5 Simple Tools to Display Hidden Remote URLs in Background or Web Installers

3. Free HTTP Sniffer

If you want a simple to use packet sniffing tool to capture file URL’s then Free HTTP Sniffer is a useful program to look at. There are no advanced options which means it doesn’t clutter up the window with useless information. One or two minor issues are the donate nag on start and the WinPcap driver included is out of date for newer versions of Windows, so you will need the latest installer from WinPcap.org or there will be an error on launch. Usage is very easy:

1. Start Free HTTP Sniffer, click Options and select “Only addresses sent by any computer” for the Sniffer Mode. This step isn’t strictly necessary but will cut down the useless information in the window even further.

2. Press the Start button and launch the web installer or executable etc. When the file you’re looking for has downloaded, click Stop and look in the main window for the file that looks like the correct one.

free http sniffer

3. Then you can double click on it to try the file in a browser or go to the File menu and save all the URL’s in the window to a text file. As you can see in the screenshot above, it was very easy to find the Adobe Flash Player full executable we also found in URLSnooper. The network adapter can be changed from the File menu.

Download Free HTTP Sniffer

4. Socket Sniffer

Socket Sniffer is another very easy to use tool to sniff a URL from a web installer or webpage. While getting the program running and capturing packets takes no effort at all, interpreting the results is slightly more tricky because it mixes in UDP and ICMP protocols as well as TCP which will be where you find any file URL’s, so it takes a tiny bit more searching of the results.

1. Socket Sniffer is portable so you simply run the standalone executable. It appears to run using raw sockets as no third party drivers are required. Select the IP address of the current network adapter from the top left drop down menu and then click the Start Sniffing button.

2. After running the web installer or setup file etc, stop the sniffing and browse through the TCP protocol entries by clicking on them and looking at the results in the lower pane.

socket sniffer

3. You should find an entry with a GET that appears to be the path and file name of the full installer. To get the full URL to the file you have to take the Host name and append the GET path, so the above would be:


Socket Sniffer requires the .NET Framework 2 or above to run.

Download Socket Sniffer

5. PacketViewer

PacketViewer is another portable tool to sniff out TCP packets from the TCP, UDP or ICMP protocols. It also has a few options to help narrow things down such as an IP address and port filter for both incoming and outgoing packets, and the most important filtering option of entering a string to filter the packet messages. Using this we can filter out everything apart from executable URL messages.

1. Run the portable PacketViewer.exe and go to Options. Untick Message Filter > No Filter and put .exe into the text box, then click Apply and Close.

PacketViewer No Filter

2. Then after clicking Start run the web or setup installer and then stop capturing after the main file has downloaded.


3. Looking through the captured entries should be easy because only packet messages containing .exe will be displayed, then you need to append the GET path details to the Host address like the Socket Sniffer tool above. PacketViewer can also automatically save every capture session to a log file.

Download PackerViewer

19 Comments - Write a Comment

  1. Hans Wörzt 5 years ago
  2. Nzyme 7 years ago
  3. Arup Ghosh 9 years ago
  4. d-man 10 years ago
  5. Grr 12 years ago
  6. mark 12 years ago
  7. Simakuutio 12 years ago
  8. mouser 12 years ago
  9. Ennovy 12 years ago
  10. Sul2005tan 12 years ago
  11. noprob 12 years ago
  12. sunkumarspace 12 years ago
  13. roy raay 12 years ago
  14. BJ 12 years ago
  15. Muhammad 12 years ago
  16. Software Collection 12 years ago
  17. Aakash 12 years ago
  18. Akash 12 years ago
  19. Ahmad Saleem 12 years ago

Leave a Reply

Your email address will not be published.

Note: Your comment is subject to approval. Read our Terms of Use. If you are seeking additional information on this article, please contact us directly.