Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Debugging HTTP

Debugging HTTP

Presentation from PHPNW13 on tools and best practice for debugging HTTP whether on web, mobile, APIs, or really anywhere else. Includes Wireshark, Charles and cURL

Lorna Mitchell

October 06, 2013
Tweet

More Decks by Lorna Mitchell

Other Decks in Programming

Transcript

  1. Debugging HTTP
    Lorna Mitchell, PHP North West 2013

    View Slide

  2. About Me
    • Lorna Mitchell
    • http://lornajane.net
    • Developer/Consultant
    • I like to help with interesting projects

    View Slide

  3. 6 Stages of Debugging
    • DENIAL. That can’t happen.
    • FRUSTRATION. That doesn’t happen on my
    machine.
    • DISBELIEF. That shouldn’t happen.
    • TESTING. Why does that happen?
    • GOTCHA. Oh, I see.
    • RELIEF. How did that ever work?
    (see also: http://bash.org/?950581)

    View Slide

  4. Fault-Finding HTTP
    ... is just like fault-finding elsewhere in a web project

    View Slide

  5. First Line of Defence: Browser Tools

    View Slide

  6. First Line of Defence: Browser Tools
    They have the answers to:
    • what is the source for this page?
    • which other assets were loaded?
    • did any requested assets fail?
    • what headers arrived with this response?
    • were any more calls made after the page loaded?
    • did any JavaScript errors occur?

    View Slide

  7. Browser Extensions
    Look out for tools which allow you to:
    • edit cookies (e.g. Edit This Cookie)
    • add/edit headers (e.g. ModHeader)

    View Slide

  8. Things That Are Not HTML
    video 1

    View Slide

  9. Wireshark
    Takes a copy of the traffic passing through your
    network card(s), so you can easily inspect traffic.
    • quick way to observe without adding debug to
    your application
    • can use tcpdump to capture on a server, wireshark
    to inspect

    View Slide

  10. Working With JSON
    video 2

    View Slide

  11. Curl is Your Friend
    -X [verb] The verb to use for this request
    -H "[Header:
    value]"
    A header to send. Use as many times as needed
    -d [value] Either the whole body data as a string, a filename, or a
    key/value pair
    -s The "silent" switch, to hide curl's progress meter when
    piping the output to something else
    -c [filename] Where to store any incoming cookies for future use
    -b [filename] Cookies to send with the request
    -v to both body and headers, in the request and
    response

    View Slide

  12. Python's JSON Library
    A whole python tool, handily available via
    commandline
    [something] | python -mjson.tool
    http://docs.python.org/2/library/json.html

    View Slide

  13. Things That Are Not GET Requests
    video 3

    View Slide

  14. Debugging an API Problem
    Seeing the problem is usually harder than fixing
    • Can you reproduce the problem?
    • Start wireshark, inspect traffic
    • Use Curl to try simplest case, then step up

    View Slide

  15. Beyond Observing
    video 4

    View Slide

  16. Charles
    Multi-platform Web Debugging Proxy
    http://www.charlesproxy.com/
    • Observe requests
    • Firefox plugin
    • Change requests
    • Use Charles as a network proxy
    (detailed article: http://lrnja.net/ZuiDYJ)

    View Slide

  17. Other Networked Devices
    video 5

    View Slide

  18. Debugging SSL
    Charles can perform a man-in-the-middle attack

    View Slide

  19. Debugging SSL
    You need to authorise the attack
    Add an exception, or install the Charles CA in your
    browser

    View Slide

  20. Make Debugging Your Super Power

    View Slide

  21. Questions?
    Feedback please! https://joind.in/9313

    View Slide