Show whole url in query log instead of domain

I have a lot of these api-calls, but i want to know the whole url

https://api.netatmo.com/api/setthermpoint
https://api.netatmo.com/api/getthermostatsdata
https://api.netatmo.com/api/gethomedata
https://api.netatmo.com/api/geteventsuntil
...

Unfortunately, this is technically impossible. Your clients do only query the host name and never tell the DNS server the full URL.

You can see this also as a security feature - why should you tell e.g. your ISP's or Google's DNS servers the full path of what you are visiting?

Thanks for your response.

If you want to catch just a few URLs, use Wireshark (and if you don't want to patch the topology a ARP-spoofer) with the filter "http" to catch http requests which contains the requested URL.

When I have the time I will try to figure out how wireshark works.

Just make sure, that the traffic goes over your pc. When you want to sniff you smartphone open a hotspot or use a hub instead of a switch.

I want to sniff a raspberry pi connected to Ethernet.
And i’m Using a mac with wireshark, Can u explane me how to do that?

What do you want to sniff? Just the traffic between your mac and the PI was better/easier to realize than sniffing the whole traffic?

If you want to sniff the whole traffic you need to be the man in the middle (you need to be a switch or catching traffing fron a switch, router ecetera). The FritzBox offers to sniff at their ports for example.
If you try to be the man in the middle via ARP-spoofing, you need to deactivate the security software of your pc's because they would really fuck up :wink:

Just the traffic between your PI and your mac: Open Wireshark and start sniffing at your network interface card. Set as filter "ip.addr==ADRESS-OF-YOUR-PI" and confirm with enter.

I want to sniff the traffic between my pi and API.netatmo.com.

Ok so if the PI calls api.netatmo.com, the request passes your router. Maybe your router offers a function to sniff. Otherwise you need to use Cain & Abel for example to tell the PI "Hey i am the router" and the router "Hey i am the PI" so that the traffic is routed over your mac.

Maybe look here:

At 01:50 must be your router on the left side, your PI on the right side, then activate the nuker (radioactive-symbol)
At 02:13 traffic is full-routed. then you can start Wireshark with sniffing.
You just need to go until 02:15. After that it is just focussed on sniffing passwords.

@DL6ER is correct here, but if you're curious, /var/log/lighttpd/access.log can show the URL but only for blocked domains.