Raymond.CC Blog

Akash asked a question in the comment area on yesterday’s post whether is it possible to view the full path of remote URL when computer is secretly downloading files. One example is when a user tries to download Adobe Flash Player, by default they will be asked to download the Adobe Download Manager first and then the download manager will then automatically download the Flash Player without showing the URL to the user. This is in fact possible and pretty easy. If you haven’t noticed, a few of my articles already mentioned such software called URLSnooper and I thought that it would be best I have an article dedicated for this.

Like the title of the application’s name, it is able to sniff or snoop on the URL. Basically it is a packet sniffer except it is much simpler to use and it shows only URL. Another similar software is called URL Helper, a shareware developed by the same company as the popular download manager HiDownload Pro except that URLSnooper is free and uses WinPcap engine driver for sniffing. Let’s take a look at how to use URLSnooper to identify those hidden URLs.


1. First download URLSnooper from the link located at the end of this article and install. WinPcap driver installer is included and you will be asked to install if you have never installed it.

2. Run URLSnooper and on the first run it will automatically determine your network adapter to sniff.

3. Click File and select Advanced Mode.

4. Next, at the Protocol Filter drop down menu, click on it and select Show All.

5. Click the Sniff Network button to start monitoring URLs on your computer and keep it running.

6. Open your favorite web browser and go to Adobe.com to install the Flash Player plugin.

7. Uncheck Free Google Toolbar (if you are using Internet Explorer) or Free McAfee Security Scan Plus (if you are using Firefox, Safari or Opera) and click the Agree and install now.

8. Internet Explorer users will be prompted to install Adobe DLM ActiveX control while Firefox users will be prompted to install Adobe DLM add-on. Once Adobe DLM has been successfully installed, the Adobe Download Manager will start downloading Adobe Flash Player 10 with a progress meter.

9. Go back to URLSnooper and click the Stop Search button.

10. Click the Protocol at the URLSnooper column so that it sorts according to protocol type.

11. Look for http exe file and you should see a few of them. It is pretty obvious that the Adobe Flash Player installer setup file is http://fpdownload.adobe.com/get/flashplayer/current/install_flash_player_ax.exe while the other two is the McAfee Security Scan and Google Toolbar.

There are many other scenarios which allows you to discover the full path of the hidden remote URL using URLSnooper. Do note that not all software send/receive data using URL method. There are some that sends packets based on other protocols which are not able to decodable by URLSnooper. No matter what, URLSnooper is a very useful tool and it is one of the must-install software whenever I reformat my hard drive to reinstall Windows.

[ Download URLSnooper ]