Codebox Software

HttpBuilder Utility

Published:

HttpBuilder is a utility that provides a graphical interface for the creation of custom HTTP requests. It can be used for testing web servers and web applications, penetration testing, problem determination, and is also a great tool for learning about the HTTP protocol.

This is the main window, displaying details of the request that was sent in the upper part of the screen, and showing the response received from the server in the lower part

HttpBuilder main window

The request can be configured to use any valid HTTP method

HTTP method list

A list of valid HTTP header types is provided, and custom header types can also be added

Header list

Many header types have an associated helper dialog box, making it easy to send correctly formatted values to the server. The User-Agent helper dialog is shown here, it contains dozens of user agent strings including examples from all the commonly used browsers

User-Agent helper dialog box

Another example of a helper dialog box, this one is for the Authorization header - it supports both Basic and Digest authentication, and will encode the username, password, and other required values, into a correctly formatted string.

Header list

HttpBuilder allows you to configure every aspect of the request that gets sent - you specify which version of the HTTP protocol to use, which HTTP method, and which headers to include. Most types of header have 'helper' dialog boxes associated with them, to ensure that the values you send are in the correct format, including:

  • Date based headers have helpers that format the date and time of your choice into RFC 822/RFC 1123 format
  • There are helpers containing lists of valid values for character sets, content types, content encodings, languages, HTTP methods, cache-control values, connection values, TE values, Trailer values, and over 50 user-agent strings
  • The Authorization helper will encode user/password combinations for the Basic authentication scheme, and can also produce valid Digest authentication strings
  • Range based headers have a helper that formats the Start, End and Total values into a valid range string
  • ETag based fields use a helper that formats single or multiple values properly, and supports use of the 'Weak' flag.

A history of previously sent requests is maintained, so that specific tests can be repeated easily, and so that complex requests containing many different headers can be modified without having to recreate everything from scratch. The utility also allows requests to be directed through a web proxy server.