Need advice on how to inspect HTTP requests


#1

I’m trying to debug a bug in my code and am looking for some general
advice on how to go about isolating the problem.

The problem:
My Rails application talks to a WebDAV server via HTTPS. Thanks to the
Ruby standard library, I was able to make authentication over SSL happen
with just a few lines of code. Awesome! Now it gets a bit obscure. I’m
using a PROPFIND request to the WebDAV server without a body (this
implicitly means “give me everything”). This works. But when I put a
query in the body, the WebDAV server returns a “400 - bad request”. If I
could get more details from the WebDAV server, this would be easy to
debug. Unfortunately, this isn’t the case.

I’ve double- and triple-checked my syntax, so I know that’s fine. I’ve
even made the same request via Ajax using the XmlHttpRequest object to
the same server, this works fine too.

What I’d like to do:
Given that the server is opaque and I’ve got one request that works
(XmlHttpRequest) and one that doesn’t (from Ruby), I would like to
inspect both requests and see what’s different. I’m about to investigate
WEBrick to see if I can use it as a forensic tool. I.e., send the
request to my fake WEBrick app to inspect the packets and see what’s
different between Ruby and XHR.

I wanted to see if anyone has advice on this approach before I invest
more time in learning WEBrick programming. If there are any free tools
for inspecting incoming HTTP requests, I’d love to hear about them.

Thanks!
–Ed Lau


#2

Ed Lau wrote:

I wanted to see if anyone has advice on this approach before I invest
more time in learning WEBrick programming. If there are any free tools
for inspecting incoming HTTP requests, I’d love to hear about them.

The Firefox Live HTTP Headers will let you observe the HTTP Headers,
incoming and outgoing.

Ray


#3

Ed,

If HTTP is enough for you then I can only recommend tcpwatch.py: It
is a cute little utility that lets you watch your raw TCP traffic.
However, it will not be worth much if you are using HTTPS since you
will only see the encrypted garbage.

Manuel