The problem I’m trying to solve here is to see if my web app is setting the right headers on the response. But, the web app is under https so it’s hard to sniff. Here’s how I did it. Hopefully next time I have to do this, I will find this hint and get going a lot quicker.

In the thing below, pretendhostname is a name that the remote web server uses for the server name, and the local machine has as an alias to 127.0.0.1. Also, I have used ssh port forwarding to send the data to the remote web server.

Remote machine
  • In /etc/apache2/sites-enabled/the-web-app:

    <VirtualHost *:443>
        ServerName pretendhostname
       ...
    </VirtualHost>
    
Local machine
  • ~/.ssh/config stanza for some remote network on which the remote web server (10.0.0.26) runs:

    Host remote_gateway
            ...
            LocalForward 8443 10.0.0.26:443
    
  • in /etc/hosts on my local machine:

    127.0.0.1       localhost pretendhostname
    
  • Type these commands:

    $ ssh remote_gateway
    

    then in a different terminal on my local machine:

    $ curl -L -b cookie.data -c cookie.data \
        -d 'username=theusername&password=thepassword' \
        -k -D headers.txt \
        https://pretendhostname:8443/login/
    $ curl -L -b cookie.data -c cookie.data \
        -d 'username=theusername&password=thepassword' \
        -k -D headers.txt \
        https://pretendhostname:8443/some/path/somefile.data
    

This will put the headers of the response into headers.txt, where I can inspect them.