tags:

views:

758

answers:

6
+3  Q: 

Sniffing traffic between a Flex app and ColdFusion backend

What is a good strategy for sniffing/tracing function calls between a Flex application and a ColdFusion-based backend running on ColdFusion server? I understand they use AMF protocol.

I'm used to using Fiddler to sniff transactions between HTTP clients and servers, and it works great as long as you're using plain text or XML HTTP requests and responses (including those over SSL) but it isn't much help for binary protocols like AMF over HTTP.

In my case, I do have access to the source code for the client and server, but I'm looking for an easy way to passively sniff traffic in any Flex + ColdFusion situation, without having to tweak anything on the server.

+6  A: 

Wireshark: sniffing the glue that holds the internet together

http://www.wireshark.org/

bmdhacks  2008-09-18 18:39:25
A: 

ditto for wireshark (the artist formerly known as Ethereal). you can sniff at every protocol layer, and stitch together traffic streams.

Corey Goldberg  2008-09-18 19:11:41
+2  A: 

ServiceCapture is another option. It decodes the binary AMF for you, if I remember correctly.

http://kevinlangdon.com/serviceCapture/

Abyss Knight  2008-09-18 19:16:09
+4  A: 

http://www.charlesproxy.com/

Although not free, will decode AMF binary data and allows to trace SSL connections too.

Cosma Colanicchia  2008-09-18 23:48:59
Charles is so damn great it almost hurts!
grapefrukt  2008-09-19 07:27:00
Charles is fantastic.
Theo  2008-09-19 15:46:52
Charles is amazing and totally worth the license fee.
cliff.meyers  2008-12-04 02:59:16
+1  A: 

The simple and poor man's trick. Create one cfc to log calls to the different cfc's and pages as you need. Dump it all to a table. Filter and sort at will. I have done this in the past and it has worked great. It's like putting in little fish hooks anywhere you want to know. This would likely give you the most application relevant data. If you need an example let me know.

Jas Panesar  2009-02-04 15:47:14
A: 

Firebug with the Flashbug plugin will show all decoded AMF messages both to and from a Flash app. Works well over HTTPS too.

ccpizza  2009-12-04 13:33:12

related questions

Silverlight vs Flex
Executing JavaScript from Flex: Is this javascript function dangerous?
How To Get Label Of Combobox to Fade In Flex
How do I change the title bar icon in Adobe AIR?
How do I call a Flex SWF from a remote domain using Flash (AS3) ?
Flex: does painless programmatic data binding exist?
SoapException: Root element is missing occurs when .NET web service called from Flex
Any recommendations for in-depth Flex training?
How do I restyle an Adobe Flex Accordion to include a button in each canvas header?
Deleting / Replacing A Node in E4X (AS3 - Flex)
How can I "unaccept" a drag in Flex?
Printing Flex components in FireFox 3
Is it possible to add behavior to a non-dynamic ActionScript 3 class without inheriting the class?
How do I get rid of the "multiple describeType entries" warning?
Open local file with AIR / Flex
Flex / Air obfuscation
Adobe Flex component events
Can you access the windows registry from Adobe Air?
Actionscript 3 - Fastest way to parse yyyy-mm-dd hh:mm:ss to a Date object?
Adobe Air - Using multiple SQLite databases at once
How can I unit test Flex applications from within the IDE or a build script?
Best way to learn Flash?
Get the current logged in OS user in Adobe Air
Adobe air - SQLStatement.execute() - Multiple queries in one statement
Unloading a ByteArray in Actionscript 3.