62 Part II — Getting Inside Gmail
Sniffing the Network Traffic.
So now that you understand how XMLHttpRequestworks, you’re led to some fur-
ther questions: What is being sent and received using the XMLHttpRequestfunc-
tions, and what are the URLs? Once you know the answers to these questions,
you can write your own code to spoof these requests, and can then interface
directly with the Gmail system. The rest of the book relies on this idea.
To find out what Gmail is saying to the browser, use a new tool: the packet sniffer.
This is a generic term for a range of applications that can listen to raw network
traffic, display it on the screen, log it, analyze it, and so on. What you’re interested
in is watching what your browser is doing in the background: what it is sending,
where it is sending it to, and then the replies it is getting.
My packet sniffer of choice for this job is Jeremy Elson’s Tcpflow, available at
http://www.circlemud.org/~jelson/software/tcpflow/.
I use Marc Liyanage’s OS X package, which you can download from
http://www.entropy.ch/software/macosx/#tcpflow.
Tcpflow is available under the GPL, and can be compiled on most proper com-
puting platforms. Windows users will need to look elsewhere, but the following
techniques remain the same.
Firing Up Tcpflow
Install Tcpflow, and set it running inside a terminal window, monitoring port 80.
On my machine, that means typing the following:
sudo tcpflow -c port 80
Then open a browser and request a page. Any will do: Figure 5-5 shows the start
of a typical result.
As you can see from the figure and your own screen, Tcpflow captures all of the
traffic flowing backward and forward across Port 80 — all your web traffic, in
other words. It shows the requests and the answers: headers, content, and all.
Tcpflow is perfect for the job. But there’s a snag. Open up Gmail, and let it sit
there for a while. After it settles down, you will notice that Tcpflow regularly
burps up new traffic looking very similar to Listing 5-4. This is Gmail’s heartbeat:
checking for new mail. But it’s very odd looking.