This article was previously published under Q284285
We strongly recommend that all users upgrade to Microsoft Internet Information Services (IIS) version 7.0 running on Microsoft Windows Server 2008. IIS 7.0 significantly increases Web infrastructure security. For more information about IIS security-related topics, visit the following Microsoft Web site:
When you are troubleshooting connectivity issues between Internet Information Server (IIS) or Internet Information Services (IIS) and Web clients, you may want to view data that is not displayed in the Web browser, such as the HTTP headers that are included in the Request and Response packets.
WFetch is a free utility that is provided on an "as-is" basis. Microsoft does not support the utility, but you can use it to provide detailed information about the traffic between the client and server.
Warning This utility provides advanced features that can permit a user to expose a server to potential security risks. For this reason, Microsoft recommends that the utility be used only in testing, and not in a production environment. See the "Security Ramifications" section of this article for more information.
The following features are available in the current version of WFetch:
Multiple HTTP verbs (GET, HEAD, PUT, DELETE, TRACE, POST, OPTIONS)
Advanced requests that are entered manually or read from a file
On-screen and file-based logging
WFetch does not log the TCP handshake data that is used to establish and close TCP sessions. For additional information, click the article number below to view the article in the Microsoft Knowledge Base:
172983 Explanation of the Three-Way Handshake via TCP/IP
To troubleshoot connectivity issues (including TCP session data), use a utility such as Network Monitor, which captures network packets.
WFetch permits a user to store a password for later authenticated logon attempts. By default, the Save check box is not selected. When the Save check box is selected, the password that is typed in the Authentication section is written in clear-text format to the system registry in the following key:
By default, the following accounts have Allow permissions on the Wfetch registry key:
Administrators (local): Read, Full Control
System: Read, Full Control
<CURRENT_USER>: Read, Full Control
To test client certificate support, WFetch can optionally install a test root certificate. Because of this, make sure that this tool not be used on production systems.
When you are adding a test root certification authority, WFetch automatically adds the test root certification authority as a trusted root certification authority, which can prevent the warning that typically is displayed when SSL connections are made to sites that use certificates that are issued by certification authorities that are not trusted.