Thursday, October 21, 2010

Using Fiddler with a Java Application for debugging

I explored using Fiddler to help debug the SOAP calls I was making from a Java application. This was quite simple and I will explain how to set it up. This could be used to capture any type of web service calls.

First, download and install Fiddler from the website.
(http://www.fiddler2.com/Fiddler2/version.asp)

Next, you will have to configure the Fiddler Options to Capture and Decrypt the HTTPS traffic.

Now once you have Fiddler setup and running on your machine you need to configure your Java application to use fiddler as a proxy. This can be done very easily.

Add this code to the beginning of your application.

System.setProperty("https.proxyHost", "localhost");
System.setProperty("https.proxyPort", "8888");

After this you may get issues accepting the certificate. You can bypass the certificate quite easily by calling this function after setting the above Properties.

public static void installAllTrustManager() {
        TrustManager[] trustAllCerts = new TrustManager[]{
            new X509TrustManager() {

                public java.security.cert.X509Certificate[] getAcceptedIssuers() {
                    return null;
                }

                public void checkClientTrusted(
                        java.security.cert.X509Certificate[] certs, String authType) {
                }

                public void checkServerTrusted(
                        java.security.cert.X509Certificate[] certs, String authType) {
                }
            }
        };

        // Install the all-trusting trust manager
        try {
            SSLContext sc = SSLContext.getInstance("SSL");
            sc.init(null, trustAllCerts, new java.security.SecureRandom());
            HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
            HttpsURLConnection.setDefaultHostnameVerifier(
                    new HostnameVerifier() {

                        public boolean verify(String urlHostname, javax.net.ssl.SSLSession _session) {
                            return true;
                        }
                    });
        } catch (Exception e) {
            e.printStackTrace();
        }
    }

Then as you run your application you can see the calls being captured in fiddler. You can look at the request and response very easily and determine any issues that you may not be able to discover in code or by logging.

I hope this helps others.

No comments:

Post a Comment