Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Debugging HTTP

Lorna Mitchell
February 22, 2014

Debugging HTTP

Debugging HTTP talk from PHPUK in 2014

Lorna Mitchell

February 22, 2014
Tweet

More Decks by Lorna Mitchell

Other Decks in Technology

Transcript

  1. Debugging HTTP Lorna Mitchell, PHP UK 2014

  2. 6 Stages of Debugging

  3. Denial That can't happen.

  4. Frustration That doesn't happen on my machine.

  5. Disbelief That shouldn't happen.

  6. Testing Why does that happen?

  7. Gotcha Oh, I see.

  8. Relief How did that ever work?

  9. Fault-Finding HTTP ... is just like fault-finding elsewhere in a

    web project Seeing the problem is usually harder than fixing it • Can you reproduce the problem? • Start wireshark, inspect traffic • Use Curl to try simplest case, then step up • Charles can transform requests
  10. Tools

  11. Curl Curl (or cURL) is command-line multitool for HTTP http://curl.haxx.se/

  12. Curl is Your Friend -X [verb] The verb to use

    for this request -H "[Header: value]" A header to send. Use as many times as needed -d [value] Either the whole body data as a string, a filename, or a key/value pair -s The "silent" switch, to hide curl's progress meter when piping the output to something else -c [filename] Where to store any incoming cookies for future use -b [filename] Cookies to send with the request -v to both body and headers, in the request and response
  13. Meet Curl Demo 1: I'd like to introduce you to

    curl
  14. Python's JSON Library A python tool, handily available via CLI

    [some json] | python -mjson.tool http://docs.python.org/2/library/json.html
  15. Wireshark Copies traffic from your network card to allow you

    to view it • Quick way to observe without adding debug to your application • Can use tcpdump to capture on a server, wireshark to inspect later • Save and load sessions https://www.wireshark.org/
  16. Debugging Across Layers

  17. Debugging Across Layers Demo 2: why doesn't this work? ...

    oh.
  18. Charles Proxy Multi-platform Web Debugging Proxy http://www.charlesproxy.com/ • Observe requests

    • Firefox plugin • Change requests • Use Charles as a network proxy • Repeat/save requests (detailed article: http://lrnja.net/ZuiDYJ)
  19. Charles Proxy Demo 3: A few Charles Proxy tricks

  20. Debugging on Mobile Demo 4: WTF is this app doing?

  21. Debugging SSL Charles can perform a man-in-the-middle attack

  22. Debugging SSL You need to authorise the attack Add an

    exception, or install the Charles CA in your browser
  23. Other Excellent Tools • httpie https://github.com/jkbr/httpie • Fiddler http://www.telerik.com/fiddler •

    Postman (Chrome) http://getpostman.com/ • RESTClient (Firefox) http://restclient.net/ • mitmproxy http://mitmproxy.org/ • jq http://stedolan.github.io/jq/
  24. Make Debugging Your Super Power

  25. Questions? Feedback please! https://joind.in/10702 Contact: http://lornajane.net - @lornajane