HTTP Request Logger add-on for Mozilla Firefox

Sometimes it might be useful to log each and every URL that is accessed through your Mozilla Firefox web browser. It might be for security, auditing or other reasons that you want to log accessed URLs. I developed the HTTP Request Logger add-on in order to track and discover a malicious web page that triggered the CVE-2010-4452 vulnerability in Oracle Java through a specially crafted applet tag and a respective Java applet class. You can download and install the add-on from here: HTTP Request Logger. You can also view the project on GitHub: prekageo/http-request-logger.

The add-on implements a JavaScript XPCOM component. This component is registered in chrome.manifest. The component registers an observer for http-on-modify-request topics. The observer’s callback function is called when a new HTTP request is ready to be sent. The function appends into a simple text file located on the user’s desktop a line consisting of the referrer, HTTP method and URL of the HTTP request.

29 Responses to “HTTP Request Logger add-on for Mozilla Firefox”

  1. Magno Says:

    nice work, still it needs more attention !

    as there is a lot of data it should be separated between time intervals, for example log between 17.00 and 18.00 then new chapter for the period between 18.00 and 19.00 etc. calendar view with dates perhaps?

    also choosing options where to save the log file would be nice, its not always good to have it on a desktop

    keep improving it!

    A. Magno

  2. Agron Says:

    How does it work? I installed it and after restarting FF I can only DISABLE or REMOVE this extension.
    How do you turn ON and OFF logging? Where do you enter the filename to save the logs to? Is there a default filename predefined?
    I am using Linux (OpenSuse 11.4) with Firefox 5.0.

    Thanks and greetings from Kosovo šŸ™‚

  3. Anthony Says:

    I’m on Windows 7 with FF 8, and nothing is written to my desktop. Any idea ?
    Thx šŸ˜‰

  4. anthony Says:

    That’s it, I see “FAST IO DISALLOWED” on win 7. but no problem on xp.
    Also, would be awesome to have the posted fields when there is a POST request done ;).

  5. kennb3 Says:

    Needs configuration options, like choosing where to save the log file. I’d rather not have my employees covering up their web surfing by deleting the file.

  6. Mike Says:

    I couldn’t find the file where it’s supposed to write the log. I’m using Firefox on Linux.
    But really, how is that you don’t mention were the file is saved, how is that you expected people to know? I want to insult you but, hey I know, you do it for free. So thanks anyway.

    • prekageo Says:

      Please read the last paragraph of the post. This is a toy project. It is mostly oriented for developers and not end users. Thanks for your interest anyhow.

  7. Error Says:


    can’t find the file either. The reason appears it’s failing to load. The error log shows:
    Warning: Warning: Ignoring unrecognized chrome manifest instruction.
    Source File: file:///home/[REDACTED]/extensions/http-request-logger@prekageo/chrome.manifest
    Line: 1
    Source File: file:///home/[REDACTED]/extensions/http-request-logger@prekageo/chrome.manifest
    Line: 2
    Source File: file:///home/[REDACTED]/extensions/http-request-logger@prekageo/chrome.manifest
    Line: 3
    Failed to load XPCOM component: /home/[REDACTED]/extensions/http-request-logger@prekageo/components/httpRequestLogger.js

    No other errors for this extension. The file has three lines and appears correct, with contents:

    component {c4a9bb50-b9b2-11e0-a4dd-0800200c9a66} components/httpRequestLogger.js
    contract @prekageo/HttpRequestLogger;1 {c4a9bb50-b9b2-11e0-a4dd-0800200c9a66}
    category profile-after-change HttpRequestLogger @prekageo/HttpRequestLogger;1

    Firefox 3 though, but it’s within the allowed installed versions in the rdf.

    • prekageo Says:

      Thanks for bringing this issue into my attention. This add-on is purely for development purposes and apparently it is not compatible with Firefox 3. Feel free to manipulate it as you’d like. You can also send me a patch.

  8.   Says:

    Nice toy… btw.: I can confirm it works with FF 11.0 on Win7 Ultimate x86.

  9. Gordon Says:

    you can get it to work if you update the supported FF version in install.rdf. Very nice utility as it shows exactly how to intercept network traffic and even log it. Nice work!

  10. Dennis S. Says:

    Logging both POST data and headers would also be great. Is this project open source and would you accept patches?

  11. daniele Says:

    where is the log file on mac os ???????

    • prekageo Says:

      On your desktop? Otherwise check your home folder. If that doesn’t work, search for a file named http-request-log.txt.

  12. Firefox Extensions | The Zen of Ironing Says:

    […] […]

  13. Hagen Says:

    good ext. but why enable/disable logging need to restart browser ? that sucks dude.

  14. Sebastiaan Says:

    Do you know if there is a way to only log the links or bookmarks the user clicked and the URLs the user entered? (thereby omitting the ‘includes’ that belong to a page, such as css/js/png files or html pages referenced from the first page loaded)

  15. nerys hughes Says:

    Really good tool for discovering domains to add to cookie and useragent blocker exception whitelists. Many thanks amigo šŸ™‚

  16. fabian Says:

    Good evening, I think this add-on is very useful, but I would like to set a modification in the code to customize the log file directory. Can you suggest me why using the command-line jpm tool, and pasting the code ( of the js component in the retouched source of the addon, it results installed on Firefox, but does not work? (i.e. the log file does not appear on the Desktop — in the preliminar test, I have left unchanged your code)

  17. SteveV Says:

    Interesting tool, even to a nube like me! I use it with Win10 + Palemoon 26(FF). When I first viewed your log using notepad all was black and unseparated- not cool, then after finishing the clean install I installed Editpad lite. Now each line is separate, urls are click-able links! My primary use is similar to nerys hughes, in avast EP – tools it has ‘SiteBlocking’. A little help here: Occasionally a site will re-direct to a page that loudly states a Virus has been download( not an AV response)- scares the sh*t out of me when it happens!!!
    If any of you learned people could help on this please add a note below my entry, if that’s OK? THANKS!

  18. Floyd the Android Says:

    The file is http-request-log.txt on the Desktop.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: