Sniffers are used to monitor and track data as it is sent and received on a website. There are 2 types of sniffers depending on where the data is intercepted:
- Browser-based: A browser-based sniffer works by attaching to a specific browser on a host. Examples include, Firebug, HTTPWatch, IEWatch, HTTPFox, and the built-in Element Inspector available in Chrome and Safari. Browser-based sniffers have access to encrypted data that is acknowledged by the browser.
- Proxy-based: These sniffers work by creating a local proxy and then funneling all incoming and outgoing data through that proxy. Examples include, Fiddler and Charles Proxy.
Advantages of Proxy-based Sniffers Over Browser-based Sniffers
- Proxy-based sniffers have access to all data sent and received, even when the browser ignores the response.
- They can modify both incoming and outgoing data.
- They can redirect traffic.
- They can manipulate download speeds.
Proxy-based sniffers might not be able to decode or interpret encrypted data.
It might be difficult to correlate the data to a specific web page.
There are advantages to using both types of sniffers for testing the deployment of any tool that focuses on sending data to first- or third-party servers.
Do not use multiple sniffers of the same type. This can cause conflicts and data loss. For example, Use Charles and Firebug simultaneously but do not use Charles and Fiddler.
It is important to use both types of sniffers because there are conditions that can arise that would prevent either one or the other from collecting data.
The following scenarios might arise when you navigate to a site in order to confirm that server calls were sent and received properly:
- Navigating to an SSL page using Charles Proxy and Firebug:
- Charles Proxy shows a call made to the server, but will not decode the data.
- Firebug shows the server call with the data sent before it was encoded and the data received after being encoded.
- Viewing a tag fired on a link click that loads a new page
- Charles Proxy shows a completed server call, that is, data was sent and acknowledged by the server.
- Firebug shows an incomplete server call. It shows a warning because the browser began to load a new page before receiving an acknowledgment from the server.