Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Debugging HTTP

D33d8bdd9096c80b8d1acca8d28410b5?s=47 Lorna Mitchell
February 22, 2014

Debugging HTTP

Debugging HTTP talk from PHPUK in 2014


Lorna Mitchell

February 22, 2014


  1. Debugging HTTP Lorna Mitchell, PHP UK 2014

  2. 6 Stages of Debugging

  3. Denial That can't happen.

  4. Frustration That doesn't happen on my machine.

  5. Disbelief That shouldn't happen.

  6. Testing Why does that happen?

  7. Gotcha Oh, I see.

  8. Relief How did that ever work?

  9. Fault-Finding HTTP ... is just like fault-finding elsewhere in a

    web project Seeing the problem is usually harder than fixing it • Can you reproduce the problem? • Start wireshark, inspect traffic • Use Curl to try simplest case, then step up • Charles can transform requests
  10. Tools

  11. Curl Curl (or cURL) is command-line multitool for HTTP http://curl.haxx.se/

  12. Curl is Your Friend -X [verb] The verb to use

    for this request -H "[Header: value]" A header to send. Use as many times as needed -d [value] Either the whole body data as a string, a filename, or a key/value pair -s The "silent" switch, to hide curl's progress meter when piping the output to something else -c [filename] Where to store any incoming cookies for future use -b [filename] Cookies to send with the request -v to both body and headers, in the request and response
  13. Meet Curl Demo 1: I'd like to introduce you to

  14. Python's JSON Library A python tool, handily available via CLI

    [some json] | python -mjson.tool http://docs.python.org/2/library/json.html
  15. Wireshark Copies traffic from your network card to allow you

    to view it • Quick way to observe without adding debug to your application • Can use tcpdump to capture on a server, wireshark to inspect later • Save and load sessions https://www.wireshark.org/
  16. Debugging Across Layers

  17. Debugging Across Layers Demo 2: why doesn't this work? ...

  18. Charles Proxy Multi-platform Web Debugging Proxy http://www.charlesproxy.com/ • Observe requests

    • Firefox plugin • Change requests • Use Charles as a network proxy • Repeat/save requests (detailed article: http://lrnja.net/ZuiDYJ)
  19. Charles Proxy Demo 3: A few Charles Proxy tricks

  20. Debugging on Mobile Demo 4: WTF is this app doing?

  21. Debugging SSL Charles can perform a man-in-the-middle attack

  22. Debugging SSL You need to authorise the attack Add an

    exception, or install the Charles CA in your browser
  23. Other Excellent Tools • httpie https://github.com/jkbr/httpie • Fiddler http://www.telerik.com/fiddler •

    Postman (Chrome) http://getpostman.com/ • RESTClient (Firefox) http://restclient.net/ • mitmproxy http://mitmproxy.org/ • jq http://stedolan.github.io/jq/
  24. Make Debugging Your Super Power

  25. Questions? Feedback please! https://joind.in/10702 Contact: http://lornajane.net - @lornajane