Monitor Network Traffic in Firefox with HttpFox

In evaluating web application security, I’ve built up a toolbox of Firefox add-ons that make testing and experimenting much easier than manual techniques. One of my favorites is a little tool called HttpFox.

While no match for a professional HTTP sniffer, HttpFox provides enough functionality for many basic testing situations. If you want to see what’s happening behind the scenes for a given web application, HttpFox lets you pull up a traffic log without leaving your browser. The plug-in displays a panel right in the lower half of the window and captures a list of every HTTP request made during a given session. (You control the capture through start and stop buttons.) Highlighting an individual request brings up detailed information on headers, cookies, GET or POST parameters, and content returned.

The biggest downside to HttpFox is the lack of any real export or save feature, though for individual requests it’s easy to copy useful information to the clipboard. Still, HttpFox can be handy for checking traffic quickly, and it’s a free download with source code available under GPL v2. Firefox users can install the plug-in by visiting the Mozilla add-on page.

Each Thursday, Security Musings features a security-related technology or tool. Featured items do not imply a recommendation by Gemini Security Solutions. For more information about how Gemini Security Solutions can help you solve your security issues, contact us!