I am making an app using PhoneGap and I am sending a POST request to a web service. Now I need to analyze the request that is being sent. What tool should I use to do that - Wireshark ?
I'm using a Mac.
An easy way to see what the post looks like is to post it to something like http://requestb.in/. That way you can test it from your app itself. Bascially change where your posting to, to the post bin you create.
Wire shark can do that but its does lot more than monitoring HTTP based requests.
Try using Fiddler for that.
http://www.fiddler2.com/fiddler2/version.asp
Related
I am currently trying to build a go API using gin for a web and mobile application. I am new to the world of WebSockets and Go so I was wondering how I would go about triggering a GET request from the client after a relevant POST request was made ie: the POST request contained the user's ID so the clients who require information regarding that user are properly updated. Currently, I have the POST and GET requests which do what I need them, but I'm a little lost about how to make the entire flow realtime using WebSockets.
I believe this example of server-sent-events should address the question. Once a POST handler has been called, send a flag to the GET endpoint via a channel and then send an event through there.
I had gone through the OWASP ZAP and I found that ZAP requires endpoint of the web application.
But still, I tried to provide URL of REST APIs of our microservices but I was getting 404 error. What I think is OWASP ZAP scans on HTTP GET method and don't allow POST method or else.
Below is the screenshot of ZAP:
Link to the screenshot of ZAP
I know there is a post related to test of rest API but that post i was not full clear and was also not related to micro services.
Please recommend any better open source software and way through which we can do our VAPT test easily.
Thanks
The ZAP Quick Start option only supports GET requests, but you can easily send POST requests using the Manual Request dialog. With APIs the main problem is how to discover them. Does that end point link to all of the other API end points?
I am currently using Heroku's HTTP post hook add-on to send a message to my company's chat client, but now I want to do more with it. Is it possible to add multiple HTTP post hooks, so more than one service could be notified when a deploy happens? (no I don't want to receive emails).
Thanks!
-Doug
My friend Jared made an app for this: https://github.com/deadlyicon/deploy-hook-forker
Not right now - a workaround would be having a tiny app to receives your HTTP post hook and trigger all the HTTP hooks you need.
We have a need to consume an external REST Api and dynamically update content on our website and have ran into the age old problem of cross site scripting and Ajax.
I've read up on JSONP however I don't want to go down that route in a million years as it seems like really a rather dirty hack.
As a solution to this issue is it "right" and "proper" to have a local service that acts as a proxy for any requests to an external Api? So on the client there would be an Ajax call to ../RestProxy/MakeRequest passing it the details of the request it needs to make to the external api, it performs the request and returns anything passed back.
Any thoughts would be appreciated.
There are three ways to do this:
1. JSONP
This is accepted by many popular APIs and frameworks. JQuery makes it easy. I would recommend this.
2. Proxy
Works pretty much as you described. Adds an extra step and server code and server load for you. However, it does allow you to filter or otherwise manipulate the results before sending them to the client.
3. Rely Access-Control-Allow-Origin
This is a header that the server can set to allow you to read json directly from their server even though you aren't on the same domain. This eliminates the need for the jsonp hack, but it requires the the server be setup to support it and it requires a web browser that supports it.
Access-Control-Allow-Origin is supported in:
IE8+
Firefox 3.6+
Safari 4.0+
Chrome 6+
iOS Safari 3.2+
Android browser 2.1+
If you need to support IE7, then this option isn't for you.
so, I have page doing a number of ajax and jsonp(i.e. injection) to get data. I would like to know how to find out the request URL I have made without using debugging tools, like firebug. etc. i.e. the history of GET request of the browser. Thanks
For the most part, browsers do NOT log a history of their HTTP GET requests. Also, if you're using ajax, you're probably doing HTTP POST requests as well.
You don't have to use an in-browser tool like Firebug, but you will need some tool to actually get a history of requests and the request bodies.
You can use a tool like Fiddler2, which is a proxy that gets all HTTP traffic outgoing from your computer (including from your browser and all other applications).
If you have control of the server environment, you can also set up logging on the server to capture this data.
You can use WireShark or a similar tool to monitor the network traffic and inspect the packets.