Debugging HTTP

Transcript

1. Debugging HTTP Lorna Mitchell, PHP North West 2013

2. About Me • Lorna Mitchell • http://lornajane.net • Developer/Consultant •

   I like to help with interesting projects

3. 6 Stages of Debugging • DENIAL. That can’t happen. •

   FRUSTRATION. That doesn’t happen on my machine. • DISBELIEF. That shouldn’t happen. • TESTING. Why does that happen? • GOTCHA. Oh, I see. • RELIEF. How did that ever work? (see also: http://bash.org/?950581)

4. Fault-Finding HTTP ... is just like fault-finding elsewhere in a

   web project

5. First Line of Defence: Browser Tools

6. First Line of Defence: Browser Tools They have the answers

   to: • what is the source for this page? • which other assets were loaded? • did any requested assets fail? • what headers arrived with this response? • were any more calls made after the page loaded? • did any JavaScript errors occur?

7. Browser Extensions Look out for tools which allow you to:

   • edit cookies (e.g. Edit This Cookie) • add/edit headers (e.g. ModHeader)

8. Things That Are Not HTML video 1

9. Wireshark Takes a copy of the traffic passing through your

   network card(s), so you can easily inspect traffic. • quick way to observe without adding debug to your application • can use tcpdump to capture on a server, wireshark to inspect

10. Working With JSON video 2

11. Curl is Your Friend -X [verb] The verb to use

    for this request -H "[Header: value]" A header to send. Use as many times as needed -d [value] Either the whole body data as a string, a filename, or a key/value pair -s The "silent" switch, to hide curl's progress meter when piping the output to something else -c [filename] Where to store any incoming cookies for future use -b [filename] Cookies to send with the request -v to both body and headers, in the request and response

12. Python's JSON Library A whole python tool, handily available via

    commandline [something] | python -mjson.tool http://docs.python.org/2/library/json.html

13. Things That Are Not GET Requests video 3

14. Debugging an API Problem Seeing the problem is usually harder

    than fixing • Can you reproduce the problem? • Start wireshark, inspect traffic • Use Curl to try simplest case, then step up

15. Beyond Observing video 4

16. Charles Multi-platform Web Debugging Proxy http://www.charlesproxy.com/ • Observe requests •

    Firefox plugin • Change requests • Use Charles as a network proxy (detailed article: http://lrnja.net/ZuiDYJ)

17. Other Networked Devices video 5

18. Debugging SSL Charles can perform a man-in-the-middle attack

19. Debugging SSL You need to authorise the attack Add an

    exception, or install the Charles CA in your browser

20. Make Debugging Your Super Power

21. Questions? Feedback please! https://joind.in/9313