Fiddler doesn't show outgoing API requests.
Using IFEO debugger shows localhost requests that are not usefull for me, I need actual domains.
Someone told me that client ignores windows proxy and i need application proxy but client has protection against it so there's even more to it.
Has anyone tracked lol/riot's requests before and know how to do that?
Related
We have a Client Toolkit provided by our partner that allows us to access their web services. It started giving errors yesterday on any call and initially their support wanted us to provide a Fiddler log. I tried to do so, however there was no activity shown in Fiddler when the call was made.
From this I would have assumed that the error would have to have occurred before an actual web request was sent out. However, the issue turned out to be an update they did that requires an SSL connection. They rolled back the change but advised us to update our calls to use https so they can re-implement their update.
So if the change was on their end, that means that communications obviously were going on with their server. Why wouldn't that have shown up in Fiddler? Are there scenarios where communications occur but a request isn't fully created or something like that? I just assumed that if there was any communication whatsoever that "something" would show up in Fiddler.
We have come across similar problem, need your help to resolve this.
Can you please either let us know your contact number so that we can reach out to you or if you can provide your script if possible so that we can refer to
Here is the problem we are stuck with:
I am trying to test a Rest service through HTTP sampler using Jmeter. Not sure how to capture token from the sampler generates a token and to use this token for authorization in the header manager of another HTTP.
Loadrunner is not displaying the web address when trying to enter in the truclient browser. Below is the problem as this web address automatically redirect to another web address which is the authentication server.
Can you please suggest another solution for the below issue?
Here is the exact scenario we are trying to achieve
we want to loadtest the portal however due to redirect and different authentication method being used we are unable to do it using truclient protocol in loadrunner. Also tried Multiple protocol selecting LDAP, SMTP, HTTP/HTML etc but no luck.**
Thank You,
Sonny
JMETER is going to architecturally be the HTTP protocol layer equivalent with LoadRunner, with the exception of the number of threads per browser emulation.
In contrast to the code request, I want to architecturally visualize the problem. You mention redirect, is this an HTTP 301/302 redirect or one which is handled with information passed back to the client, processed on the client and then redirected to another host? You mention dynamic authentication via header token, have you examined the web_add_header() and web_add_auto_header() in Laodrunner web virtual users for passing of extra header messages, including ones which have been correlated from previous requests, such as the token being passed back as you note?
This authentication mechanism is based upon? LDAP? Kerberos? Windows Integrated Authentication? Simple Authentication based upon username/password in header? Can you be architecturally more specific and when this comes into play, such as from the first request to gain access to the test environment through the firewall or from a nth request to gain access within a business process?
You mention RESTFul services. These can be transport independent, such as being passed over SMTP using a mailbox to broker the passing of data between client and server, or over HTTP similar to SOAP messages. Do you have architectural clarity on this? Could it be that you need to provide mailbox authentication across SMTP and POP3 to send and receive?
Recently I am doing a research on the request/response model of the facebook mobile app. I am using the fiddler 4 to capture all the http/https conversation from the facebook app on my iphone 4s. What I did was setting my desktop as a proxy and redirecting all the iphone network traffic through it. By the way, I have configured the fiddler so that all the https conversations are also transparent.
One interesting thing I find is that, although I am able to capture all the requests and responses for the graphics and jsons. I never found any request regarding the Comments or Likes, nor can I find any information of the new feed that's in plain text.
My question is, did I miss something or such "plain text" conversations are happening on a different transport layer or with some different protocol?
How am I able to get these conversations in my fiddler?
Thanks
All communication with the server API should be running over HTTPS. It means it's SSL encrypted and you are unable to see the plain text communication on your proxy. That behaviour is on purpose to protect the users data. You surely wouldn't be happy if anybody on a way of packets from your iPhone to the Facebook API's could read your messages for example :-)
You are saying you made "https transparent". I don't know what exactly you mean, but unless you make classical man-in-the-middle attack by faking certificates, you have no chance to see the open text communication of HTTPS. And I think FB has it covered and will detect change of certificates.
Edit: I just have checked it out using Charles proxy and yes, all the communication to the Facebook API is (of course as expected) HTTPS, so you will never see any open text communication.
As you know, you can easily configure Fiddler to decrypt HTTPS traffic.
My first guess is that the "Like" and "Comment" data are transferred over a HTML5 WebSocket. Do you see any WebSockets in the traffic from the application?
I am trying to send Http Requests from Android phone using Apache HttpClient to a server routing my requests via Fiddler. For certain requests, the DefaultHttpClient.execute throws a NoHttpResponseException, but this particular request is not seen in the fiddler at all.
The same thing happens if i direct my traffic without Fiddler but directly over wifi. The code for execute works fine generally.
Fixed this by handling the NoHttpResponseException and re-sending the request. When the same requests gets sent again, it goes through fine.
I would be interested to know the root cause of this issue - but for the time being this works for me.
i am making an app in which there is a need of money transaction...
for this i have to send SOAP xml to server but in secure way....
i have been told that i have to create SSL connection first and then send that soap message.....
I know about SOAP very well but no idea about SSL connection...
please provide some help...
Check out NSURLConnection docs on the apple site: NSURLConnection
EDIT: added more info.
You need to set up authentication. A quick search of SO produced these results:
NSURLConnection SSL HTTP Basic Auth and
HTTPS with NSURLConnection - NSURLErrorServerCertificateUntrusted
You need to set up your server to handle authentication, then issue a challenge to the device. As you can see in the above posts, there is a function: didReceiveAuthenticationChallenge:
You need to use this to handle authentication challenges. You can get a good idea of how to go about it using the above posts.
Your server needs to be set up to handle authentication, as well. I don't know what language you use with your server, but as I use PHP, here is the PHP manual link on authentication:
PHP authentication
It is a tricky thing to do at first, but once you get into it isn't bad (and creating more https connections comes easily). However, writing out everything you would need to do here is a bit much. If you scope out those posts, you can get a general idea about how to go about it. It'll take some working to get it done.
Most often this simply means that you have to send data to an HTTPS endpoint. What this also means is that there is a secure connection (done for you automatically) between the client and the server so that the payload (body) of the message is encrypted rather than transmitted in clear text (which is the case with HTTP).
Basically, most times, it is enough just to make sure you're using HTTPS :)
Have a look at http://en.wikipedia.org/wiki/Secure_Sockets_Layer