Reverse Engineer a Web-based Integration
I was recently working with a corporation that used a proprietary SSO implementation and wanted to get a handle of how it all worked together. In their case clicking a link opened a new tab and so it was hard what network requests were going on in the new tab. In FireFox there's a couple of options that change the behavior of opening new tabs, but it didn't help us out. So the last option was to use an HTTP proxy. It's like what you see in the Network tab of your favorite browser, but on steroids.
What this does is that it intercepts HTTP requests so you could analyze them. You could even stop a request and modify it to your desire. This becomes very handy sometimes when you're trying to debug a difficult problem and you want to modify the response to see how your application behaves.
Here's an illustration of how it works.
As you can see the proxy sits between your local network and the end client (like your browser or application).
There's a couple of options to choose from:
- For Windows, Fiddler
- For Mac, Charles Proxy
- For cross-platform programmatic control, mitmproxy
- If you're really advanced, you could use Wireshark too. It might be too down to the nitty gritty though for most uses.
So go ahead and add this to your toolbox. I will assure you that it'll save you headaches when the time comes.
Liked this article? Share it on your favorite platform.