Exploring Web Server/Web Browser Interaction

When writing ASL script to check web sites, frequently what appears to happen on web pages and forms from the user's perspective is really only part of what is really going on. You can use your browser's "View Source" command to see the page's HTML (since its probably your site you are scripting, you can probably get the source via a more direct route). But sometimes just setting the form variables doesn't do it. There is more going on in the page and sometimes it is not obvious what that is.

When we write ASL scripts for our customers, we bring a combination of tools to bear on a problem page. The first is Ethereal, a packet sniffer that can capture all sorts of information for a variety of Internet protocols. From the Ethereal website:

Ethereal is a free network protocol analyzer for Unix and Windows. It allows you to examine data from a live network or from a capture file on disk. You can interactively browse the capture data, viewing summary and detail information for each packet. Ethereal has several powerful features, including a rich display filter language and the ability to view the reconstructed stream of a TCP session.

This program is great for tracing HTTP connections and runs on Windows and Linux as well as other platforms. It has one serious limitation though, which is actually a good thing. Ethereal cannot trace HTTPS connections. It can't do it because Ethereal is in effect "listening in" on the conversation between the browser and server; snooping if you will. This is just the sort of thing HTTPS is designed to prevent. For this reason, when working on ASL scripts for HTTPS connections, we reach for Trace Plus(R)/Web Detective from SST.

Trace Plus runs on Windows and can hook into Internet Explorer. Through the API connection to IE, Trace Plus can tap into the conversation before outgoing communications are encrypted and after incomming ones are decrypted. It is perfect for getting at those hard to reach areas of your web page.