10/9: testing https
The problem I’m trying to solve here is to see if my web app is setting the right headers on the response. But, the web app is under https so it’s hard to sniff. Here’s how I did it. Hopefully next time I have to do this, I will find this hint and get going a lot quicker.
In the thing below, pretendhostname is a name that the remote web server uses for the server name, and the local machine has as an alias to 127.0.0.1. Also, I have used ssh port forwarding to send the data to the remote web server.
Remote machineIn /etc/apache2/sites-enabled/the-web-app:
<VirtualHost *:443> ServerName pretendhostname ... </VirtualHost>
~/.ssh/config stanza for some remote network on which the remote web server (10.0.0.26) runs:
Host remote_gateway ... LocalForward 8443 10.0.0.26:443
in /etc/hosts on my local machine:
127.0.0.1 localhost pretendhostname
Type these commands:
$ ssh remote_gateway
then in a different terminal on my local machine:
$ curl -L -b cookie.data -c cookie.data \ -d 'username=theusername&password=thepassword' \ -k -D headers.txt \ https://pretendhostname:8443/login/ $ curl -L -b cookie.data -c cookie.data \ -d 'username=theusername&password=thepassword' \ -k -D headers.txt \ https://pretendhostname:8443/some/path/somefile.data
This will put the headers of the response into headers.txt, where I can inspect them.