HOW TO: Use Wfetch.exe to Troubleshoot HTTP Connections

We strongly recommend that all users upgrade to Microsoft Internet Information Services (IIS) version 7.0 running on Microsoft Windows Server 2008. IIS 7.0 significantly increases Web infrastructure security. For more information about IIS security-related topics, visit the following Microsoft Web site:For more information about IIS 7.0, visit the following Microsoft Web site:


This step-by-step article describes how to use the WFetch utility (Wfetch.exe) to troubleshoot HTTP connections.


Microsoft Windows XP Professional/Microsoft Windows Server 2003

WFetch 1.3 is included in the Internet Information Server (IIS) 6.0 Resource Kit Tools. To download the IIS 6.0 Resource Kit Tools, visit the following Microsoft Web site:Microsoft Windows 2000/Microsoft Windows NT 4.0

WFetch 1.2 is available for use with earlier versions of Windows. To download WFetch 1.2, visit the following the following Microsoft Web site:

WFetch Features

When you are troubleshooting connectivity issues between Internet Information Server (IIS) or Internet Information Services (IIS) and Web clients, you may want to view data that is not displayed in the Web browser, such as the HTTP headers that are included in the Request and Response packets.

WFetch is a free utility that is provided on an "as-is" basis. Microsoft does not support the utility, but you can use it to provide detailed information about the traffic between the client and server.

Warning This utility provides advanced features that can permit a user to expose a server to potential security risks. For this reason, Microsoft recommends that the utility be used only in testing, and not in a production environment. See the "Security Ramifications" section of this article for more information.

The following features are available in the current version of WFetch:
  • Configurable host name
  • Configurable TCP port
  • HTTP 1.0 and HTTP 1.1 support
  • Multiple authentication types (Anonymous, Basic, NTLM, Kerberos, Digest, Negotiate)
  • Client-certificate support
  • Multiple connection types (HTTP, HTTPS, PCT 1.0, SSL 2.0, SSL 3.0, TLS 3.1)
  • Proxy support
  • Advanced requests that are entered manually or read from a file
  • On-screen and file-based logging
WFetch does not log the TCP handshake data that is used to establish and close TCP sessions. For additional information, click the article number below to view the article in the Microsoft Knowledge Base:
172983 Explanation of the Three-Way Handshake via TCP/IP

To troubleshoot connectivity issues (including TCP session data), use a utility such as Network Monitor, which captures network packets.



After you extract the utility to a client with TCP/IP access to a Web server, start the Wfetch.exe application and follow these steps:
  1. In the Host box, type the name of a Web site (for example,
  2. In the Path box, select the path of the file, folder, or application on the Web site that you used in step 1 (for example, /default.asp).
  3. Add any additional options based on the test that is being performed.
  4. Click Go.

Security Ramifications

  • WFetch permits a user to store a password for later authenticated logon attempts. By default, the Save check box is not selected. When the Save check box is selected, the password that is typed in the Authentication section is written in clear-text format to the system registry in the following key:
    By default, the following accounts have Allow permissions on the Wfetch registry key:
    • Administrators (local): Read, Full Control
    • Restricted: Read
    • System: Read, Full Control
    • <CURRENT_USER>: Read, Full Control
  • To test client certificate support, WFetch can optionally install a test root certificate. Because of this, make sure that this tool not be used on production systems.
  • When you are adding a test root certification authority, WFetch automatically adds the test root certification authority as a trusted root certification authority, which can prevent the warning that typically is displayed when SSL connections are made to sites that use certificates that are issued by certification authorities that are not trusted.


For additional information about the TCP/IP three-way handshake, click the following article number to view the article in the Microsoft Knowledge Base:

172983 Explanation of the Three-Way Handshake via TCP/IP

For additional information about troubleshooting with Network Monitor, click the following article numbers to view the articles in the Microsoft Knowledge Base:

148942 How to Capture Network Traffic with Network Monitor

252876 How to View HTTP Data Frames Using Network Monitor

For additional information about Digital Certificates, Cryptography, and SSL, click the following article number to view the article in the Microsoft Knowledge Base:

195724 Description of Digital Certificates