Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Debugging HTTP

Debugging HTTP

Presentation from PHPNW13 on tools and best practice for debugging HTTP whether on web, mobile, APIs, or really anywhere else. Includes Wireshark, Charles and cURL

Lorna Mitchell

October 06, 2013

More Decks by Lorna Mitchell

Other Decks in Programming


  1. 6 Stages of Debugging • DENIAL. That can’t happen. •

    FRUSTRATION. That doesn’t happen on my machine. • DISBELIEF. That shouldn’t happen. • TESTING. Why does that happen? • GOTCHA. Oh, I see. • RELIEF. How did that ever work? (see also: http://bash.org/?950581)
  2. First Line of Defence: Browser Tools They have the answers

    to: • what is the source for this page? • which other assets were loaded? • did any requested assets fail? • what headers arrived with this response? • were any more calls made after the page loaded? • did any JavaScript errors occur?
  3. Browser Extensions Look out for tools which allow you to:

    • edit cookies (e.g. Edit This Cookie) • add/edit headers (e.g. ModHeader)
  4. Wireshark Takes a copy of the traffic passing through your

    network card(s), so you can easily inspect traffic. • quick way to observe without adding debug to your application • can use tcpdump to capture on a server, wireshark to inspect
  5. Curl is Your Friend -X [verb] The verb to use

    for this request -H "[Header: value]" A header to send. Use as many times as needed -d [value] Either the whole body data as a string, a filename, or a key/value pair -s The "silent" switch, to hide curl's progress meter when piping the output to something else -c [filename] Where to store any incoming cookies for future use -b [filename] Cookies to send with the request -v to both body and headers, in the request and response
  6. Python's JSON Library A whole python tool, handily available via

    commandline [something] | python -mjson.tool http://docs.python.org/2/library/json.html
  7. Debugging an API Problem Seeing the problem is usually harder

    than fixing • Can you reproduce the problem? • Start wireshark, inspect traffic • Use Curl to try simplest case, then step up
  8. Charles Multi-platform Web Debugging Proxy http://www.charlesproxy.com/ • Observe requests •

    Firefox plugin • Change requests • Use Charles as a network proxy (detailed article: http://lrnja.net/ZuiDYJ)
  9. Debugging SSL You need to authorise the attack Add an

    exception, or install the Charles CA in your browser