Sniffing HTTP traffic

You can install http://www.ethereal.com/, which will capture all your packets passing through your network card, HTTP and otherwise.

Ethereal rocks. One of my favorite programs.

Would it make sense to use the IIS (or, Apache) logfiles? At least they are handled at the filesystem level and can be processed (if what you are doing could be resource intensive) on another machine. The only problem that I can see is that it wouldn't exactly be realtime. Otherwise, try the http://lastbit.com/trafmeter/Default.asp full version. It does a whole lot of stuff like Ethereal but, has an easier to use HTTP header monitoring tool.

Ethereal will work... or, if you just need something basic, you can just use http://windump.polito.it/. It's a port of tcpdump, which you might know from the unix world. Along the same lines as revgeorge's suggestion, microsoft has its own http debugger now: http://www.fiddlertool.com/fiddler/. For folks using IE, it ain't bad, even if it's not exactly what you're looking for.

Ooh, nice one there with the Fiddler. I'm going to have to try that. I've used http://www.blunck.info/iehttpheaders.html, which is like LiveHTTPHeaders, but for IE.

I'm guessing that as you said "application", rather than "browser", none of the browser-based solutions are going to cut it. Getting the HTTP data is easy, ethereal or any other sniffer will do. Getting HTTPS directly is extremely difficult. Your app is either doing the encryption itself or passing it off to the IE DLLs to do it. Either way, unless you want to use an interactive debugger like Softice, I don't see how you're getting it before it leaves the host. The last time I had to do this (get HTTP out of HTTPS), I identified the IP of the remote host that the server was connecting to and created a test host on my network with that IP (you'll need to set up the routing correctly). After testing that I could ping the IP, I ran a test SSL server (using stunnel I believe) that would decrypt the SSL and show me the HTTP traffic. This was then sent it on to the real server, after re-SSL'ing. There was a little perl glue to take the output from the server stunnel coming from the app and feed it back into a client stunnel connecting to the real server. In order to trick the application into allowing the server-side certificate of my dummy SSL server, I created a CA cert using OpenSSL and used that to sign my dummy SSL server cert. I then added the CA cert to the Windows box's Trusted CA certs list, and it all worked nicely. The whole process took a few hours by someone very comfortable with low-level networking, perl and certificates. So, to summarise, if they're using HTTPS, the solution is non-trivial. If you're not actually sure what your application is doing, start with the good folk at http://www.sysinternals.com/ntw2k/utilities.shtml, grab Process Explorer and TCPView and see what the app is trying to do.

I am not sure how it works, but http://www.httpsniffer.com/ worked for me when I was looking to capture HTTP traffic. It would capture both IE and Mozilla request/response packets without having to change the settings on either one, so I imagine it should work for any standard Windows application.

Justin Frankel's http://cockos.com/assniffer/, which relies on packet capture. From the page: assniffer can monitor (using winpcap or pcap) a network, and for every HTTP transfer it sees, save a copy of the transferred data. Ethereal is nice, too.