday, May 26, 2007

Trace networking operations with STrace

Following my Fiddler research, I came across these free Microsoft tools - and I love them:
STrace dumps EVERY network operation going through WinInet, using a technology called Detours. Works well with IE6 and 7 (I've tested both - bear in mind running in Vista generates plenty of "Allow/Cancel" dialogs, due to the invasive nature of the application).
Can be configured to work with any other network application. Here's the full description:

STRACE is a socket/SSL tracer that is based on the "detours" utility. The tool has been specifically designed to generate LOG for Internet Explorer but it can be used with many other applications.
Using STRACE with Internet Explorer is equivalent to use a (non full) debug build of WININET.DLL to generate a WININET LOG. The STRACE LOG contains clear text HTTP traffic (with socket information) and encrypted/decrypted SSL data.
From the STRACE LOG, you can "replay" a full navigation scenario using the HTTPREPLAY tool. This can be useful to reproduce a problem or browse web sites offline...

I love the Replay option and here's a part that really makes me happy: both STrace and HTTPReplay are fully scriptable. The results can be easily parsed.
These are actually command line utilities, so I can just incorporate them into any application.

You can get STrace here and HTTPReplay here.

Thursday, May 24, 2007

Fiddler on the Roof

If you haven’t already heard of this tool, called Fiddler, you should try it. http://www.fiddler2.com/fiddler2/

Fiddler attaches itself to any WinInet application (IE and other MS products) and all other networking applications can be configured to use it as a proxy.

It records every networking operation and actually allows breaking on operations and changing the packet contents (or HTTP contents) on outgoing and incoming transactions. You can analyze the packet contents using several filters and tools.

But what I love the most about it is that it’s totally programmable, and scriptable. You can use JScript.Net to play with the headers content
(I’ve been playing with it over the last couple of days, using a script to add a FollowTX header to HTTP transactions going out of Firefox) or write .Net plugins.

Not only is it absolutely free, but it is recommended by Microsoft for web developers, to test load and security of web applications.

Enjoy