Debugging HTTP

Debugging HTTP Lorna Mitchell, ZendCon 2014

6 Stages of Debugging

Denial That can't happen.

Frustration That doesn't happen on my machine.

Disbelief That shouldn't happen.

Testing Why does that happen?

Gotcha Oh, I see.

Relief How did that ever work?

Fault-Finding HTTP ... is just like fault-finding elsewhere in a
web project Seeing the problem is usually harder than fixing it

Developer Tools Get to know the tools in your browser.
Demo: My favourite browser tool

Curl Curl (or cURL) is command-line multitool for HTTP http://curl.haxx.se/

Lornajane's Curl Cheat Sheet -X [verb] The verb to use
for this request -H "[Header: value]" A header to send. Repeat as needed -d [value] Either the whole body data as a string, a filename, or a key/value pair -s The "silent" switch, to hide curl's progress meter when piping the output to something else -c [filename] Where to store any incoming cookies for future use -b [filename] Cookies to send with the request -v to show headers for both request and response

Meet Curl Demo: I'd like to introduce you to curl

Python's JSON Library A python tool, handily available via CLI
[some json] | python -mjson.tool http://docs.python.org/2/library/json.html

Wireshark Copies traffic from your network card to allow you
to view it • Observe without changing • Can capture on a server, inspect later • Or tunnel the data over SSH (http://lrnja.net/1gEMLiE) • Save and load sessions https://www.wireshark.org/

Debugging Across Layers

Debugging Across Layers Demo: why doesn't this work? ... oh.

Charles Proxy Multi-platform Web Debugging Proxy http://www.charlesproxy.com/ • Observe requests
• Firefox plugin • Change requests • Use Charles as a network proxy • Repeat/save requests (detailed article: http://lrnja.net/ZuiDYJ)

Charles Proxy Demo: Charles Proxy on web and mobile

Debugging SSL Charles can perform a man-in-the-middle attack

Debugging SSL You need to authorise the "attack"

Make Debugging Your Super Power

Other Excellent Tools • httpie https://github.com/jkbr/httpie • Fiddler http://www.telerik.com/fiddler •
Postman (Chrome) http://getpostman.com/ • RESTClient (Firefox) http://restclient.net/ • mitmproxy http://mitmproxy.org/ • jq http://stedolan.github.io/jq/ • hurl.it http://www.hurl.it/

Questions? Feedback (please?) https://m.joind.in/talk/1d5ee Contact: http://lornajane.net - @lornajane

Debugging HTTP

Debugging HTTP

Lorna Mitchell

More Decks by Lorna Mitchell

Other Decks in Technology

Featured

Transcript

Debugging HTTP Lorna Mitchell, ZendCon 2014

6 Stages of Debugging

Denial That can't happen.

Frustration That doesn't happen on my machine.

Disbelief That shouldn't happen.

Testing Why does that happen?

Gotcha Oh, I see.

Relief How did that ever work?

Fault-Finding HTTP ... is just like fault-finding elsewhere in a

Tools

Developer Tools Get to know the tools in your browser.

Curl Curl (or cURL) is command-line multitool for HTTP http://curl.haxx.se/

Lornajane's Curl Cheat Sheet -X [verb] The verb to use

Meet Curl Demo: I'd like to introduce you to curl

Python's JSON Library A python tool, handily available via CLI

Wireshark Copies traffic from your network card to allow you

Debugging Across Layers

Debugging Across Layers Demo: why doesn't this work? ... oh.

Charles Proxy Multi-platform Web Debugging Proxy http://www.charlesproxy.com/ • Observe requests

Charles Proxy Demo: Charles Proxy on web and mobile

Debugging SSL Charles can perform a man-in-the-middle attack

Debugging SSL You need to authorise the "attack"

Make Debugging Your Super Power

Other Excellent Tools • httpie https://github.com/jkbr/httpie • Fiddler http://www.telerik.com/fiddler •

Questions? Feedback (please?) https://m.joind.in/talk/1d5ee Contact: http://lornajane.net - @lornajane