0

I am trying to solve the problem for a while and i couldn't find a proper answer online. I have a file with mobile traffic (from an Android device) and I am trying to check whether an http request is sent from the browser or from a mobile app (for example, Ebay app and their mobile site). Unfortunately, checking the host or the user_agent fields on http headers didn't yield any result (they are exactly the same, the host contains the address m.example.com and the user_agent contained general information about the device - something like: Mozilla/5.0 (Linux; Android 5.0.2; SAMSUNG SM-T550 Build/LRX22G) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/3.2 Chrome/Safari/537.36).
Does anyone have an idea what can I do to check it ?

Thank you !

Improve this question
2
  • HTTP is a Application Layer protocol, and is implemented without any sense of state, so its simply one request to one response. requests can be identified by looking for a Verb at the beginning of the command (GET, POST, PATCH, HEAD, etc) and responses can be recognized because they contain a numeric response code as the first token of the message. More simply, you should be able to identify request to the server because you are the source, they are the dest, and the communication is over an HTTP port. likewise responses will originate from them, being destined for you.
    – Frank Thomas
    Commented Apr 28, 2017 at 15:28
  • Thank you for your reply, I am actually trying to check wether a given http request is sent from a mobile app or from the browser, as I mentioned in example in the post, I'm trying to check for example if the packet is generated by Ebay's application or from their web page
    – kobibo
    Commented Apr 28, 2017 at 15:48

1 Answer 1

Reset to default
1

Other than the User Agent string, HTTP doesn't tell you much about the client process. If all you have is this one packet capture, you might be out of luck.

If you were doing this debugging live, you might be able to use a tool like lsof to see if you can catch which process owned the ephemeral TCP port the request was sent from. Or you could run the "Ebay website" part of your test from a different browser that uses a different User Agent string.

Well, I suppose one other thing you could check is cookies. If you see two requests (one from the app, one from Javascript running in the web page in the browser), and they have different cookies, you could look at the browser's cookie storage and see which cookies it has, and that way you'd know the requests with those unique cookies must have come from that browser.

Improve this answer

Not the answer you're looking for? Browse other questions tagged .