views:

758

answers:

6

What is a good strategy for sniffing/tracing function calls between a Flex application and a ColdFusion-based backend running on ColdFusion server? I understand they use AMF protocol.

I'm used to using Fiddler to sniff transactions between HTTP clients and servers, and it works great as long as you're using plain text or XML HTTP requests and responses (including those over SSL) but it isn't much help for binary protocols like AMF over HTTP.

In my case, I do have access to the source code for the client and server, but I'm looking for an easy way to passively sniff traffic in any Flex + ColdFusion situation, without having to tweak anything on the server.

+6  A: 

Wireshark: sniffing the glue that holds the internet together

http://www.wireshark.org/

bmdhacks
A: 

ditto for wireshark (the artist formerly known as Ethereal). you can sniff at every protocol layer, and stitch together traffic streams.

Corey Goldberg
+2  A: 

ServiceCapture is another option. It decodes the binary AMF for you, if I remember correctly.

http://kevinlangdon.com/serviceCapture/

Abyss Knight
+4  A: 

http://www.charlesproxy.com/

Although not free, will decode AMF binary data and allows to trace SSL connections too.

Cosma Colanicchia
Charles is so damn great it almost hurts!
grapefrukt
Charles is fantastic.
Theo
Charles is amazing and totally worth the license fee.
cliff.meyers
+1  A: 

The simple and poor man's trick. Create one cfc to log calls to the different cfc's and pages as you need. Dump it all to a table. Filter and sort at will. I have done this in the past and it has worked great. It's like putting in little fish hooks anywhere you want to know. This would likely give you the most application relevant data. If you need an example let me know.

Jas Panesar
A: 

Firebug with the Flashbug plugin will show all decoded AMF messages both to and from a Flash app. Works well over HTTPS too.

ccpizza