HTTPS tracing and debugging: Final words, Q&A and snippets

These are the final words, Q&A and snippets of the scenarios covered by the post series:
“HTTPS tracing and debugging: A simple way “

Conclusion

I hope that this series of Post will be useful to you at some point during your respective projects. If you dedicate yourself to system integration, these techniques can help you save yourself a lot of headaches and comings and goings with the Basis/Networking team. This will also help you have a deeper understanding of how HTTP operates and proxies in general.

At the end of this series, some conclusions:

• It’s not hard, but it requires knowing what you’re doing.
• Some scenarios require patience.
• Once you prepare the scenarios, they require little or no maintenance.

Snippets

• Groovy script to answer an HTTP echo in CPI (Make sure to add a “*” in the allowed headers in your iflow, and be cautious!)

import com.sap.gateway.ip.core.customdev.util.Message
import java.util.HashMap
import groovy.xml.*

def Message processData(Message message) {
    def inBody = (String) message.getBody(java.lang.String)
    def mapHeaders = message.getHeaders()
    def mapProperties = message.getProperties()

    //XML Generation
    def response = new StringWriter()
    def xml = new groovy.xml.MarkupBuilder(response)

    xml.response{
        body("${inBody}")
        headers{ mapHeaders.each{item->
            header(key:(item.key),((item.value)))
            }
        }
        properties{ mapProperties.each{item->
            property(key:(item.key),((item.value)))
            }
        }
    }
    
   mapHeaders = ['content-type':'application/xml']
   message.setHeaders(mapHeaders)
   body = response.toString()
   message.setBody(body)

   return message
}

• XSD with CPI echo response

<xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema">
  <xs:element name="response">
    <xs:complexType>
      <xs:sequence>
        <xs:element type="xs:string" name="body"/>
        <xs:element name="headers">
          <xs:complexType>
            <xs:sequence>
              <xs:element name="header" maxOccurs="unbounded" minOccurs="0">
                <xs:complexType>
                  <xs:simpleContent>
                    <xs:extension base="xs:string">
                      <xs:attribute type="xs:string" name="key" use="optional"/>
                    </xs:extension>
                  </xs:simpleContent>
                </xs:complexType>
              </xs:element>
            </xs:sequence>
          </xs:complexType>
        </xs:element>
        <xs:element name="properties">
          <xs:complexType>
            <xs:sequence>
              <xs:element name="property" maxOccurs="unbounded" minOccurs="0">
                <xs:complexType>
                  <xs:simpleContent>
                    <xs:extension base="xs:string">
                      <xs:attribute type="xs:string" name="key" use="optional"/>
                    </xs:extension>
                  </xs:simpleContent>
                </xs:complexType>
              </xs:element>
            </xs:sequence>
          </xs:complexType>
        </xs:element>
      </xs:sequence>
    </xs:complexType>
  </xs:element>
</xs:schema>

Questions and Answers

1.- Q: I use windows and I can’t find the application “mitmproxy” What can I do?
A: Indeed, this application does not exist for windows. However, you can effectively use “mitmweb” amd get the same results. Examples 3 and 4 show how to use it. Another option if you have windows 10, is to install the Windows Subsystem for Linux (WSL). This will allow you to install a linux distribution (who said openSUSE?) without having to use any sort of virtual machines. This alternative works quite well and will allow you to have access to many other Linux tools.

2.- Q: How can I create an echo server quickly?
A: With NodeJS, you can quickly run an HTTP echo using NPX  (Link)

npx http-echo-server <PORT NUMBER>

3.- Q: How can I obtain certificates from my proxy server?
A: When you run mitmproxy or mitmweb for the first time, the proxy will create certificates in the folder ~/.mitmproxy (or its equivalent in windows C:\<HOME>\.mitmproxy) from there you can download the certificates. Another option is to configure your internet browser so it can use your proxy and then, visit the “mitm.it” page. The webpage will guide you to download or install the certificates automatically.

4.- Q: When I push the cloud foundry app I get the following error: “The app cannot be mapped to route mitmproxy.cfapps.eu10.hana.ondemand.com because the route exists in a different space”.
A: As I mentioned in example 4, I (or someone else) already recorded the route “mitmproxy”. Try changing the name of your application to something like “mimtproxy-<UID>” where UID is a unique descriptor (e.g. your SUSER).

5.- Q: My java based application (such as Eclipse) does not work with my proxy, why?
A: You need to import the proxy certificates into the Java Trusted CAs. In the second post I’ve shown you how to get the certificates. Then:

keytool -import -trustcacerts -keystore $JAVA_HOME/jre/lib/security/cacerts -storepass changeit -alias mitmproxy -import -file <<MitmProxy>>

keytool -import -trustcacerts -keystore $JAVA_HOME/jre/lib/security/cacerts -storepass changeit -alias mitmit -import -file <<MitmIt>>

Ariel Bravo Ayala