Most web/mobile applications are clients, in the sense that they are just interfaces for the main system. The main system being a set of API’s that the application communicates with, or a web server returning some data. When testing applications, most people tend to focus on the application and treat the API’s/backend as a blackbox. This approach would only get you so far, but what if you could put a “man in the middle” and spy on the conversations that the application and the APIs are having? Well you can, by taking advantage of some open source proxies available such as Fiddler and Charles.
In this workshop I will show you how to route your applications and even mobile device through a proxy on your machine. Once connected we will then explore the new information this allows us to see and discuss ideas about what we can now do with it. We will look at manipulating data to test the application’s UI when exposed to different characters or string lengths, without having to have this data in our database. We will simulate request timeouts and response status codes. We will also manipulate the connection speed, so we can see how our application behaves on slower connections. Plus a whole host of other great uses for proxies. Attendees can then spend some time testing, before we end the workshop with some group insights and hopefully some bugs!
Students for the workshop should come with the following:
- Please install the latest version of Charles Proxy from: https://www.charlesproxy.com/