Debugging HTTP

Debugging HTTP

Presentation from PHPNW13 on tools and best practice for debugging HTTP whether on web, mobile, APIs, or really anywhere else. Includes Wireshark, Charles and cURL

D33d8bdd9096c80b8d1acca8d28410b5?s=128

Lorna Mitchell

October 06, 2013
Tweet

Transcript

  1. Debugging HTTP Lorna Mitchell, PHP North West 2013

  2. About Me • Lorna Mitchell • http://lornajane.net • Developer/Consultant •

    I like to help with interesting projects
  3. 6 Stages of Debugging • DENIAL. That can’t happen. •

    FRUSTRATION. That doesn’t happen on my machine. • DISBELIEF. That shouldn’t happen. • TESTING. Why does that happen? • GOTCHA. Oh, I see. • RELIEF. How did that ever work? (see also: http://bash.org/?950581)
  4. Fault-Finding HTTP ... is just like fault-finding elsewhere in a

    web project
  5. First Line of Defence: Browser Tools

  6. First Line of Defence: Browser Tools They have the answers

    to: • what is the source for this page? • which other assets were loaded? • did any requested assets fail? • what headers arrived with this response? • were any more calls made after the page loaded? • did any JavaScript errors occur?
  7. Browser Extensions Look out for tools which allow you to:

    • edit cookies (e.g. Edit This Cookie) • add/edit headers (e.g. ModHeader)
  8. Things That Are Not HTML video 1

  9. Wireshark Takes a copy of the traffic passing through your

    network card(s), so you can easily inspect traffic. • quick way to observe without adding debug to your application • can use tcpdump to capture on a server, wireshark to inspect
  10. Working With JSON video 2

  11. Curl is Your Friend -X [verb] The verb to use

    for this request -H "[Header: value]" A header to send. Use as many times as needed -d [value] Either the whole body data as a string, a filename, or a key/value pair -s The "silent" switch, to hide curl's progress meter when piping the output to something else -c [filename] Where to store any incoming cookies for future use -b [filename] Cookies to send with the request -v to both body and headers, in the request and response
  12. Python's JSON Library A whole python tool, handily available via

    commandline [something] | python -mjson.tool http://docs.python.org/2/library/json.html
  13. Things That Are Not GET Requests video 3

  14. Debugging an API Problem Seeing the problem is usually harder

    than fixing • Can you reproduce the problem? • Start wireshark, inspect traffic • Use Curl to try simplest case, then step up
  15. Beyond Observing video 4

  16. Charles Multi-platform Web Debugging Proxy http://www.charlesproxy.com/ • Observe requests •

    Firefox plugin • Change requests • Use Charles as a network proxy (detailed article: http://lrnja.net/ZuiDYJ)
  17. Other Networked Devices video 5

  18. Debugging SSL Charles can perform a man-in-the-middle attack

  19. Debugging SSL You need to authorise the attack Add an

    exception, or install the Charles CA in your browser
  20. Make Debugging Your Super Power

  21. Questions? Feedback please! https://joind.in/9313