HTTP Query Tool

A powerful server-side tool written in classic ASP for debugging login-, session-, certificate- and redirect-issues in web applications.

Warning: Do not put the script on a publicly accessible server unless you know what you are doing. Use password access restrictions on the web server and/or the build-in IP filter (edit the strAllowedIPs string). Due to the unrestricted nature of what the utility does, it could be used as an HTTP proxy for hackers with evil intent if left unprotected.

Refer to the screenshots below to get an idea of how the utility works. The ASP source code is available further down the page.

Example 1 - Sending a simple HTTP GET query to a web server to check the web server type and session cookie:

Query Tool example 1

Example 2 - Sending a HTTP POST query to a login page using an existing session cookie and a different host header from that specified in the URL:

Query Tool example 2

The source code:

default.asp (file name can be anything):

<%
Option Explicit
Dim strOutput
Dim strEndURL
Dim blnFollowRedirects
Dim strFormRedirectsChecked
Dim strHostOverride
Dim strFormIgnoreCertErrorsChecked
Dim intIgnoreCertErrors
Dim strUserAgent
Dim strAcceptLanguage
Dim strMethod
Dim strMethodCheckedGET
Dim strMethodCheckedPOST
Dim strShowOutputCheckedNo
Dim strShowOutputCheckedSource
Dim strShowOutputCheckedRendered
Dim strPostData
Dim strAccept
Dim strAcceptEncoding
Dim strCookies
Dim strAllowedIPs
strAllowedIPs ="10.0.0.|192.168.0.|11.22.33.44" ' Separate with "|".
strUserAgent = "Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.0)"
strAcceptLanguage = "da,en-us;q=0.5"
strAccept = "image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-powerpoint, application/vnd.ms-excel, application/msword, application/x-shockwave-flash, */*"
strAcceptEncoding = ""
strCookies = ""
strMethod = "GET"
strShowOutputCheckedNo = ""
strShowOutputCheckedSource = "checked=""checked"""
strShowOutputCheckedRendered = ""
strMethodCheckedGET = "checked=""checked"""
strMethodCheckedPOST = ""    
Session("ResponseText") = ""

If CheckAccess(Request.ServerVariables("REMOTE_ADDR"), strAllowedIPs) Then
  If Request.Form("URL") <> "" Then
    If (Instr(Request.Form("URL"), "http://")) Or (Instr(Request.Form("URL"), "https://")) Then
      If Request.Form("followRedirects") = "" Then
        blnFollowRedirects = False
        strFormRedirectsChecked = ""
      Else
        blnFollowRedirects = True
        strFormRedirectsChecked = "checked=""checked"""
      End If
      If Request.Form("ignoreCertErrors") = "" Then
        intIgnoreCertErrors = 0
        strFormIgnoreCertErrorsChecked = ""
      Else
        intIgnoreCertErrors = 13056
        strFormIgnoreCertErrorsChecked = "checked=""checked"""
      End If
      If Request.Form("hostheader") <> "" Then
        strHostOverride = Request.Form("hostheader")
      Else
        strHostOverride = ""
      End If
      If (Request.Form("useragent") <> strUserAgent) And (Request.Form("useragent") <> "") Then
        strUserAgent = Left(Request.Form("useragent"), 1024)
      End If
      If (Request.Form("acceptlanguage") <> strAcceptLanguage) And (Request.Form("acceptlanguage") <> "") Then
        strAcceptLanguage = Left(Request.Form("acceptlanguage"), 1024)
      End If
      If Request.Form("method") = "GET" Then
        strMethod = "GET"
        strMethodCheckedGET = "checked=""checked"""
        strMethodCheckedPOST = ""
      ElseIf Request.Form("method") = "POST" Then
        strMethod = "POST"
        strMethodCheckedGET = ""
        strMethodCheckedPOST = "checked=""checked"""
      Else
        strMethod = "GET"
        strMethodCheckedGET = "checked=""checked"""
        strMethodCheckedPOST = ""        
      End If
      If Request.Form("showoutput") = "No" Then
        strShowOutputCheckedNo = "checked=""checked"""
        strShowOutputCheckedSource = ""
        strShowOutputCheckedRendered = ""
      ElseIf Request.Form("showoutput") = "Source" Then
        strShowOutputCheckedNo = ""
        strShowOutputCheckedSource = "checked=""checked"""
        strShowOutputCheckedRendered = ""
      ElseIf Request.Form("showoutput") = "Rendered" Then
        strShowOutputCheckedNo = ""
        strShowOutputCheckedSource = ""
        strShowOutputCheckedRendered = "checked=""checked"""
      Else
        strShowOutputCheckedNo = ""
        strShowOutputCheckedSource = "checked=""checked"""
        strShowOutputCheckedRendered = ""
      End If
      If Request.Form("postdata") <> "" Then
        strPostData = Request.Form("postdata")
      Else
        strPostData = ""
      End If
      If (Request.Form("accept") <> strAccept) And (Request.Form("accept") <> "") Then
        strAccept = Left(Request.Form("accept"), 1024)
      End If
      If (Request.Form("acceptencoding") <> strAcceptEncoding) And (Request.Form("acceptencoding") <> "") Then
        strAcceptEncoding = Left(Request.Form("acceptencoding"), 1024)
      End If
      If (Request.Form("cookies") <> strCookies) And (Request.Form("cookies") <> "") Then
        strCookies = Left(Request.Form("cookies"), 2048)
      End If
      strOutput = CheckSite(Left(Request.Form("URL"), 1024), blnFollowRedirects, intIgnoreCertErrors, strHostOverride, strUserAgent, strAcceptLanguage, strMethod, strPostData, strAccept, strAcceptEncoding, strCookies)
    Else
      strOutput = "Did you mean <br /><span class=""URL"" onclick=""insertURL(this.innerHTML)"">" & _
                  "http://" & Left(Request.Form("URL"), 1024) & "</span><br />or<br />" & _
                  "<span class=""URL"" onclick=""insertURL(this.innerHTML)"">" & _
                  "https://" & Left(Request.Form("URL"), 1024) & "</span><br />?"
    End If
  Else
    strOutput = ""
  End If
Else
  strOutput = "IP not allowed to use this service"
End If

Function CheckAccess(strCurrentIP, strAllowedIPs)
  Dim i
  Dim arrAllowedIPs
  Dim blnReturnValue
  blnReturnValue = False
  arrAllowedIPs = Split(strAllowedIPs, "|")
  For i = 0 to uBound(arrAllowedIPs)
    If Instr(strCurrentIP, arrAllowedIPs(i)) > 0 Then
      blnReturnValue = True
    End If
  Next
  CheckAccess = blnReturnValue
End Function

Function CheckSite(strCheckURL, blnFollowRedirects, intIgnoreCertErrors, strHostOverride, strUserAgent, strAcceptLanguage, strMethod, strPostData, strAccept, strAcceptEncoding, strCookies)
  Dim strInterOutput
  Dim objWinHttp
  Set objWinHttp = Server.CreateObject("WinHttp.WinHttpRequest.5.1")
  objWinHttp.SetTimeouts 29000, 29000, 29000, 29000
  objWinHttp.Option(0) = strUserAgent
  objWinHttp.Option(4) = intIgnoreCertErrors
  objWinHttp.Option(6) = blnFollowRedirects
  objWinHttp.Option(12) = True
  objWinHttp.Open strMethod, strCheckURL
  objWinHttp.SetRequestHeader "Cookie", "Workaround for MS Bug KB234486"
  objWinHttp.SetRequestHeader "Cookie", strCookies
  If strMethod = "POST" Then
    objWinHttp.setRequestHeader "Content-type", "application/x-www-form-urlencoded"
  End If
  If strHostOverride <> "" Then
    objWinHttp.SetRequestHeader "Host", strHostOverride
  End If
  If strAcceptLanguage <> "" Then
    objWinHttp.SetRequestHeader "ACCEPT-LANGUAGE", strAcceptLanguage
  End If
  If strAccept <> "" Then
    objWinHttp.SetRequestHeader "Accept", strAccept
  End If
  If strAcceptEncoding <> "" Then
    objWinHttp.SetRequestHeader "Accept-Encoding", strAcceptEncoding
  End If
  On Error Resume Next
  objWinHttp.Send(strPostData)
  strEndURL = objWinHttp.Option(1)
  If Err.number = 0 Then
    Session("ResponseText") = objWinHttp.ResponseText
    strInterOutput = strInterOutput & Request.Servervariables("SERVER_PROTOCOL") & " "
    strInterOutput = strInterOutput & objWinHttp.Status & " "
    strInterOutput = strInterOutput & objWinHttp.StatusText & vbcrlf
    strInterOutput = strInterOutput & objWinHttp.GetAllResponseHeaders
    If Request.Form("showoutput") = "Source" Then
      strInterOutput = strInterOutput & objWinHttp.ResponseText
      strInterOutput = Replace(strInterOutput, "<", "&lt;")
      strInterOutput = Replace(strInterOutput, ">", "&gt;")
      strInterOutput = Replace(strInterOutput, " ", "&nbsp;")
      strInterOutput = Replace(strInterOutput, Chr(10), vbcrlf)                      ' Change Unix LF to Windows CR+LF
      strInterOutput = Replace(strInterOutput, Chr(13) & Chr(13) & Chr(10), vbcrlf)  ' Change CR+CR+LF to Windows CR+LF
      strInterOutput = Replace(strInterOutput, vbtab, "&nbsp;&nbsp;")
    End If
    strInterOutput = Replace(strInterOutput, vbcrlf, "<br />" & vbcrlf)            ' Change Windows CR+LF to HTML LF + Windows CR+LF
    CheckSite = strInterOutput
  Else
    CheckSite = Err.Description
  End If
  On Error GoTo 0
  Set objWinHttp = Nothing
End Function
%>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252" />
<meta name="robots" content="noindex,nofollow" />
<title>HTTP Query Tool 1.2</title>
<script language="JavaScript" type="text/javascript">
  function init() {
    document.getElementById('URL').focus();
    }
  function insertURL(URL) {
    document.getElementById('URL').value = URL;
    document.getElementById('inputform').submit();
    }  
</script>
<style type="text/css">
body, input, textarea {font-family: Verdana, Arial, Helvetica, Geneva, Sans-Serif; font-size: 10pt;}
.raw {font-family: monospace; font-size: 10pt;}
.URL {cursor: pointer; color: #0000E0;}
.databar {background-color: #E0E0E0; width: 100%; margin-bottom: 14px;}
.firstColumn {width: 180px;}
#URL, #hostheader, #postdata, #useragent, #acceptlanguage, #accept, #acceptencoding, #cookies {width: 700px;}
input, textarea {margin: 2px; vertical-align: middle;}
</style>
</head>
<body onload="init();">
  <form name="inputform" id="inputform" action="<%=Request.ServerVariables("SCRIPT_NAME")%>" method="post">
    <table class="databar">
      <tr>
        <td class="firstColumn">URL: </td>
        <td><input name="URL" id="URL" value="<%=strEndURL%>" /></td>
      </tr>    
      <tr>
        <td class="firstColumn">HTTP Method:</td>
        <td><input type="radio" name="method" id="method" value="GET" <%=strMethodCheckedGET%> />&nbsp;GET&nbsp;&nbsp;&nbsp;&nbsp;<input type="radio" name="method" id="method" value="POST" <%=strMethodCheckedPOST%> />&nbsp;POST</td>
      </tr>    
      <tr>
        <td class="firstColumn">Show HTML output:</td>
        <td><input type="radio" name="showoutput" id="showoutput" value="No" <%=strShowOutputCheckedNo%> />&nbsp;No&nbsp;&nbsp;&nbsp;&nbsp;<input type="radio" name="showoutput" id="showoutput" value="Source" <%=strShowOutputCheckedSource%> />&nbsp;Source&nbsp;&nbsp;&nbsp;&nbsp;<input type="radio" name="showoutput" id="showoutput" value="Rendered" <%=strShowOutputCheckedRendered%> />&nbsp;Rendered (Non-absolute references to images and so on will be broken)</td>
      </tr>    
      <tr>
        <td class="firstColumn">Follow redirects:</td>
        <td><input type="checkbox" name="followRedirects" id="followRedirects" value="1" <%=strFormRedirectsChecked%> /></td>
      </tr>    
      <tr>
        <td class="firstColumn">Ignore&nbsp;certificate&nbsp;errors:</td>
        <td><input type="checkbox" name="ignoreCertErrors" id="ignoreCertErrors" value="1" <%=strFormIgnoreCertErrorsChecked%> /></td>
      </tr>    
      <tr>
        <td class="firstColumn">Host header override:</td>
        <td><input name="hostheader" id="hostheader" value="<%=strHostOverride%>" /></td>
      </tr>    
      <tr>
        <td class="firstColumn">POST-data: </td>
        <td><input name="postdata" id="postdata" value="<%=strPostData%>" /></td>
      </tr>    
      <tr>
        <td class="firstColumn">User Agent:</td>
        <td><input name="useragent" id="useragent" value="<%=strUserAgent%>" /></td>
      </tr>    
      <tr>
        <td class="firstColumn">Accept Language:</td>
        <td><input name="acceptlanguage" id="acceptlanguage" value="<%=strAcceptLanguage%>" /></td>
      </tr>    
      <tr>
        <td class="firstColumn">Accept types: </td>
        <td><input name="accept" id="accept" value="<%=strAccept%>" /></td>
      </tr>    
      <tr>
        <td class="firstColumn">Accept encoding: </td>
        <td><input name="acceptencoding" id="acceptencoding" value="<%=strAcceptEncoding%>" /></td>
      </tr>    
      <tr>
        <td class="firstColumn">Cookies: </td>
        <td><textarea name="cookies" id="cookies" /><%=strcookies%></textarea></td>
      </tr>    
      <tr>
        <td class="firstColumn">&nbsp;</td>
        <td><input type="submit" value="Send request" /></td>
      </tr>    
    </table>
  </form>
  <div class="raw">
    <% Response.Write(strOutput) %>
  </div>
  <br />
  <% If Request.Form("showoutput") = "Rendered" Then %>
  <iframe src="getHTML.asp" frameborder="0" width="100%" height="400" style="border: 1px #000000 solid;"></iframe>
  <% End If%>
</body>
</html>

getHTML.asp (only used if rendered output is selected):

<% Option Explicit %>
<% Response.Write(Session("ResponseText")) %>
Page last updated 2008-03-16 21:38. Some rights reserved (CC by 3.0)