Debugging HTTP Lorna Mitchell, PHP UK 2014 

6 Stages of Debugging 

Denial That can't happen. 

Frustration That doesn't happen on my machine. 

Disbelief That shouldn't happen. 

Testing Why does that happen? 

Gotcha Oh, I see. 

Relief How did that ever work? 

Fault-Finding HTTP ... is just like fault-finding elsewhere in a web project Seeing the problem is usually harder than fixing it • Can you reproduce the problem? • Start wireshark, inspect traffic • Use Curl to try simplest case, then step up • Charles can transform requests 

Tools 

Curl Curl (or cURL) is command-line multitool for HTTP http://curl.haxx.se/ 

Curl is Your Friend -X [verb] The verb to use for this request -H "[Header: value]" A header to send. Use as many times as needed -d [value] Either the whole body data as a string, a filename, or a key/value pair -s The "silent" switch, to hide curl's progress meter when piping the output to something else -c [filename] Where to store any incoming cookies for future use -b [filename] Cookies to send with the request -v to both body and headers, in the request and response 

Meet Curl Demo 1: I'd like to introduce you to curl 

Python's JSON Library A python tool, handily available via CLI [some json] | python -mjson.tool http://docs.python.org/2/library/json.html 

Wireshark Copies traffic from your network card to allow you to view it • Quick way to observe without adding debug to your application • Can use tcpdump to capture on a server, wireshark to inspect later • Save and load sessions https://www.wireshark.org/ 

Debugging Across Layers 

Debugging Across Layers Demo 2: why doesn't this work? ... oh. 

Charles Proxy Multi-platform Web Debugging Proxy http://www.charlesproxy.com/ • Observe requests • Firefox plugin • Change requests • Use Charles as a network proxy • Repeat/save requests (detailed article: http://lrnja.net/ZuiDYJ) 

Charles Proxy Demo 3: A few Charles Proxy tricks 

Debugging on Mobile Demo 4: WTF is this app doing? 

Debugging SSL Charles can perform a man-in-the-middle attack 

Debugging SSL You need to authorise the attack Add an exception, or install the Charles CA in your browser 

Other Excellent Tools • httpie https://github.com/jkbr/httpie • Fiddler http://www.telerik.com/fiddler • Postman (Chrome) http://getpostman.com/ • RESTClient (Firefox) http://restclient.net/ • mitmproxy http://mitmproxy.org/ • jq http://stedolan.github.io/jq/ 

Make Debugging Your Super Power 

Questions? Feedback please! https://joind.in/10702 Contact: http://lornajane.net - @lornajane