In such environments, tracking headers means monitoring either directly within the server process (difficult in clouds), or within the client process (typically a browser).
Recently I had to reverse-engineer the convoluted authentication to the CMIS endpoint of a Sharepoint server. Below is my tale, and the tools I tried (spoiler: only the last one did the job).
Contestant 1: Chrome Developer ToolsIn Chrome, I start Incognito mode (CTRL-SHIFT-N) to make sure no saved passwords/cookies interfere, fire up the Developer Tools (CTRL-SHIFT-I), select "Network" to see the requests, and launch the request.
As seen in the screenshot below, Chrome shows the conversation between client and server. Something sounds fishy: Only 2 requests, and the last one is marked as "canceled" even though download succeded... let's try another tool!
Contestant 2: Firefox Web ConsoleIn Firefox, I start Private Browsing mode (CTRL-SHIFT-P), fire up the Web Console (CTRL-SHIFT-K), unselect everything but "Net", and launch the request.
Firefox wins over Chrome by showing the right number of requests (four):
Now to the job: Getting the HTTPS headers!
I click on a request, and something awful happens: a totally unusable window appears, displaying what I need (request headers and response headers), but preventing me from copy-pasting it.
Mouse selection goes crazy, and copying everything results in an unusable long string containing everything aggregated without spaces . Not to mention the inexact timestamp , the content that does not scale with the window , and the weird titles font style .
Fine if you just want to see the headers, but real hackers want to script-parse and diff the headers, right? Next!
Winner: HttpfoxIn Firefox, after having installed the Httpfox extension, I start Private Browsing, fire up Httpfox (SHIFT-F2), press "Start", and launch the request.
The lower part shows the headers, and copying them is accessible via the context menu... perfect!
Conclusion: Httpfox is the easiest way to get HTTPS headers.
If you know any other convenient tool, please let us know in the comments!