Traffic interception for REST API development

A

Alexey Arakelyan2013-10-25 14:49:21

Mobile development

Alexey Arakelyan, 2013-10-25 14:49:21

Hello. On duty, I am developing REST API for various mobile applications. Sometimes it becomes necessary to see what requests our application sends and how the server responds to it. In addition, sometimes you need to change the data in the request and check the application. Technically, I imagine this as a proxy that is running on the local network and to which all traffic is redirected, for example from a test WiFi point. This proxy has an address where I can go and see all the requests that it caught, put a block on some request, or do some other dirty trick / grace. Do you know similar tools? Or you will have to write such a tool yourself.

Reply

Answer the question

In order to leave comments, you need to log in

6 answer(s)

A

Alexey Zhurbitsky, 2013-10-25
@blo

Fiddler

S

Sergey, 2013-10-25
Protko @Fesor

Um… why not just add a request/response logging system to the rest-API? Substitution of data in requests? again, why not just compose your own and send it through the same curl ...
ps I do the same myself, but somehow there has never been a need to monitor what someone sends. What for?

G

gaelpa, 2013-10-25
@gaelpa

You can write a local (in your network) proxy for your protocol and redirect traffic to it through the substitution of the local DNS record.
With this option, all the cards are in your hands by data substitution + you can “intercept” SSL traffic (you also have your certificate).
Cons - you need to freeze.

B

bebebe, 2013-10-25
@bebebe

try www.portswigger.net/burp/

B

bebebe, 2013-10-25
@bebebe

try www.portswigger.net/burp/

R

Rustem Saitkulov, 2014-06-27
@atetc

I am using Charles