Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to view/debug non-standard request headers my phone's browser is sending?

There are many websites that display and let you see standard request headers.

But I could not find any website that actually displays non-standard request headers, by triggering my WebView-based Android app to send certain fields.

More specifically, I am looking to see what my Android phone is sending in the X-Requested-With field.

Note: I am not looking for a Firefox add-on, because my goal is not to see how the other side responds to a synthesized request. What am looking for is a way to know what the other side (website) is seeing from my particular Android device.

like image 481
stumpped Avatar asked Jul 25 '13 01:07

stumpped


4 Answers

Have not found a site that does what you wanted to do, but you can easily make a PHP script that does it for you:

<?php
$headers = getallheaders();

foreach ($headers as $name => $value) {
    echo $name . '=' . $value . '<br/>';
}
?>

You can easily upload this in one of your PHP servers. If you do not have one, you can setup one using XAMPP

like image 182
gmarintes Avatar answered Nov 15 '22 01:11

gmarintes


Besides using a tool like jsconsole (see quote & url below about that) to inspect what your phone's browser is doing, you have a few other options as well.

Depending your level of control over the site that is sending these requests out, or the server, you may be able to open up your server's logs and examine the kinds of requests coming through.

If you don't have that control, and your phone is on your LAN (connected to the same Wifi network as your computer) you may consider using Wireshark to examine packets; this is tougher but is a good exercise in understanding what is going on in your network. You can use the filter functionality to localize the tcp packet dump to display only those outbound from your phone's IP address. If there is a lot of noise, you can narrow the filter down to include those inbound to the target site you're interested in.

Most likely though, jsconsole is what you're looking for. Good luck!

jsconsole.com is a simple JavaScript command line tool. However, it also provides the ability to bridge across to other browser windows to remotely control and debug that window - be it in another browser or another device altogether.

http://jsconsole.com/remote-debugging.html

like image 22
keyvan Avatar answered Nov 15 '22 02:11

keyvan


I'm pretty sure we can find a site that shows all the headers like you want. I'll do my best to help you look.

After a lot of googling I stumbled upon this one:

http://www.ericgiguere.com/tools/http-header-viewer.html

On my iPad it shows some extra non-standard headers so I have a good feeling it's what you're looking for. Access this page from your app and it will display the headers.

Edit: Try this one as well, I find it hard to believe that they are faking the raw dump of the request :

http://request.urih.com

like image 23
talkol Avatar answered Nov 15 '22 03:11

talkol


As keyvan mentioned some of them, there are several ways you can achieve this:

  • Analysing Packets, you can use Wireshark for this, this is the best if you are not only debugging HTTP or you don't have much control over the request/response.
  • Dumping your request/response, you can use console to dump logs and read them in logcat or server side for response to be a dump of your request
  • Using something in the middle like a proxy.
  • Some other techniques I'm not yet aware of.

I often use a proxy because is just the easiest, I use Charles (haven't found something better) but there are some other free alternatives like Andiparos:

http://i.imgur.com/HCjIdav.png

And here is the sample to generate X-Hello using jQuery

You can set it up in your Wi-Fi settings (using Charles you will have to accept the first connection.)

http://i.stack.imgur.com/uK5r6.png

like image 2
eveliotc Avatar answered Nov 15 '22 03:11

eveliotc