Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Trying to figure out origin of HTTP Request

Tags:

google-chrome-devtools

internet-explorer

firebug

A web application is making a HTTP request and I cannot understand how it is making it. It makes it just after painting a page. There is no 302 in the previous requests and nothing obvious which will tell me how this request is being made.

What would help is if I could set a breakpoint which would stop just before the next HTTP request is about to be sent. Then just after the page is painted, I'd enable this and figure out who is sending it Firebug lets me do this for XHR (Ajax) requests but not for normal requests. This is a normal HTTP request - not an AJAX one.

Is it possible to do this with the debug tools in chrome or IE?

like image 406
dublintech Avatar asked Jun 14 '12 14:06

dublintech

People also ask

How can I tell where a HTTP request came from?

There is absolutely no way to know with certainty if a request came from a browser or something else making an HTTP request. The HTTP protocol allows for the client to set the User Agent arbitrarily.

Why is request origin null?

The Origin spec indicates that the Origin header may be set to "null". This is typically done when the request is coming from a file on a user's computer rather than from a hosted web page. The spec also states that the Origin may be null if the request comes from a "privacy-sensitive" context.

Can HTTP origin header be spoofed?

Origin headers of the web application contain the public IP address of the client and as a result, the attackers can spoof the IP address and can gain access to restricted pages.

2 Answers

Firstly how I got it.

  1. Disabled javascript on browser - problem still happened this meant that I could rule javascript sending it.
  2. Set max connections on firefox to 1, this meant requests happened sequentially so I could narrow down when / where the requests I couldn't explain getting sent that were.
  3. Finally, found a HTML video tag like this

:

<video id="my_video" class="video-js" width="313" height="240" controls="controls"        preload="none" poster="#">

The part poster="#" was the culprit. This sends a request to the containing page if there is no video to show.

like image 113
dublintech Avatar answered Dec 20 '22 10:12

dublintech

In Chrome DevTools, go to the Network panel. Find the respective resource by its name in the leftmost column and look at the Initiator column. It will specify the object that originated the resource load. It can be a Script, in which case it will also contain a hyperlink to the corresponding script line, which loaded the resource. The same holds for the Parser initiator - it will give you a hyperlink to the corresponding HTML line, if it is the one that loaded your resource.

like image 35
Alexander Pavlov Avatar answered Dec 20 '22 09:12

Alexander Pavlov
Sign in to Comment

Related questions

css calc bug in IE11
MVC WebApplication no longer starts in IIS Express (redirects to https://localhost in Chrome)
Internet Explorer DOM7009: Unable to decode image at URL: [url]
Copy to clipboard option for IE9, IE11 and Safari
Coding Dojo with IE and SSL
Embed xsl into an XML file
When will IE6 no longer be supported? [closed]
Strange gap between <div> elements in IE, not in FF or Opera
PHP cookies problem, works in Firefox not in other browser
enter does not work in textarea in Internet Explorer 8
can not use onmouseover event on select option in IE
jQuery.clone() IE problem
Hr Tag in IE - remove border
Which versions of IE use standard event model?
Which browsers still support CSS expressions
NPAPI plugin in Internet explorer?
Do CSS Gradients work in IE9?
How does a browser AUTOMATICALLY convert "Page Source" Javascript to HTML?
what is the ie filter if any for css3 skew
I created a custom error page using htaccess but it doesn't work on IE?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!