Using HTTPWatch for Web application testing


Are you developing or testing Web applications? If so, I’m pretty sure you’ve needed a way to look at the HTTP or HTTPS traffic flowing back forth between your Web browser and Server. Have I got the tool for you… For a couple of years now I’ve been using HTTPWatch (from Simtec) to peek into that HTTP world, on the fly, from Internet Explorer. HTTPWatch runs from within Internet Explorer’s Explorer Bar putting it right at your finger tips while you surf, and for Web application testing it can’t get any better than when the test tool is built into IE. HTTPWatch allows you to monitor and peruse:



  • Headers, Cookies and URLs
  • HTTP method (GET, POST, etc…)
  • Time taken to complete a request
  • Size of downloaded page, image or file
  • HTTP status codes or error codes if the request failed
  • Parameters sent in a query strings and POSTs
  • Network operations required, such as DNS lookup or socket connects
  • Whether the content was read from the browser cache or downloaded from the server
  • HTML content (rendered)
  • HTML stream (un-rendered/raw)

You say: “Okay…Wow Brent, I can look at HTTP traffic, what’s the big deal? How can this tool help with my testing?” Given the above feature list, you can and I do, find defects like:



  • 404s (small images, hidden pages in frames)
  • Unnecessary 302 redirects
  • Unnecessary page usage
  • Unnecessary page reloads
  • Necessary or unnecessary page and image caching
  • Confidential information in cookies
  • Confidential information in forms
  • Use of form queries instead of posts
  • Improper use of HTML encoding (header)

As a Quality Assurance engineer testing Web sites this tool is valuable, easy to use, clean, and reliable. With that said, nothing is ever good enough for this QA engineer, I really would like to see the following enhancements:



  • Put it in a FireFox extension too
  • Provide proxy capability where a user can modify the content stream for sends or receives (I’d throw away my favorite proxy tool Paros for this capability)

That aside, the tool does its intended job perfectly and I highly recommend it. You can download the “Basic Edition” for free but it only allows you to use it against a few, popular sites. If you intend to use it for testing you’ll need to buy the “Professional Edition” at $249 for a single user license. The prices get better with larger license packages. $249 for a testing tool of this caliber is cheap. Don’t cheat yourself with less powerful tools like ieHttpHeaders! Get HTTPWatch and GITt-R-DONE.


Update 3/01/2006: Simon at Simtec told me that my suggested enhancments are on their HTTPWatch “To Do” list. Cool! It’s nice to know that Simtec is a company that listens to their customers needs. 

4 Responses to Using HTTPWatch for Web application testing

  1. foo says:

    There is a free tool from microsoft that does essentially the same thing (probably better).. It is called The Fiddler .. I couldn’t imagine paying 250 for something like this… ridiculous.

  2. Brent says:

    Good point. Fiddler is a viable option. Being free is a definite bonus too. HTTPWatch was here long before Fiddler so I’ve had trouble moving over from my old favorites HTTPWatch and Paros. One thing that Fiddler doesn’t have is the option to run in the Explorer bar which I am very fond of because of the convenience.

  3. Brent says:

    Oops, I forgot about another reason I couldn’t get myself to use Fiddler… I coudn’t get it to work with HTTPS. That’s a big deal in my online banking and security products testing world! 🙂

  4. Hon Wong says:

    Brent,

    HTTPWatch is definitely a good tool. We use it internally. The natural limitation of the tool, of course, is that it doesn’t give you much insight inside the datacenter.

    If you’re interested, my company makes a product, TrueView, which runs inside the datacenter, measures actual end-user response times from the browser, and can trace delays back to individual method calls and SQL queries. Does that sound like it might be useful for your work?

Leave a Reply

Your email address will not be published. Required fields are marked *