Wireshark Learning Notes--how to quickly crawl HTTP packets

Reprint Address:

http://blog.csdn.net/xukai871105/article/details/31008635

0. The preface makes it easy to debug the network (crawl HTTP packets) in Firefox and Google Chrome, but it is less convenient to crawl HTTP packets in the 360 series browser (compatibility mode or IE Standard mode). Although Httpanalyzer can also be used, but after all, it is a fee software. Wireshark can also crawl HTTP requests and responses with just the right filtering and operation.     Here's how it's done. Suppose you run an HTTP server on port 8080, in this case using Python flask to run an HTTP service and listen on port 8080 for a simple addition operation, two data is submitted via Ajax on the Web page, such as a=2&b= 3,flask returns a JSON packet after processing, formatted as {"Result": 5}.
1. Set filter Condition "1" http and ip.addr = = 192.168.1.106 and Tcp.port = = 8080 "A" http: Specify network protocol "b" ip.addr = = 192.168.1.106: Specify the server IP address, Please replace it according to the actual situation. "c" tcp.port = = 8080, specify the port number, please replace according to the actual situation.
Figure 1 Filter Condition "2" click Apply click Apply to filter to get two packets, respectively, HTTP request and HTTP response.
Figure 2 HTTP requests and responses
2. View TCP traffic--follow TCP Stream "1" right-click on any packet, select follow TCP stream This step can filter out TCP packets related to the HTTP packet, including TCP 3 handshake, TCP Shard and assembly.
Figure 3 Select Follow TCP Stream "2" eventually get HTTP request and response "a" red background font for HTTP request, blue background font for HTTP response "B" from User-agent can be seen, 360 browser compatibility mode uses the IE8 kernel (the computer operating system is Xp,ie browser version 8), which indicates that 360 browsers use the IE kernel in the system.
Figure 4 HTTP request and response specific content

3. Summing up the use of Wireshark to crawl HTTP packets relative to Firefox or Google Chrome is more complicated, but it can also achieve the final result. These operations are divided into two steps, the first step is to set a reasonable filter, and the second step is to select Follow TCP Stream in any packet.