Dissecting web applications

To see what's going on "under the hood" in a web application you can use tools built in to modern browsers or configure your browser to use a local proxy application that records all traffic flowing to and from a web server. Here's a quick introduction and some helpful links on the way.

Intercepting proxies

There are several applications around that will function as a local proxy and capture alle the requests sent to and from a website. Here are two of the most popular ones:

• Fiddler (requires .NET framework).
• Burp Suite (requires Java).

Browser developer tools

Modern browser include tools helpful to develop and/or debug a website, they'll show you what's going on under the hood.

• Opera: Press Ctrl+Shift+i, go to "Network" and select a request the see more details.
• IE: Press F12, go to "Network" and "Start capturing" to record raw HTTP requests/responses.
• Chrome: Press F12 and just click on a request from the list to see its details.
• Firefox: Press Ctrl+Shift+k, and select a request the see more details.
• Safari: There's actually a whole process to enable developer tools, see this guide.