Saturday, October 17, 2015

TCP data dumping - troubleshooting HTTP, REST and SAOP using port forwarding

Many times, application developer needs to understand what is transmitted between client and server (trouble shooting) . This could be the case in HTTP, WS Soap, RESTful API etc. For example search for missing headers, character encoding etc. 

 It is a problem if you do not have root (or sudo) on the OS, so you can not use tcpdump, wireshark, snoop etc. You can achieve this by adding application server interceptors, but this is sometimes tricky and may take time. 

An easy way to solve this - port forwarding with mirroring the transmitted data to standard out (dump to standard out).  You don't need to be root (or similar) on the OS, but only control the client application conifg

 Typical set up:


In order to take the trace you need change to this constellation



You need a simple java jar that forks and dumps the datagrams/messages to the std out in parallel to forwarding them. You can download the jar here

tcpport_forwarder_dumper.jar


Since it is public git project, feel free to improve.

https://github.com/tzvetkov75/tcpport_forwarder_dumper/blob/master/build/tcpport_forwarder_dumper.jar

 Here are the step:

1. Run the port forward jar at the some local port. For the example above, port 2222 at the client machine, like in this  example:  

java -jar tcpport_forwarder_dumper.jar 2222 192.168.1.2:1234   

The result is that every connection on local port 2222 is forwarded to server destination (192.168.1.2:1234 at example)


2. Change the client application to connect to tcp forwarder instead of the server. At the example port 2222 on the same machine as the client 

 3. Start to communicate and you will see datagrams to the std-out

 TLS (HTTPS) is is not possible to ready even you dump it out ;-)

Enjoy, here an example


 /build$ java -jar tcpport_forwarder_dumper.jar 2222 www.cnet.com:80
TCP Port forwarding - content logger (dummper to stdout) v0.1 vesselin
listen on local port 2222
Forwarding to www.cnet.com:80
TCP Forwarding 127.0.0.1:39263 <--> 77.109.131.235:80 started.
------- DATAGRAM ------------
GET http://www.cnet.com/index.html HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0
Host: www.cnet.com


------- DATAGRAM ------------
HTTP/1.1 301 Moved Permanently
Server: nginx
Content-Type: text/html
Location: http://www.cnet.com/
Access-Control-Allow-Origin: http://www.cnet.com
Content-Length: 178
Accept-Ranges: bytes
Date: Sun, 25 Oct 2015 19:00:29 GMT
Connection: keep-alive
Set-Cookie: fly_geo={"countryCode": "ch"}; expires=Sun, 01-Nov-2015 19:00:29 GMT; path=/; domain=.cnet.com
Set-Cookie: fly_default_edition=us; expires=Sun, 01-Nov-2015 19:00:29 GMT; path=/; domain=.cnet.com
Set-Cookie: fly_device=desktop; expires=Sun, 01-Nov-2015 19:00:29 GMT; path=/; domain=.cnet.com
Set-Cookie: fly_zip=; expires=Sun, 01-Nov-2015 19:00:29 GMT; path=/; domain=.cnet.com


301 Moved Permanently


nginx
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)