Re: Debugging SOAP
Hello Jochem. I checked out Wireshark, but did not see a way for it to show me the XML I was sending. Am I missing something? It looks like Wireshark is a packet capture tool? rr On Mon, May 23, 2011 at 7:47 AM, Jochem van Dieten joch...@gmail.comwrote: On Mon, May 23, 2011 at 1:16 AM, Robert Rhodes wrote: Would one of you kind souls tell me how to configure one of these programs (or some other program) so I can see my SOAP going out and see the response? Install Wireshark to capture all traffic on a system: http://www.wireshark.org/ Jochem -- Jochem van Dieten http://jochem.vandieten.net/ ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:344856 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Debugging SOAP
Hi Pete. I did try soapui, and it looked like it should do what I wanted, but I could not figure out how to make it work so that I could capture the outgoing soap and responses between my dev server and the remote server. On Mon, May 23, 2011 at 11:04 AM, Pete Freitag p...@foundeo.com wrote: SoapUI is a great tool for debugging soap: http://www.soapui.org/ If you give it a WSDL url it can generate stubs for testing the remote service and lets you see and edit all aspects of the soap request and response. -- Pete Freitag - Adobe Community Professional http://foundeo.com/ - ColdFusion Consulting Products http://petefreitag.com/ - My Blog http://hackmycf.com - Is your ColdFusion Server Secure? On Sun, May 22, 2011 at 7:16 PM, Robert Rhodes rrhode...@gmail.com wrote: Hello everyone. I appreciate the help you have given me recently. Now I have a new challenge, and I am sure some of you have faced it before. I have written an application that gets and puts data to a SOAP .asmx web service running on a windows server across the internet. I am using cfinvoke. All my gets are working fine. I am getting the expected data. However all my puts are failing, and the guy at the other end says my soap xml must be wrong. Hey, it might be, but I have not been able to come up with a way to see it. I did a google search and found Fiddler and Charles, and installed them both on the dev server which is running my application. But no luck. Each program seems to monitor the traffic between my browser and local dev server, but I need to monitor traffic betwen dev server and the other server across the internet (on a non-standard ssl port). Would one of you kind souls tell me how to configure one of these programs (or some other program) so I can see my SOAP going out and see the response? RR ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:344857 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Debugging SOAP
On Tue, May 24, 2011 at 9:55 AM, Robert Rhodes wrote: Hello Jochem. I checked out Wireshark, but did not see a way for it to show me the XML I was sending. Am I missing something? It looks like Wireshark is a packet capture tool? Yes, it is a packet capture tool. It allows you to drill down in the results until you reach the SOAP data in the HTTP payload. Just keep expanding the results until you reach it. Jochem -- Jochem van Dieten http://jochem.vandieten.net/ ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:344858 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Debugging SOAP
One issue the OP faces is that the traffic is HTTPS. The request will have to change to HTTP before anything useful will show up. -- WSS4CF - WS-Security framework for CF http://wss4cf.riaforge.org/ On 24 May 2011 16:14, Jochem van Dieten joch...@gmail.com wrote: On Tue, May 24, 2011 at 9:55 AM, Robert Rhodes wrote: Hello Jochem. I checked out Wireshark, but did not see a way for it to show me the XML I was sending. Am I missing something? It looks like Wireshark is a packet capture tool? Yes, it is a packet capture tool. It allows you to drill down in the results until you reach the SOAP data in the HTTP payload. Just keep expanding the results until you reach it. Jochem -- Jochem van Dieten http://jochem.vandieten.net/ ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:344859 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Debugging SOAP
Have you tried using getHttpRequestData ? http://www.cfquickdocs.com/cf8/?getDoc=GetHttpRequestData or getSoapRequest http://www.cfquickdocs.com/cf8/?getDoc=GetSOAPRequest -- Russ Michaels www.bluethunderinternet.com : Business hosting services solutions www.cfmldeveloper.com: ColdFusion developer community www.michaels.me.uk : my blog www.cfsearch.com : ColdFusion search engine ** *skype me* : russmichaels ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:344860 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Debugging SOAP
Yes, that is the case. And all my attempts so for to view the https xml and response have failed. This is probably because there is some part of this that I am just not getting. I am hoping for that lightbulb moment soon. In the meantime, I am feeling totally lost On Tue, May 24, 2011 at 4:48 AM, James Holmes james.hol...@gmail.comwrote: One issue the OP faces is that the traffic is HTTPS. The request will have to change to HTTP before anything useful will show up. -- WSS4CF - WS-Security framework for CF http://wss4cf.riaforge.org/ On 24 May 2011 16:14, Jochem van Dieten joch...@gmail.com wrote: On Tue, May 24, 2011 at 9:55 AM, Robert Rhodes wrote: Hello Jochem. I checked out Wireshark, but did not see a way for it to show me the XML I was sending. Am I missing something? It looks like Wireshark is a packet capture tool? Yes, it is a packet capture tool. It allows you to drill down in the results until you reach the SOAP data in the HTTP payload. Just keep expanding the results until you reach it. Jochem -- Jochem van Dieten http://jochem.vandieten.net/ ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:344861 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Debugging SOAP
SSL is designed to stop you doing exactly that. You would need to send your request to a proxy that has a spoofed certificate, all of which is a pain to organise. On Tuesday, 24 May 2011, Robert Rhodes rrhode...@gmail.com wrote: Yes, that is the case. And all my attempts so for to view the https xml and response have failed. This is probably because there is some part of this that I am just not getting. -- -- WSS4CF - WS-Security framework for CF http://wss4cf.riaforge.or ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:344862 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Debugging SOAP
Have you guys tried out http://www.soapui.org/ yet? I found it invaluable when working with odd WebServices HTH MD On 24 May 2011, at 14:58, James Holmes wrote: SSL is designed to stop you doing exactly that. You would need to send your request to a proxy that has a spoofed certificate, all of which is a pain to organise. On Tuesday, 24 May 2011, Robert Rhodes rrhode...@gmail.com wrote: Yes, that is the case. And all my attempts so for to view the https xml and response have failed. This is probably because there is some part of this that I am just not getting. -- -- WSS4CF - WS-Security framework for CF http://wss4cf.riaforge.or ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:344863 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
RE: Debugging SOAP
I use Fiddler (http://www.fiddler2.com/Fiddler2/version.asp ) for debugging web service calls and it can dump the raw XML request/response and allows you to inspect HTTPS traffic... Brook -Original Message- From: Robert Rhodes [mailto:rrhode...@gmail.com] Sent: May-24-11 1:00 AM To: cf-talk Subject: Re: Debugging SOAP Hi Pete. I did try soapui, and it looked like it should do what I wanted, but I could not figure out how to make it work so that I could capture the outgoing soap and responses between my dev server and the remote server. On Mon, May 23, 2011 at 11:04 AM, Pete Freitag p...@foundeo.com wrote: SoapUI is a great tool for debugging soap: http://www.soapui.org/ If you give it a WSDL url it can generate stubs for testing the remote service and lets you see and edit all aspects of the soap request and response. -- Pete Freitag - Adobe Community Professional http://foundeo.com/ - ColdFusion Consulting Products http://petefreitag.com/ - My Blog http://hackmycf.com - Is your ColdFusion Server Secure? On Sun, May 22, 2011 at 7:16 PM, Robert Rhodes rrhode...@gmail.com wrote: Hello everyone. I appreciate the help you have given me recently. Now I have a new challenge, and I am sure some of you have faced it before. I have written an application that gets and puts data to a SOAP .asmx web service running on a windows server across the internet. I am using cfinvoke. All my gets are working fine. I am getting the expected data. However all my puts are failing, and the guy at the other end says my soap xml must be wrong. Hey, it might be, but I have not been able to come up with a way to see it. I did a google search and found Fiddler and Charles, and installed them both on the dev server which is running my application. But no luck. Each program seems to monitor the traffic between my browser and local dev server, but I need to monitor traffic betwen dev server and the other server across the internet (on a non-standard ssl port). Would one of you kind souls tell me how to configure one of these programs (or some other program) so I can see my SOAP going out and see the response? RR ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:344864 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: HOF Site
Hi Jenny, Police are of no help in situations like this, nor the FBI. The former (with only one or two exceptions in the entire country) aren't equipped or trained to handle this type of intrusion and the latter won't respond unless it's a big company with hundreds of thousands of dollars in losses. Otherwise they just don't care. --Ben On 5/23/2011 5:54 AM, Jenny Gavin-Wear wrote: http://www.ic3.gov/default.aspx Could this be a place to start? If not, I would call my local police and escalate it from there. My feeling is that you need to get it reported so that some logging starts by some kind of police authority so that if you ever do get a chance to get this idiot into a court room, you'll have some evidence. I have no idea exactly how the police would manage a situation like this, but if I was in your position, I would be finding out. I could imagine a situation where you did not report the crime for some period and it did go to court, one of the first questions you might be asked is why you didn't report it as soon as it happened. -Original Message- From: Michael Dinowitz [mailto:mdino...@houseoffusion.com] Sent: 23 May 2011 13:21 To: cf-talk Subject: Re: HOF Site Have I reported a guy from China to the police? No. Was I afraid that he would do more damage in retaliation? Yes. Am I still afraid? Yes, but I'm more angry than afraid so he's in trouble now. What am I going to do? First I'm going to get all of the information I can from others who have been effected by him in the past. Then I'm going to provide that and my own information to the FBI cyber crimes division and to Google. This includes his Google adsense account number. Google's already pulled his adsense account but there may be more they can do as they have a presence in China. If there's a way to prosecute him, I'm all for it. If anyone has contacts at the FBI, at Google, or in China, especially in the government and/or police, please contact me off list. I'd love to get someone over there to get this guy. If anyone has any other suggestions, please let me know. Thanks On Mon, May 23, 2011 at 7:45 AM, Jenny Gavin-Wear jenn...@fasttrackonline.co.uk wrote: Have you reported this to the police? -Original Message- From: Michael Dinowitz [mailto:mdino...@houseoffusion.com] Sent: 23 May 2011 09:24 To: cf-talk Subject: Re: HOF Site I have an IP or two and I KNOW that Google has his information as they've been paying him adsense revenue. Unfortunately, they will not give that information out. I'm wondering what they need to get access to the information. Lawyer letter? Court order? FBI warrant? As you can probably see, the site is down again and he's asking to get on my domain account so he can get his adsense account back. Like I'm going to trust him with his behavior. On 5/20/11, Raymond Camdenrcam...@gmail.com wrote: You know it's a guy - got a name? On Fri, May 20, 2011 at 4:57 PM, Michael Dinowitz mdino...@houseoffusion.com wrote: Yes and no. It's the same guy who used the hole in Galleon to hack into HoF and Forta.com last year. At least he's using the same code. I found pieces of it in files around the site, though he didn't get access through CF this time (that I could see). While I have his adsense ID, Google will not give me any information as to who he is, where, or anything else. I do know that the IP used to run some of the scripts traces to China and his communications with me are definitely the result of a translation program. If I dedicated the time to it I could get a better idea of who he is and what else he's done but it's currently not worth the time and effort on my part. Now if someone wants to sponsor me to investigate further... :) ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:344865 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: HOF Site
I appreciate the offer. The last piece before going back live is a full code review for holes. Not a hard thing to do with some regex and powergrep but time consuming and time is money. :( On Mon, May 23, 2011 at 12:50 PM, Mark Drew mark.d...@gmail.com wrote: I have an image of Greg, with baseball bat and a mean look. Good luck mate, any help required? just ask! MD ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:344866 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Debugging SOAP
-- WSS4CF - WS-Security framework for CF http://wss4cf.riaforge.org/ On 24 May 2011 22:07, Brook Davies cft...@logiforms.com wrote: I use Fiddler (http://www.fiddler2.com/Fiddler2/version.asp ) for debugging web service calls and it can dump the raw XML request/response and allows you to inspect HTTPS traffic... Brook -Original Message- From: Robert Rhodes [mailto:rrhode...@gmail.com] Sent: May-24-11 1:00 AM To: cf-talk Subject: Re: Debugging SOAP Hi Pete. I did try soapui, and it looked like it should do what I wanted, but I could not figure out how to make it work so that I could capture the outgoing soap and responses between my dev server and the remote server. On Mon, May 23, 2011 at 11:04 AM, Pete Freitag p...@foundeo.com wrote: SoapUI is a great tool for debugging soap: http://www.soapui.org/ If you give it a WSDL url it can generate stubs for testing the remote service and lets you see and edit all aspects of the soap request and response. -- Pete Freitag - Adobe Community Professional http://foundeo.com/ - ColdFusion Consulting Products http://petefreitag.com/ - My Blog http://hackmycf.com - Is your ColdFusion Server Secure? On Sun, May 22, 2011 at 7:16 PM, Robert Rhodes rrhode...@gmail.com wrote: Hello everyone. I appreciate the help you have given me recently. Now I have a new challenge, and I am sure some of you have faced it before. I have written an application that gets and puts data to a SOAP .asmx web service running on a windows server across the internet. I am using cfinvoke. All my gets are working fine. I am getting the expected data. However all my puts are failing, and the guy at the other end says my soap xml must be wrong. Hey, it might be, but I have not been able to come up with a way to see it. I did a google search and found Fiddler and Charles, and installed them both on the dev server which is running my application. But no luck. Each program seems to monitor the traffic between my browser and local dev server, but I need to monitor traffic betwen dev server and the other server across the internet (on a non-standard ssl port). Would one of you kind souls tell me how to configure one of these programs (or some other program) so I can see my SOAP going out and see the response? RR ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:344867 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Debugging SOAP
Yes, the fiddler proxy is worth a shot. -- WSS4CF - WS-Security framework for CF http://wss4cf.riaforge.org/ On 24 May 2011 22:07, Brook Davies cft...@logiforms.com wrote: I use Fiddler (http://www.fiddler2.com/Fiddler2/version.asp ) for debugging web service calls and it can dump the raw XML request/response and allows you to inspect HTTPS traffic... ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:344868 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Debugging SOAP
Brook, would you share how to set fiddler up? I could not get it to show me traffic between by dev server and the remote server. (which is happening on a non-standard SSL port) On Tue, May 24, 2011 at 10:07 AM, Brook Davies cft...@logiforms.com wrote: I use Fiddler (http://www.fiddler2.com/Fiddler2/version.asp ) for debugging web service calls and it can dump the raw XML request/response and allows you to inspect HTTPS traffic... Brook -Original Message- From: Robert Rhodes [mailto:rrhode...@gmail.com] Sent: May-24-11 1:00 AM To: cf-talk Subject: Re: Debugging SOAP Hi Pete. I did try soapui, and it looked like it should do what I wanted, but I could not figure out how to make it work so that I could capture the outgoing soap and responses between my dev server and the remote server. On Mon, May 23, 2011 at 11:04 AM, Pete Freitag p...@foundeo.com wrote: SoapUI is a great tool for debugging soap: http://www.soapui.org/ If you give it a WSDL url it can generate stubs for testing the remote service and lets you see and edit all aspects of the soap request and response. -- Pete Freitag - Adobe Community Professional http://foundeo.com/ - ColdFusion Consulting Products http://petefreitag.com/ - My Blog http://hackmycf.com - Is your ColdFusion Server Secure? On Sun, May 22, 2011 at 7:16 PM, Robert Rhodes rrhode...@gmail.com wrote: Hello everyone. I appreciate the help you have given me recently. Now I have a new challenge, and I am sure some of you have faced it before. I have written an application that gets and puts data to a SOAP .asmx web service running on a windows server across the internet. I am using cfinvoke. All my gets are working fine. I am getting the expected data. However all my puts are failing, and the guy at the other end says my soap xml must be wrong. Hey, it might be, but I have not been able to come up with a way to see it. I did a google search and found Fiddler and Charles, and installed them both on the dev server which is running my application. But no luck. Each program seems to monitor the traffic between my browser and local dev server, but I need to monitor traffic betwen dev server and the other server across the internet (on a non-standard ssl port). Would one of you kind souls tell me how to configure one of these programs (or some other program) so I can see my SOAP going out and see the response? RR ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:344869 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
RE: Debugging SOAP
Did you install it on the dev server? Brook -Original Message- From: Robert Rhodes [mailto:rrhode...@gmail.com] Sent: May-24-11 10:01 AM To: cf-talk Subject: Re: Debugging SOAP Brook, would you share how to set fiddler up? I could not get it to show me traffic between by dev server and the remote server. (which is happening on a non-standard SSL port) On Tue, May 24, 2011 at 10:07 AM, Brook Davies cft...@logiforms.com wrote: I use Fiddler (http://www.fiddler2.com/Fiddler2/version.asp ) for debugging web service calls and it can dump the raw XML request/response and allows you to inspect HTTPS traffic... Brook -Original Message- From: Robert Rhodes [mailto:rrhode...@gmail.com] Sent: May-24-11 1:00 AM To: cf-talk Subject: Re: Debugging SOAP Hi Pete. I did try soapui, and it looked like it should do what I wanted, but I could not figure out how to make it work so that I could capture the outgoing soap and responses between my dev server and the remote server. On Mon, May 23, 2011 at 11:04 AM, Pete Freitag p...@foundeo.com wrote: SoapUI is a great tool for debugging soap: http://www.soapui.org/ If you give it a WSDL url it can generate stubs for testing the remote service and lets you see and edit all aspects of the soap request and response. -- Pete Freitag - Adobe Community Professional http://foundeo.com/ - ColdFusion Consulting Products http://petefreitag.com/ - My Blog http://hackmycf.com - Is your ColdFusion Server Secure? On Sun, May 22, 2011 at 7:16 PM, Robert Rhodes rrhode...@gmail.com wrote: Hello everyone. I appreciate the help you have given me recently. Now I have a new challenge, and I am sure some of you have faced it before. I have written an application that gets and puts data to a SOAP .asmx web service running on a windows server across the internet. I am using cfinvoke. All my gets are working fine. I am getting the expected data. However all my puts are failing, and the guy at the other end says my soap xml must be wrong. Hey, it might be, but I have not been able to come up with a way to see it. I did a google search and found Fiddler and Charles, and installed them both on the dev server which is running my application. But no luck. Each program seems to monitor the traffic between my browser and local dev server, but I need to monitor traffic betwen dev server and the other server across the internet (on a non-standard ssl port). Would one of you kind souls tell me how to configure one of these programs (or some other program) so I can see my SOAP going out and see the response? RR ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:344870 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Debugging SOAP
Yes I loaded it on the development web/cf9 server. And I set fiddler to the ssl port we are using. From another computer, I loaded up the site on the dev server and ran the cfinvoke to post up the soap to the server across the web. Fiddler saw nothing. I am sure I have it configured incorrectly. RR On Tue, May 24, 2011 at 1:10 PM, Brook Davies cft...@logiforms.com wrote: Did you install it on the dev server? Brook -Original Message- From: Robert Rhodes [mailto:rrhode...@gmail.com] Sent: May-24-11 10:01 AM To: cf-talk Subject: Re: Debugging SOAP Brook, would you share how to set fiddler up? I could not get it to show me traffic between by dev server and the remote server. (which is happening on a non-standard SSL port) On Tue, May 24, 2011 at 10:07 AM, Brook Davies cft...@logiforms.com wrote: I use Fiddler (http://www.fiddler2.com/Fiddler2/version.asp ) for debugging web service calls and it can dump the raw XML request/response and allows you to inspect HTTPS traffic... Brook -Original Message- From: Robert Rhodes [mailto:rrhode...@gmail.com] Sent: May-24-11 1:00 AM To: cf-talk Subject: Re: Debugging SOAP Hi Pete. I did try soapui, and it looked like it should do what I wanted, but I could not figure out how to make it work so that I could capture the outgoing soap and responses between my dev server and the remote server. On Mon, May 23, 2011 at 11:04 AM, Pete Freitag p...@foundeo.com wrote: SoapUI is a great tool for debugging soap: http://www.soapui.org/ If you give it a WSDL url it can generate stubs for testing the remote service and lets you see and edit all aspects of the soap request and response. -- Pete Freitag - Adobe Community Professional http://foundeo.com/ - ColdFusion Consulting Products http://petefreitag.com/ - My Blog http://hackmycf.com - Is your ColdFusion Server Secure? On Sun, May 22, 2011 at 7:16 PM, Robert Rhodes rrhode...@gmail.com wrote: Hello everyone. I appreciate the help you have given me recently. Now I have a new challenge, and I am sure some of you have faced it before. I have written an application that gets and puts data to a SOAP .asmx web service running on a windows server across the internet. I am using cfinvoke. All my gets are working fine. I am getting the expected data. However all my puts are failing, and the guy at the other end says my soap xml must be wrong. Hey, it might be, but I have not been able to come up with a way to see it. I did a google search and found Fiddler and Charles, and installed them both on the dev server which is running my application. But no luck. Each program seems to monitor the traffic between my browser and local dev server, but I need to monitor traffic betwen dev server and the other server across the internet (on a non-standard ssl port). Would one of you kind souls tell me how to configure one of these programs (or some other program) so I can see my SOAP going out and see the response? RR ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:344871 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
RE: Debugging SOAP
I believe fiddler needs to be on the machine that is making the request. That's always how I have used it. Typically with next to zero configuration required. Can you try: a) Install it on your machine making the request b) Open a browser on your dev server and run the request from there Brook -Original Message- From: Robert Rhodes [mailto:rrhode...@gmail.com] Sent: May-24-11 10:41 AM To: cf-talk Subject: Re: Debugging SOAP Yes I loaded it on the development web/cf9 server. And I set fiddler to the ssl port we are using. From another computer, I loaded up the site on the dev server and ran the cfinvoke to post up the soap to the server across the web. Fiddler saw nothing. I am sure I have it configured incorrectly. RR On Tue, May 24, 2011 at 1:10 PM, Brook Davies cft...@logiforms.com wrote: Did you install it on the dev server? Brook -Original Message- From: Robert Rhodes [mailto:rrhode...@gmail.com] Sent: May-24-11 10:01 AM To: cf-talk Subject: Re: Debugging SOAP Brook, would you share how to set fiddler up? I could not get it to show me traffic between by dev server and the remote server. (which is happening on a non-standard SSL port) On Tue, May 24, 2011 at 10:07 AM, Brook Davies cft...@logiforms.com wrote: I use Fiddler (http://www.fiddler2.com/Fiddler2/version.asp ) for debugging web service calls and it can dump the raw XML request/response and allows you to inspect HTTPS traffic... Brook -Original Message- From: Robert Rhodes [mailto:rrhode...@gmail.com] Sent: May-24-11 1:00 AM To: cf-talk Subject: Re: Debugging SOAP Hi Pete. I did try soapui, and it looked like it should do what I wanted, but I could not figure out how to make it work so that I could capture the outgoing soap and responses between my dev server and the remote server. On Mon, May 23, 2011 at 11:04 AM, Pete Freitag p...@foundeo.com wrote: SoapUI is a great tool for debugging soap: http://www.soapui.org/ If you give it a WSDL url it can generate stubs for testing the remote service and lets you see and edit all aspects of the soap request and response. -- Pete Freitag - Adobe Community Professional http://foundeo.com/ - ColdFusion Consulting Products http://petefreitag.com/ - My Blog http://hackmycf.com - Is your ColdFusion Server Secure? On Sun, May 22, 2011 at 7:16 PM, Robert Rhodes rrhode...@gmail.com wrote: Hello everyone. I appreciate the help you have given me recently. Now I have a new challenge, and I am sure some of you have faced it before. I have written an application that gets and puts data to a SOAP .asmx web service running on a windows server across the internet. I am using cfinvoke. All my gets are working fine. I am getting the expected data. However all my puts are failing, and the guy at the other end says my soap xml must be wrong. Hey, it might be, but I have not been able to come up with a way to see it. I did a google search and found Fiddler and Charles, and installed them both on the dev server which is running my application. But no luck. Each program seems to monitor the traffic between my browser and local dev server, but I need to monitor traffic betwen dev server and the other server across the internet (on a non-standard ssl port). Would one of you kind souls tell me how to configure one of these programs (or some other program) so I can see my SOAP going out and see the response? RR ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:344872 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Debugging SOAP
I tried both and fiddler caught the traffic between my browser and CF, but not between CF and the server across the web hosting the web service. RR On Tue, May 24, 2011 at 1:46 PM, Brook Davies cft...@logiforms.com wrote: I believe fiddler needs to be on the machine that is making the request. That's always how I have used it. Typically with next to zero configuration required. Can you try: a) Install it on your machine making the request b) Open a browser on your dev server and run the request from there Brook -Original Message- From: Robert Rhodes [mailto:rrhode...@gmail.com] Sent: May-24-11 10:41 AM To: cf-talk Subject: Re: Debugging SOAP Yes I loaded it on the development web/cf9 server. And I set fiddler to the ssl port we are using. From another computer, I loaded up the site on the dev server and ran the cfinvoke to post up the soap to the server across the web. Fiddler saw nothing. I am sure I have it configured incorrectly. RR On Tue, May 24, 2011 at 1:10 PM, Brook Davies cft...@logiforms.com wrote: Did you install it on the dev server? Brook -Original Message- From: Robert Rhodes [mailto:rrhode...@gmail.com] Sent: May-24-11 10:01 AM To: cf-talk Subject: Re: Debugging SOAP Brook, would you share how to set fiddler up? I could not get it to show me traffic between by dev server and the remote server. (which is happening on a non-standard SSL port) On Tue, May 24, 2011 at 10:07 AM, Brook Davies cft...@logiforms.com wrote: I use Fiddler (http://www.fiddler2.com/Fiddler2/version.asp ) for debugging web service calls and it can dump the raw XML request/response and allows you to inspect HTTPS traffic... Brook -Original Message- From: Robert Rhodes [mailto:rrhode...@gmail.com] Sent: May-24-11 1:00 AM To: cf-talk Subject: Re: Debugging SOAP Hi Pete. I did try soapui, and it looked like it should do what I wanted, but I could not figure out how to make it work so that I could capture the outgoing soap and responses between my dev server and the remote server. On Mon, May 23, 2011 at 11:04 AM, Pete Freitag p...@foundeo.com wrote: SoapUI is a great tool for debugging soap: http://www.soapui.org/ If you give it a WSDL url it can generate stubs for testing the remote service and lets you see and edit all aspects of the soap request and response. -- Pete Freitag - Adobe Community Professional http://foundeo.com/ - ColdFusion Consulting Products http://petefreitag.com/ - My Blog http://hackmycf.com - Is your ColdFusion Server Secure? On Sun, May 22, 2011 at 7:16 PM, Robert Rhodes rrhode...@gmail.com wrote: Hello everyone. I appreciate the help you have given me recently. Now I have a new challenge, and I am sure some of you have faced it before. I have written an application that gets and puts data to a SOAP .asmx web service running on a windows server across the internet. I am using cfinvoke. All my gets are working fine. I am getting the expected data. However all my puts are failing, and the guy at the other end says my soap xml must be wrong. Hey, it might be, but I have not been able to come up with a way to see it. I did a google search and found Fiddler and Charles, and installed them both on the dev server which is running my application. But no luck. Each program seems to monitor the traffic between my browser and local dev server, but I need to monitor traffic betwen dev server and the other server across the internet (on a non-standard ssl port). Would one of you kind souls tell me how to configure one of these programs (or some other program) so I can see my SOAP going out and see the response? RR ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:344873 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: HOF Site
if you think the HOF site may be the access point, then give this a go http://foundeo.com/security/ I'm sure you could blag a free copy if you ask nicely :-) On Tue, May 24, 2011 at 4:51 PM, Michael Dinowitz mdino...@houseoffusion.com wrote: I appreciate the offer. The last piece before going back live is a full code review for holes. Not a hard thing to do with some regex and powergrep but time consuming and time is money. :( On Mon, May 23, 2011 at 12:50 PM, Mark Drew mark.d...@gmail.com wrote: I have an image of Greg, with baseball bat and a mean look. Good luck mate, any help required? just ask! MD ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:344874 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
RE: Debugging SOAP
Sorry Robert, I haven't used it in that context.. -Original Message- From: Robert Rhodes [mailto:rrhode...@gmail.com] Sent: May-24-11 10:53 AM To: cf-talk Subject: Re: Debugging SOAP I tried both and fiddler caught the traffic between my browser and CF, but not between CF and the server across the web hosting the web service. RR On Tue, May 24, 2011 at 1:46 PM, Brook Davies cft...@logiforms.com wrote: I believe fiddler needs to be on the machine that is making the request. That's always how I have used it. Typically with next to zero configuration required. Can you try: a) Install it on your machine making the request b) Open a browser on your dev server and run the request from there Brook -Original Message- From: Robert Rhodes [mailto:rrhode...@gmail.com] Sent: May-24-11 10:41 AM To: cf-talk Subject: Re: Debugging SOAP Yes I loaded it on the development web/cf9 server. And I set fiddler to the ssl port we are using. From another computer, I loaded up the site on the dev server and ran the cfinvoke to post up the soap to the server across the web. Fiddler saw nothing. I am sure I have it configured incorrectly. RR On Tue, May 24, 2011 at 1:10 PM, Brook Davies cft...@logiforms.com wrote: Did you install it on the dev server? Brook -Original Message- From: Robert Rhodes [mailto:rrhode...@gmail.com] Sent: May-24-11 10:01 AM To: cf-talk Subject: Re: Debugging SOAP Brook, would you share how to set fiddler up? I could not get it to show me traffic between by dev server and the remote server. (which is happening on a non-standard SSL port) On Tue, May 24, 2011 at 10:07 AM, Brook Davies cft...@logiforms.com wrote: I use Fiddler (http://www.fiddler2.com/Fiddler2/version.asp ) for debugging web service calls and it can dump the raw XML request/response and allows you to inspect HTTPS traffic... Brook -Original Message- From: Robert Rhodes [mailto:rrhode...@gmail.com] Sent: May-24-11 1:00 AM To: cf-talk Subject: Re: Debugging SOAP Hi Pete. I did try soapui, and it looked like it should do what I wanted, but I could not figure out how to make it work so that I could capture the outgoing soap and responses between my dev server and the remote server. On Mon, May 23, 2011 at 11:04 AM, Pete Freitag p...@foundeo.com wrote: SoapUI is a great tool for debugging soap: http://www.soapui.org/ If you give it a WSDL url it can generate stubs for testing the remote service and lets you see and edit all aspects of the soap request and response. -- Pete Freitag - Adobe Community Professional http://foundeo.com/ - ColdFusion Consulting Products http://petefreitag.com/ - My Blog http://hackmycf.com - Is your ColdFusion Server Secure? On Sun, May 22, 2011 at 7:16 PM, Robert Rhodes rrhode...@gmail.com wrote: Hello everyone. I appreciate the help you have given me recently. Now I have a new challenge, and I am sure some of you have faced it before. I have written an application that gets and puts data to a SOAP .asmx web service running on a windows server across the internet. I am using cfinvoke. All my gets are working fine. I am getting the expected data. However all my puts are failing, and the guy at the other end says my soap xml must be wrong. Hey, it might be, but I have not been able to come up with a way to see it. I did a google search and found Fiddler and Charles, and installed them both on the dev server which is running my application. But no luck. Each program seems to monitor the traffic between my browser and local dev server, but I need to monitor traffic betwen dev server and the other server across the internet (on a non-standard ssl port). Would one of you kind souls tell me how to configure one of these programs (or some other program) so I can see my SOAP going out and see the response? RR ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:344875 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Debugging SOAP
Anyone else have any ideas on how to monitor SOAP exchanges between my application server and the remote server hosting the service? Everything I have tried so far (fiddler, Charles, soapUI, wireshark) is just not working (Or I don't know enough to make it work). RR On Sun, May 22, 2011 at 7:16 PM, Robert Rhodes rrhode...@gmail.com wrote: Hello everyone. I appreciate the help you have given me recently. Now I have a new challenge, and I am sure some of you have faced it before. I have written an application that gets and puts data to a SOAP .asmx web service running on a windows server across the internet. I am using cfinvoke. All my gets are working fine. I am getting the expected data. However all my puts are failing, and the guy at the other end says my soap xml must be wrong. Hey, it might be, but I have not been able to come up with a way to see it. I did a google search and found Fiddler and Charles, and installed them both on the dev server which is running my application. But no luck. Each program seems to monitor the traffic between my browser and local dev server, but I need to monitor traffic betwen dev server and the other server across the internet (on a non-standard ssl port). Would one of you kind souls tell me how to configure one of these programs (or some other program) so I can see my SOAP going out and see the response? RR ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:344876 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Debugging SOAP
No problem Brook. Thanks for the replies. :) It seems I must have an unusual need here. RR On Tue, May 24, 2011 at 2:25 PM, Brook Davies cft...@logiforms.com wrote: Sorry Robert, I haven't used it in that context.. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:344877 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
RE: HOF Site
Hi Ben, Sadly, from personal experience, I agree. I had a situation with a hosting company a few years ago, the police (American) weren't interested. I did place a complaint with IC3. I got one email back from them, and after that they took no interest. If the American police won't help, there isn't much chance if the offender is in somewhere like China. Jenny -Original Message- From: Ben Conner [mailto:b...@webworldinc.com] Sent: 24 May 2011 16:24 To: cf-talk Subject: Re: HOF Site Hi Jenny, Police are of no help in situations like this, nor the FBI. The former (with only one or two exceptions in the entire country) aren't equipped or trained to handle this type of intrusion and the latter won't respond unless it's a big company with hundreds of thousands of dollars in losses. Otherwise they just don't care. --Ben On 5/23/2011 5:54 AM, Jenny Gavin-Wear wrote: http://www.ic3.gov/default.aspx Could this be a place to start? If not, I would call my local police and escalate it from there. My feeling is that you need to get it reported so that some logging starts by some kind of police authority so that if you ever do get a chance to get this idiot into a court room, you'll have some evidence. I have no idea exactly how the police would manage a situation like this, but if I was in your position, I would be finding out. I could imagine a situation where you did not report the crime for some period and it did go to court, one of the first questions you might be asked is why you didn't report it as soon as it happened. -Original Message- From: Michael Dinowitz [mailto:mdino...@houseoffusion.com] Sent: 23 May 2011 13:21 To: cf-talk Subject: Re: HOF Site Have I reported a guy from China to the police? No. Was I afraid that he would do more damage in retaliation? Yes. Am I still afraid? Yes, but I'm more angry than afraid so he's in trouble now. What am I going to do? First I'm going to get all of the information I can from others who have been effected by him in the past. Then I'm going to provide that and my own information to the FBI cyber crimes division and to Google. This includes his Google adsense account number. Google's already pulled his adsense account but there may be more they can do as they have a presence in China. If there's a way to prosecute him, I'm all for it. If anyone has contacts at the FBI, at Google, or in China, especially in the government and/or police, please contact me off list. I'd love to get someone over there to get this guy. If anyone has any other suggestions, please let me know. Thanks On Mon, May 23, 2011 at 7:45 AM, Jenny Gavin-Wear jenn...@fasttrackonline.co.uk wrote: Have you reported this to the police? -Original Message- From: Michael Dinowitz [mailto:mdino...@houseoffusion.com] Sent: 23 May 2011 09:24 To: cf-talk Subject: Re: HOF Site I have an IP or two and I KNOW that Google has his information as they've been paying him adsense revenue. Unfortunately, they will not give that information out. I'm wondering what they need to get access to the information. Lawyer letter? Court order? FBI warrant? As you can probably see, the site is down again and he's asking to get on my domain account so he can get his adsense account back. Like I'm going to trust him with his behavior. On 5/20/11, Raymond Camdenrcam...@gmail.com wrote: You know it's a guy - got a name? On Fri, May 20, 2011 at 4:57 PM, Michael Dinowitz mdino...@houseoffusion.com wrote: Yes and no. It's the same guy who used the hole in Galleon to hack into HoF and Forta.com last year. At least he's using the same code. I found pieces of it in files around the site, though he didn't get access through CF this time (that I could see). While I have his adsense ID, Google will not give me any information as to who he is, where, or anything else. I do know that the IP used to run some of the scripts traces to China and his communications with me are definitely the result of a translation program. If I dedicated the time to it I could get a better idea of who he is and what else he's done but it's currently not worth the time and effort on my part. Now if someone wants to sponsor me to investigate further... :) ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:344878 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Debugging SOAP
can you speak to the people who run the web service and ask them if you can access it without ssl or ask them if have any kind of debugging/testing interface or perhaps simply give you access to logs.. Russ On Tue, May 24, 2011 at 10:43 PM, Robert Rhodes rrhode...@gmail.com wrote: No problem Brook. Thanks for the replies. :) It seems I must have an unusual need here. RR On Tue, May 24, 2011 at 2:25 PM, Brook Davies cft...@logiforms.com wrote: Sorry Robert, I haven't used it in that context.. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:344879 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
RE: Debugging SOAP
How are you sending your request? Via cfinvoke? Or are you crafting the XML manually and using CFHTTP? You should know what you are sending and you should be able to dump the response no? If your using CFINVOKE to call the remote webservice, maybe you could instead try CFHTTP and then dump the response? Am I missing something? Brook -Original Message- From: Robert Rhodes [mailto:rrhode...@gmail.com] Sent: May-24-11 2:43 PM To: cf-talk Subject: Re: Debugging SOAP No problem Brook. Thanks for the replies. :) It seems I must have an unusual need here. RR On Tue, May 24, 2011 at 2:25 PM, Brook Davies cft...@logiforms.com wrote: Sorry Robert, I haven't used it in that context.. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:344880 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Debugging SOAP
Yes, via cfinvoke. But I am getting errors back on all services when I am trying to post data. Getting data via cfinvoke is fine. Does your reply mean to say that there are problems with cfinvoke? I could build manually the xml but this is many services with many nodes. It would take a long time to do it. So I am really hoping that cfinvoke works out. On Tue, May 24, 2011 at 6:47 PM, Brook Davies cft...@logiforms.com wrote: How are you sending your request? Via cfinvoke? Or are you crafting the XML manually and using CFHTTP? You should know what you are sending and you should be able to dump the response no? If your using CFINVOKE to call the remote webservice, maybe you could instead try CFHTTP and then dump the response? Am I missing something? Brook -Original Message- From: Robert Rhodes [mailto:rrhode...@gmail.com] Sent: May-24-11 2:43 PM To: cf-talk Subject: Re: Debugging SOAP No problem Brook. Thanks for the replies. :) It seems I must have an unusual need here. RR On Tue, May 24, 2011 at 2:25 PM, Brook Davies cft...@logiforms.com wrote: Sorry Robert, I haven't used it in that context.. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:344881 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Debugging SOAP
Yes they are willing to do quick non-ssl tests. But even non-secure I have had no luck getting any of the recommended monitors/proxies to capture the soap exchange between a cf9 server and their server. They tell me there is nothing specific showing up in their logs. I really just want to see the xml going out and the response. That should tell me everything I need. It is really frustrating I have had so much trouble with this. RR On Tue, May 24, 2011 at 6:39 PM, Russ Michaels r...@michaels.me.uk wrote: can you speak to the people who run the web service and ask them if you can access it without ssl or ask them if have any kind of debugging/testing interface or perhaps simply give you access to logs.. Russ On Tue, May 24, 2011 at 10:43 PM, Robert Rhodes rrhode...@gmail.com wrote: No problem Brook. Thanks for the replies. :) It seems I must have an unusual need here. RR On Tue, May 24, 2011 at 2:25 PM, Brook Davies cft...@logiforms.com wrote: Sorry Robert, I haven't used it in that context.. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:344882 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Debugging SOAP
You can use a proxy to do this. I use Charles. For example, assume your local computer is running Charles and has an IP address of 192.168.1.1 and the development server can reach your local computer at that address. In your cfinvoke tag, set the proxyServer attribute to 192.168.1.1 and the proxyPort to , or whatever port Charles is running on. (The default is but you can find this info in Charles under Proxy Settings...) Run your application and watch the traffic. If you are making SSL requests you will need to to configure Charles. See http://www.charlesproxy.com/documentation/proxying/ssl-proxying/. You will also need to add the Charles CA Certificate to ColdFusion's root certificate trust store. For more info on this see the Java Applications section here: http://www.charlesproxy.com/documentation/using-charles/ssl-certificates/and http://kb2.adobe.com/cps/400/kb400977.html. --Nathan On Tue, May 24, 2011 at 9:41 PM, Robert Rhodes rrhode...@gmail.com wrote: Yes they are willing to do quick non-ssl tests. But even non-secure I have had no luck getting any of the recommended monitors/proxies to capture the soap exchange between a cf9 server and their server. They tell me there is nothing specific showing up in their logs. I really just want to see the xml going out and the response. That should tell me everything I need. It is really frustrating I have had so much trouble with this. RR On Tue, May 24, 2011 at 6:39 PM, Russ Michaels r...@michaels.me.uk wrote: can you speak to the people who run the web service and ask them if you can access it without ssl or ask them if have any kind of debugging/testing interface or perhaps simply give you access to logs.. Russ On Tue, May 24, 2011 at 10:43 PM, Robert Rhodes rrhode...@gmail.com wrote: No problem Brook. Thanks for the replies. :) It seems I must have an unusual need here. RR On Tue, May 24, 2011 at 2:25 PM, Brook Davies cft...@logiforms.com wrote: Sorry Robert, I haven't used it in that context.. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:344883 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Debugging SOAP
Nathan, thanks for the reply. I don't need to monitor between my computer and the application server. I need to monitor between the application server and a remote server across the web that hosts the web service. I have no control over the remote server and the folks that do are only marginally helpful. Worse, they are taking the position that this is a Coldfusion problem. All very frustrating. I did try Charles and had no luck, but will take a look again. On Tue, May 24, 2011 at 10:37 PM, Nathan Mische nmis...@gmail.com wrote: You can use a proxy to do this. I use Charles. For example, assume your local computer is running Charles and has an IP address of 192.168.1.1 and the development server can reach your local computer at that address. In your cfinvoke tag, set the proxyServer attribute to 192.168.1.1 and the proxyPort to , or whatever port Charles is running on. (The default is but you can find this info in Charles under Proxy Settings...) Run your application and watch the traffic. If you are making SSL requests you will need to to configure Charles. See http://www.charlesproxy.com/documentation/proxying/ssl-proxying/. You will also need to add the Charles CA Certificate to ColdFusion's root certificate trust store. For more info on this see the Java Applications section here: http://www.charlesproxy.com/documentation/using-charles/ssl-certificates/and http://kb2.adobe.com/cps/400/kb400977.html. --Nathan On Tue, May 24, 2011 at 9:41 PM, Robert Rhodes rrhode...@gmail.com wrote: Yes they are willing to do quick non-ssl tests. But even non-secure I have had no luck getting any of the recommended monitors/proxies to capture the soap exchange between a cf9 server and their server. They tell me there is nothing specific showing up in their logs. I really just want to see the xml going out and the response. That should tell me everything I need. It is really frustrating I have had so much trouble with this. RR On Tue, May 24, 2011 at 6:39 PM, Russ Michaels r...@michaels.me.uk wrote: can you speak to the people who run the web service and ask them if you can access it without ssl or ask them if have any kind of debugging/testing interface or perhaps simply give you access to logs.. Russ On Tue, May 24, 2011 at 10:43 PM, Robert Rhodes rrhode...@gmail.com wrote: No problem Brook. Thanks for the replies. :) It seems I must have an unusual need here. RR On Tue, May 24, 2011 at 2:25 PM, Brook Davies cft...@logiforms.com wrote: Sorry Robert, I haven't used it in that context.. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:344884 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm