Wireshark learning notes-how to capture HTTP packets quickly

0. preface in Firefox and Google browsers, you can easily debug the network (capture HTTP packets), but in the 360 series browsers (compatible mode or standard IE Mode) it is not that convenient to capture HTTP packets. Even though HttpAnalyzer and other jobs can be used, they are all paid software. Wireshark can also capture HTTP requests and responses through proper filtering and operations. The following describes the specific operations. Assume that an HTTP server is running on port 8080. In this example, a Python Flask is used to run an HTTP service and listen on port 8080 to implement a simple addition operation. The webpage submits two data through ajax, for example, a = 2 & B = 3. After Flask is processed, a json data packet is returned, in the format of {"result": 5 }.
1. set the filter condition [1] http and ip. addr = 192.168.1.106 and tcp. port = 8080 [a] http: Specify the Network Protocol [B] ip. addr = 192.168.1.106: Specify the Server IP address. Replace it with the actual IP address. [C] tcp. port = 8080. Specify the port number. replace it according to the actual situation.
Figure 1 filtering condition [2] Click apply and click apply to filter out two data packets: HTTP request and HTTP response.
Figure 2 HTTP request and response
2. view the TCP Data Stream-Follow TCP Stream [1] Right-click any data packet and select Follow TCP Stream. In this step, the TCP data packet associated with the HTTP data packet can be filtered out, including three TCP handshakes, TCP fragment and assembly.
Figure 3 select Follow TCP Stream [2] and finally get the HTTP request and response [a]. The red background font is the HTTP request, the blue background font is the HTTP response. [B] From the User-Agent, we can see that the 360 browser compatibility mode uses the IE8 kernel (the computer operating system is XP, And the IE browser version is 8 ), this indicates that the 360 browser uses the IE core in the system.
Figure 4 HTTP request and response content

3. Summary compared to the use of debugging tools in Firefox or Google browsers to capture HTTP data packets, wireshark is more complex, but it can also achieve the final effect. These operations are divided into two steps. The first step is to set reasonable filtering conditions, and the second step is to select Follow TCP Stream in any data packet.