My toolbox: HttpToolkit
[ This is the first article in an upcoming series of toolbox ones that showcase some of the tools I use in my development work ]
Often enough I need to find out the details of HTTP requests to reverse-engineer some API or to understand error responses where my used Java library only throws some exception but otherwise doesn’t tell me more. A while back I discovered HttpToolkit and since then use it almost daily (when developing).
One of my tools here used to be first tcpdump and later Wireshark, but often enough this does not work, because the traffic is already encrypted when it hits the network layer. HttpToolkit uses a different approach and taps into the user code and operates like a proxy server as seen in the following diagram.
The above screenshot of HttpToolkit shows on the left the traffic from some integration tests that I was running with ‘mvn install’. For this work, the setup is super simple: on the Intercept page I just start a new terminal by clicking on the respective tile shown in the next screenshot, a new terminal pops up and I start ‘mvn install’ in it. For me this comes extremely handy when I want to adjust my mockserver rules.
It is also possible to attach to a running JVM. Click on the respective tile and then select the process from the list of running JVMs.
Back to the first screenshot, you can see on the right side the requests and responses for the entry selected on the left.
One small caveat is that version 1.7 (latest at the time of this writing) does not automatically intercept incoming requests into my Quarkus process. But for this purpose I can still fire up Wireshark.
Back to HttpToolkit: another nice option is to actually stop and rewrite traffic on the fly. Just add a new rule in the Mock section (and don’t forget to press save, as it will otherwise not be activated):
When a request is then intercepted, the details screen becomes editable and you can modify e.g. header fields of the request like the marked accept-header. You may need to be quick as some code has some low timeouts set.
So far I have only shown a UI app, so you may ask why HttpToolkit? When you look at their GitHub repository, you can see a bunch of applications, that could also be used separately without the GUI. I am far from having used all the offered features and the pro version offers even more. Definitively a super helpful tool for me and worth checking out.
Installation is easy just head over to https://httptoolkit.tech and download the installer.
