Source: httptoolkit.tech
How to Intercept and Debug All Java HTTP
Java and the JVM more generally are widely used for services everywhere, but often challenging to debug and manually test, particularly in complicated microservice architectures. It can seize control of all HTTP & HTTPS requests in any JVM, either at startup or attaching later, to redirect them to a proxy and trust that proxy to decrypt all HTTPS, allowing MitM of all JVM traffic.
In this article, I want to walk you through the details of how this is possible, so you can understand some of the secret powers of the JVM, learn how to transform raw bytecode for yourself, and build on the examples and source code behind this to build your own debugging & instrumentation tools.
This is just part of one simple case though (the full OkHttp logic is here) and doing this for all HTTP is significantly more involved...
We just need to change the return value for all implementations of that interface: With that alone, we've redirected all traffic elsewhere.
In this article, I want to walk you through the details of how this is possible, so you can understand some of the secret powers of the JVM, learn how to transform raw bytecode for yourself, and build on the examples and source code behind this to build your own debugging & instrumentation tools.
This is just part of one simple case though (the full OkHttp logic is here) and doing this for all HTTP is significantly more involved...
We just need to change the return value for all implementations of that interface: With that alone, we've redirected all traffic elsewhere.
Related Articles
Community Partners
DevOps Careers