I am debugging a session mismatch problem in a web application. There are several servers involved, and the user is passed between them while holding session tokens and cookies.
The coordinating point is the browser. I want to know in detail what actions the browser is taking, basically a client equivalent to the server log. It would be useful to know the details of the HTTP request including what headers were sent, the details of the response, and any actions the browser takes to affect the request or as a result of the response (for example, acting on a redirect).
All of the source code for the various server components is not available to me, so I cannot examine the source for clues to how the session tokens are handled. The proof is in the pudding: the browser's observed behavior would be unquestionable answer.
Because the servers involved all use SSL connections, I am afraid I cannot trace this at a packet dump level.
How can I instrument the browser (preferably IE) to log this level of request and response detail?
I have used Charles for a while...
http://www.charlesproxy.com/
"Charles is an HTTP proxy / HTTP monitor / Reverse Proxy that enables a developer to view all of the HTTP and SSL / HTTPS traffic between their machine and the Internet. This includes requests, responses and the HTTP headers (which contain the cookies and caching information)."
It works with FF, CHROME and IE and Mac, Linux and Windows,and even has SSL proxying as a man-in-the-middle HTTPS service if you set up your certs...
http://www.charlesproxy.com/documentation/proxying/ssl-proxying/
Its a 30 day trial as long as youre prepared to wait for 5 secs every-now-and-then ;-)
Use HttpWatch Pro tool. It can save logs into file. And later on a user can send this log file to admin for analysis for example. It also can compare these logs - you can compare one user's log with another and easily spot the problem. (BTW, Basic Edition is free and Pro edition is fully functional for 30 days)
Fiddler is a free alternative.
Fiddler is another option
The Basic edition Of Http Watch is very limited, it does not display headers for most purposes it is not that useful.
Fiddler is a much better option.
IEWatch is another tool in this category, but it is not freeware