This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

How to sniff information leaving a piece of software.

0

I need to streamline a process for a client. Currently he has a bit of software which extracts products from a supplier website which he then manually imports into his website to sell. Once the sale of the product is done on the client's site though, he needs to update the software which then updates the supplier website. Very clunky. There is also no API in this software to integrate more seamlessly.

I need to figure out how to "sniff" the information sent out from this application to supplier site in order to replicate the process, thereby bypassing the software in order for it to be more seamless.

I've been told that Wireshark might be able to help with this but it is not for novices. Is there someone who can help with this?

Many thanks

asked 22 May '12, 06:26

sixfootjames's gravatar image

sixfootjames
1111
accept rate: 0%


One Answer:

0

Install Wireshark on the system that does the supplier web site update (I think it should be O.K. to do it this way for your purpose). Then start Wireshark with this capture filter

Capture -> Options -> Capture Filter
host x.x.x.x

where x.x.x.x is the ip address of the supplier web site. Then let the software perform the update. Stop the capture process in Wireshark (Capture -> Stop) and analyze the HTTP communication between the two hosts. It's best to start with this display filter

http.request

This will show only HTTP Requests (GET / POST). Select the first displayed line and right-click it. Then select "Follow TCP Stream". That will give you the whole communication in clear text. Within that you will find the client request and the servers answer. You should be able to use that information to biuld your own update client. Repeat that step with the next line, until you find the required information.

Regards
Kurt

answered 22 May '12, 07:57

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%

edited 22 May '12, 08:02