Using WebScarab with Adobe AIR to Monitor HTTP Traffic

Wow. What a busy few weeks. But now that I have completed my cf.Objective() presentation, and given a practice presentation to the Twin Cities ColdFusion User Group, and I have caught up on things at work, I am finally back at my desk, jamming to some Miley Cyrus Aly & AJ Metallica and pumping out code.

My current project is an Adobe AIR application that, on occasion, needs to talk to a remote server. I am using jQuery to make the requests to the remote server, though I could, just as easily use AIR's URLLoader.

Yesterday, I was working on troubleshooting a problem, and I need to be able to see what was going on with the requests that were happening between my AIR application and the remote ColdFusion server. In FireFox this is easy, because FireBug will show you all of the requests and response:

But as far as I know, neither AIR or Aptana have anything like this. But I knew that if I could connect to an proxy tool that allowed traffic monitoring, that I could watch all of the requests and responses just like in FireBug.

Of course, neither the AIR URLLoader object or the jQuery library have support for proxy servers, like <cfhttp> does:


<cfhttp method="POST" url="http://www.12robots.com/remoteService.cfc?method=returnSomething" proxyserver="127.0.0.1" proxyport="8008" />

And since it is not going through the browser, I cannot just setup the runtime to use a proxy server like I would in FireFox's options.



So what could I do?

Well, it turns out that, like Internet Explorer, AIR uses the system settings to determine if it should go through a proxy.

So the first thing I needed to do was set up a proxy tool for monitoring my HTTP traffic. My preferred tool for this is WebScarab from OWASP.

In its most common usage, WebScarab operates as an intercepting proxy, allowing the operator to review and modify requests created by the browser before they are sent to the server, and to review and modify responses returned from the server before they are received by the browser. WebScarab is able to intercept both HTTP and HTTPS communication. The operator can also review the conversations (requests and responses) that have passed through WebScarab.

- OWASP WebScarab Project

So after WebScarab is installed it operates, by default, on port 8008. So I can change my Proxy settings to point to localhost:8008 and henceforth AIR, and IE, will operate through that proxy and I can intercept and review my HTTP traffic.


Comments
avinash's Gravatar super article boss..hats off to you.
# Posted By avinash | 9/18/09 8:15 PM
BlogCFC was created by Raymond Camden. This blog is running version 5.9.1. Contact Blog Owner