IBM Page Detailer

From Jimbojw.com

Jump to: navigation, search

Ever wondered what HTTP shenanigans are going on behind the scenes? IBM Page Detailer can help.

Perhaps you've had the unenviable task of troubleshooting some strange issues and found yourself asking:

  • What cookies are being sent to the browser, and what is the browser returning?
  • Are the Cookies marked "secure"?
  • When a redirect happens, is it an HTTP 302, a <meta equiv="refresh">, or some JS Location manipulation?
  • What kind of HTTP Authentication is happening: Basic, Digest or NTLM?
  • Are hidden <iframe>'s being loaded, or is content coming through XMLHttpRequest?

Page Detailer can assist in answering each of these, and other puzzling questions about website behavior.


Contents

Getting Started

Here's how to get started:

  1. Go to the IBM Page Detailer download page.
  2. Sign in with your "universal IBM user id" or register to create a new one.
  3. Download and Install PageDetailerBasic525.exe
  4. Run the app via Start → All Programs → IBM Page Detailer → IBM Page Detailer Basic

Note: You may be prompted to allow this application to access the internet - if so, unblock it.

Usage

Once loaded, it should look something like this:

Enlarge

Page Detailer works by listening for HTTP and HTTPS traffic, then reporting on that traffic in process-specific windows. You'll notice a report window within the application titled "Empty 1". When an application (such as a browser) makes an HTTP(S) request, that application process will become attached to a report window.

As more applications begin to make web requests, more windows will appear in Page Detailer. In the example below, "Empty 1" (behind) is attached to an instance of Firefox, while "Empty 2" is attached to Internet Explorer.

Enlarge

After selecting an item from the left-hand pane, you can see a Gantt chart of all the individual requests which comprised that page. These individual requests include any HTML content loaded into frames as well as any JavaScript imports and accompanying CSS.

Enlarge

Selecting the Details tab reveals a list of all downloaded components, giving the names of the files retrieved and relevant performance data.

Enlarge

Double-clicking an entry in the list brings up the Events Window.

Enlarge

This window contains the technical information about the request. This data can be used to answer the questions posed earlier, and offers a host of other insights into the inner workings of the web-browser/web-server interaction.

Technical Details

The information available in the Events window will be discretized into segments such as the following:

  • WD_EV_WS2_ITEM(1560)
  • WD_CV_WS2_ITEM_DIMENSIONS_ARRAY(1150)
  • WD_CV_WS2_ITEM_DIMENSIONS(1146)
  • WD_CV_WS2_HTTP_HEADER_REQUEST(1057)
  • WD_CV_WS2_HTTP_HEADER_REPLY(1056)
  • WD_CV_WS2_HTTP_RECV_DATA_UNENCODED(1181)
  • WD_CV_WS2_HTTP_RECV_DATA(1058)
  • WD_CV_WS2_SOCKET(1096)
  • WD_CV_WS2_REMOTE_PORT(1091)
  • WD_CV_WS2_REMOTE_IP(1090)
  • WD_CV_WS2_TYPE(1106)
  • WD_CV_WS2_URL(1107)
  • WD_CV_WS2_ITEM_CONTEXT_PREVIOUS(1131)
  • WD_CV_WS2_ITEM_CONTEXT(1130)
  • WD_CV_WS2_ITEM_ICON_TYPE(1147)
  • WD_CV_WS2_LAST_SESSIONID(1140)
  • WD_CV_WS2_FIRST_SESSIONID(1137)
  • WD_CV_WS2_HTML_TITLE(1164)
  • WD_CV_WS2_ITEM_TYPE(1152)
  • WD_CV_WS2_ITEM_LABEL(1183)
  • WD_CV_WS2_AF(1027)
  • WD_CV_WS2_HOSTNAME(1053)
  • WD_CV_WS2_LOCAL_PORT(1070)
  • WD_CV_WS2_PROTOCOL(1082)

Note: Not all segments listed above will appear for each request, and some information may be in segments not listed above.

Most of these fields are self-explanatory, and some are totally inexplicable (like those used internally by Page Detailer). Nevertheless, here is a description of the interesting segments:

WD_EV_WS2_ITEM(1560)

General house-keeping data about the event. Specifically, this field contains information about the time the event occurred and the application which initialized the request.

WD_CV_WS2_ITEM_DIMENSIONS_ARRAY(1150) and WD_CV_WS2_ITEM_DIMENSIONS(1146)

Performance Metrics. This data details the specific start-times and durations of the transaction components. Could be useful in investigating latency, connectivity and throughput issues.

WD_CV_WS2_HTTP_HEADER_REQUEST(1057)

This segment houses the HTTP Request Headers. Very useful since it provides:

  • Method - The HTTP method used to request the page (GET, POST or HEAD).
  • Path - The absolute path of the requested resource (may or may not include the Protocol, Server or Port)
  • User-Agent - How the browser identifies itself.
  • Cookies - Any cookies which may have been sent by the browser.
  • Version - Which version of HTTP the browser requests (HTTP 1.0 or 1.1)
  • Authentication Params - Any HTTP Authentication parameters which may have been sent (including which type of authentication as well as limited access to the credentials themselves).

WD_CV_WS2_HTTP_HEADER_REPLY(1056)

This segment houses the HTTP Reply Headers which were sent back to the browser by the server. Also very useful since it provides:

  • Version - Which HTTP version is in use (HTTP 1.0 or 1.1)
  • Status Code - The HTTP Response Status Code determines how successful the request was, reports any server errors, or alerts the browser of authentication challenges.
  • Content-Type - What type of data was returned (a.k.a. Mime-Type)
  • Authentication

Params - Any HTTP authentication challange information required by the browser to make a response such as Realm data or Tokens/Nonces.

WD_CV_WS2_HTTP_RECV_DATA(1058) and WD_CV_WS2_HTTP_RECV_DATA_UNENCODED(1181)

These fields contain the actual content (body) of the received HTTP transmission. If the latter is provided, it will contain the data presented in hexidecimal notation. This is similar to the output one would expect from a packet analyzer such as Wireshark (formerly Ethereal).

WD_CV_WS2_REMOTE_PORT(1091)

Remote Host TCP Port - The TCP port over which the HTTP(S) connection was made. This information should also be available from the full URL. The default ports for HTTP and HTTPS are 80 and 443 respectively, though other ports are also common. Apache Tomcat defaults to port 8080 for HTTP traffic, and SmoothWall runs its HTTPS administration console over port 441.

WD_CV_WS2_REMOTE_IP(1090)

Remote Host IP Address - The IP Address of the web-server. Not usually very useful since this information can be extracted from the full request URL.

WD_CV_WS2_URL(1107)

Full Remote Host URL - The fully qualified URL which was requested.

Summary

Page Detailer provides a convenient window into the underpinnings of HTTP(S) transfers. Using the Events viewers, one can gain deep insight into the handshake steps which take place inside an otherwise elusive process.

Since it's not a plug-in or extension to an existing application, it's great for providing a universal platform for investigating HTTP(S) transfers. Though this article focuses on its use in conjunction with traditional browsers, there's no reason why it wouldn't work with other persistent or semi-persistent programs such as web spiders or scripts (such as those which can leverage the cURL library).

As discussed in the License section below, this software is only available for free as a 90 day trial, so long-term usage may be an issue for low-budget or no-budget operations. For an Open Source alternative, check out Tamper Data.

Platform

Microsoft Windows + Choice of browser

License & Restrictions

Unfortunately, IBM Page Detailer is not Open Source Software (OSS). In fact, it's not even free! According to the download page, it's only good for 90 days.

Additionally, use of IBM Page Detailer is subject to IBM's International License Agreement for Early Release of Programs.

Retrieved from "http://jimbojw.com/wiki/index.php?title=IBM_Page_Detailer"