The HTTP Sniffer is one of the tools among the Acunetix Manual Tools suite (available to download for free). The HTTP Sniffer is a proxy that allows you to analyze HTTP requests and responses, and manually crawl a site structure.

The HTTP Sniffer can also be used to analyze HTTP traffic and to trap particular POST or GET requests that can be changed on-the-fly (manually or automatically) to emulate a man-in-the-middle attack.

You can start using the HTTP Sniffer by launching the Acunetix Tools application, and selecting the HTTP Sniffer from the Tools Explorer.

HTTP Sniffer

The top pane in the HTTP Sniffer is where you can see a list of HTTP requests and responses. The bottom pane displays the HTTP request/response headers and data sent/received to/from the server.

Configuring your browser

To start capturing traffic, you must first configure your browser (or any other HTTP client) to use the Acunetix HTTP Sniffer as proxy server.

Configure your web browser of choice to proxy all the traffic through the Acunetix HTTP Sniffer. Assuming that the web browser is running on the same machine where the Acunetix HTTP Sniffer is installed, set the proxy server IP to 127.0.0.1 and the proxy server port to 8080.

Capturing HTTP traffic

To capture HTTP traffic click on the Start button.

HTTP sniffer

From the browser with the configured previously proxy, browse the website or web application that you are interested in. All HTTP requests and responses will be listed in the main window.

HTTP Sniffer

Click on a request or response to view the complete details. All the requests/responses will be displayed in the bottom pane.

HTTP Sniffer

When browsing is complete, click the Stop button.

You can then save the HTTP Sniffer logs using the save button in the toolbar for later viewing, and you can also use the resulting file to pre-seed an Acunetix scan.

HTTP Sniffer

Using Traps

The Acunetix HTTP Sniffer can also be configured to intercept an HTTP request for it to be manipulated in real-time before it arrives to the server.

HTTP Sniffer

In the HTTP Sniffer toolbar, click on the Edit Traps button to launch the HTTP Traps window. This will list a number of pre-configured HTTP Traps. You can use these pre-configured rules as templates to create your own rules.

Select a trap rule template, for example, Trap requests, and trap ASP or PHP requests. This will load up a pre-configured trap which you can edit. Alternatively you can create a new trap by first entering a description for the rule and configuring the rule to do one of the following actions.

  • Include – Configure which HTTP requests and responses should be trapped
  • Exclude – Configure which HTTP requests and responses should excluded
  • Replace – Configure which HTTP requests should be automatically changed based on the given expression
  • Log – Configure which HTTP requests or responses should be logged in the Activity Window.

You must also set to which part of the request or response the rule applies from the following.

  • Everything
  • Request
  • Response
  • Request headers
  • Request body
  • Response headers
  • Response body

The trap needs a PCRE regular expression on which to match. You can also use data obtained from the regular expression capture groups inside of the log string using the regular expression’s numbered capturing groups.

Once the new trap is ready, click on the Add… button to save the new trap. This will add the trap and automatically enable it. You can enable/disable traps by clicking on the tick box in front of the trap rule.

Click the OK button to return to the HTTP Sniffer dialog and click on the Enable Traps button to activate the traps in the HTTP Sniffer.

When an HTTP request or a response is trapped by the HTTP Sniffer, the HTTP Trap window will automatically appear to allow you to edit the captured data. Similarly to the HTTP Editor, you can edit headers, cookies, queries, and post variables. Click OK to allow the HTTP request or response through, or Drop to drop the HTTP request or response.

HTTP Sniffer

Exporting to the HTTP Editor

If you want to edit a HTTP request without setting up an HTTP trap, right-click on a request or a response and select Edit with HTTP Editor.


Acunetix is an automated web application security scanner and vulnerability management platform. In addition, Acunetix also provides a suite of manual pentesting tools that allow users to quickly and easily confirm vulnerabilities and take take automated testing further.

SHARE THIS POST
THE AUTHOR
Ian Muscat

Ian Muscat used to be a technical resource and speaker for Acunetix. More recently, his work centers around cloud security and phishing simulation.