Tried setting java proxy; Fiddler still not capturing traffic

SAbboushi
SAbboushi used Ask the Experts™
on
Hi - running Fiddler Web Debugger (v4.6.2.0) on W7 64

1) Running a java app (can download q.jar file here)

2) I set proxy in Java control panel:

Control Panel>Java>General>Network Settings:
Use Proxy Server:
Address: 127.0.0.1 (or localhost)
Port: 8888

3) I launch q.jar (double-click in Windows Explorer) which gives me a java warning message that the app cannot connect to the web server.  This is normal (the web server was taken down a few years ago), so I am trying to use fiddler to redirect to my local server.

But I cannot get fiddler to capture the q.app traffic to get the needed config info for redirection.

Could anyone please help me?

Thanks -

Sam
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
mccarlIT Business Systems Analyst / Software Developer
Top Expert 2015

Commented:
I'm not 100% sure what you are trying to do here, but my suggestion is that most network traffic capture software can't capture localhost traffic. Can you set up the app and Fiddler on different machines and set the proxy to the other machine and try to capture the incoming traffic?

Author

Commented:
Thanks but I've been using Fiddler to capture browser and other local app traffic for years ; )

Anyone else?
Top Expert 2016

Commented:
so I am trying to use fiddler to redirect to my local server.

Can you prove that's running by posting the output (invoked with the correct arguments) of netstat? That should show the proxy too, of course
C++ 11 Fundamentals

This course will introduce you to C++ 11 and teach you about syntax fundamentals.

Author

Commented:
If I'm not mistaken, your question is asking for proof (using netstat) that I have configured fiddler to redirect the q.jar's traffic to my my local server instead of its currently configured url?

If so, my apologies for the confusion.  My OBJECTIVE is to do so; right now, I am trying to use Fiddler to analyze the requests generated by q.jar so that THEN I can do this (i.e. have Fiddler redirect the traffic to my local server).

I am failing at trying to figure out how to monitor the traffic generated by q.jar.
Top Expert 2016

Commented:
If I'm not mistaken, your question is asking for proof (using netstat) that I have configured fiddler to redirect the q.jar's traffic to my my local server instead of its currently configured url?

You are mistaken ;) You're proving what's running on what hosts and what ports. Nothing else

Author

Commented:
Can you prove that's running by posting the output (invoked with the correct arguments) of netstat? That should show the proxy too, of course

OK thanks - what arguments to use with netstat?
Top Expert 2016

Commented:
I don't know, as i don't use Windows
netstat /?

Open in new window

is your friend

Author

Commented:
cehj: What am I trying to confirm is running by using netstat?

mccarl: >>most network traffic capture software can't capture localhost traffic
I reread thread and maybe I misunderstood you.  To clarify, q.jar is not sending traffic to localhost but to a web server overseas.  I am trying to capture that traffic, hence my post.

New info: I've been advised to check out what library q.jar is using to handle http traffic because setting the proxy is specific to the library.

I wish I knew how to do this... can anyone point me in the right direction?

I extracted the q.jar file and did a search for "http" and these lines seemed relevant, but I'm ignorant about java and about "http libraries":
QoraanServlets.java:

import javax.servlet.http.*;
...
public class QoraanServlets extends HttpServlet  {
...
    public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException{

Top Expert 2016

Commented:
cehj: What am I trying to confirm is running by using netstat?
That the proxy is running. Why, btw, are you using a proxy?
IT Business Systems Analyst / Software Developer
Top Expert 2015
Commented:
I reread thread and maybe I misunderstood you.  To clarify, q.jar is not sending traffic to localhost but to a web server overseas.  I am trying to capture that traffic, hence my post.

Yeah, I misunderstood at the start too. Not having used Fiddler before, I thought that it might work like Wireshark where it "sniffs" the traffic going between a client and a server. From what I've looked at, I think this is where I was wrong, in that it actually acts AS the proxy, ie. your client connects to Fiddler and then Fiddler proxies that traffic on to the original intended destination. If this is the case, then yes I can see how it can work for localhost traffic too.

Anyway, I think I see your problem now. The proxies settings in the "Java Control Panel" are only for java applets (ie. running in a browser) and they don't apply to normal Java programs just running on the machine. In order to set the proxy for your Java program, you will have to run it from the command line. Something like this should do what you need...

java -Dhttp.proxyHost=localhost -Dhttp.proxyPort=8888 -jar q.jar

Open in new window



Now the other thing, is that looking at the code in your q.jar file, the address that it is trying to connect to is configurable. If you open up q.jar and look at the SqlProp.txt file, the last line of that file is the address that it is trying to connect to. You should be able to change that line and then update the .jar file (it is just a normal zip file, just with a different extension) with the new SqlProp.txt file and then try running it, and it will attempt to connect to wherever you tell it to.


Just FYI, the java file that you found and posted about above, isn't involved in your problem. That is a Servlet which is the OTHER side of the equation. That is what runs inside an application server to serve incoming requests from clients. If you are interested, the code that you are looking for is around line 356 of MainTemplate.java

Author

Commented:
>> Why, btw, are you using a proxy?
My understanding is that since Fiddler is configured to listen on port 8888, I need the traffic from q.jar to be sent through that port

Author

Commented:
mccarl: Wow --- you certainly seem to be the right person to be getting help from!  Your response filled in several "missing pieces" in my understanding of what's going on.

I'll try your suggestion after further digesting what you've said and examining the code now that you've "sent me in the right direction" -- and then I'll let you guys know how it works out.  Thanks!

Author

Commented:
mccarl:

java -Dhttp.proxyHost=localhost -Dhttp.proxyPort=8888 -jar q.jar

Open in new window


Perfect!  Just what Fiddler needed!  Thanks so much for taking the time to examine the code.

Your solution is more elegant than me trying to use Fiddler to reroute the traffic to my local server re: SqlProp.txt and MainTemplate.java (and now I'm not sure that would have worked anyway without modifying MainTemplate.java)

Would appreciate any help re: how to change these files to get it working on my PC:

SqlProp.txt: I suspect that line 3 and 4 are MySQL login id/password and that line 5 is the url to the QoraanServlets.java file (i.e. I need to change it to something like
*http://localhost/.../QoraanServlets;

Open in new window

)?


I'm clueless on how to configure so the query is sent to MySQL server running on localhost...

Is modifying this line enough, or is it more complicated?
MainTemplate.java
line 356: URL url=new URL(constant.SERVLET_DIRECTORY+"?"+query);

Open in new window

mccarlIT Business Systems Analyst / Software Developer
Top Expert 2015

Commented:
Perfect!  Just what Fiddler needed!  Thanks so much for taking the time to examine the code.

You're welcome!


I'm clueless on how to configure so the query is sent to MySQL server running on localhost...

Try the this q2.jar file. (Let me know once you have it and I can remove the file sharing again). You should be able to just double click this one, because you don't need to set proxies or anything.
mccarlIT Business Systems Analyst / Software Developer
Top Expert 2015

Commented:
Explanation...

It looks as though the app was originally written to directly access the mysql server to query what it needed. And then at some point, someone wanted this to work over the web, so the mysql query part was implemented in a servlet (QoraanServlets.java) and exposed as a kind of basic web service. The app was then changed to query this web service rather than directly querying the mysql server.

Fortunately, they had left the code in the app that does the direct mysql connection (line 318 of MainTemplate.java) when they added the new web service querying method (line 348 of MainTemplate.java), you can see that the new method has the same name but with "2" added to the end. And then all they did was change which method was used when you click on the "Anaylse" button (line 175,176 of MainTemplate.java).

So all I have done in the new q2.jar file above, is to comment out the line that uses the new web service method (line 176) and re-instate the line that uses the old direct mysql method (line 175) and re-compiled that class. I tested here and it definitely looks like its trying to find mysql rather than trying to connect to a web server, but without having your mysql server running here that's as far as I can test.

Hopefully, it just works for you!

Author

Commented:
Wow again!  Thanks!

The code sure looks simpler when someone leads me by the hand!

Am getting a different error this time:alert
I would have expected it to find the MySQL server but reject the connection request because the connection request doesn't have the correct credentials in SqlProp.txt?  I imagine that line 3 and 4 are MySQL login id/password and that line 5 is the url to the QoraanServlets.java file (i.e. I need to change it to something like
*http://localhost/.../QoraanServlets;?

Also, if I want to capture the traffic with Fiddler, it seems I need to change something other than just to q2.jar...?
mccarlIT Business Systems Analyst / Software Developer
Top Expert 2015

Commented:
I would have expected it to find the MySQL server

You just need to set the MySQL connection properties correctly now. Notice the last part of that error... "UnknownHostException", it means that it can't find localhost.localdomain  (I probably should have picked that up earlier myself). So all you will need to do is open the SqlProp.txt file from q2.jar and change the host name in line 1 (probably just need to remove the .localdomain part, "localhost" by itself should work correctly), and then make sure that the last part of that line (currently "qoraan") is the correct database name on your mysql server. While you are there you may as well set the credentials correctly for your database, as you said lines 3 and 4 are the username/password. You don't need to change line 5 at all, I'll explain further in a minute.

**Note** You need to keep the * and the ; characters at the start and end of the lines in that file. Whoever wrote the code to read that file, for whatever strange reason, did it in a way where those characters are required to delimit each field from the next.

Ok, so why don't you need to change line 5? That line and the code that did anything with QoraanServlets is not being used anymore, at all. Before I made the change, the flow of the data was like this....    ClientApp  ---------->  QoraanServlets  -->  MySQL  -->  QoraanServlets  ---------->  ClientApp    but now that I made the change to the code it is simply this....   ClientApp  -->  MySQL  -->  ClientApp


Also, if I want to capture the traffic with Fiddler

Well, from the above, hopefully now that point is a bit clearer. This is NO "web" traffic for Fiddler to capture anymore, only MySQL traffic directly between the app and the database. Fiddler only captures web traffic and even if you used something else like Wireshark to capture the MySQL traffic, it wouldn't make much sense to you (or I, it uses it's only protocol to communicate) and would not be what you're after anyway.

Author

Commented:
Arghh!!  I changed SqlProp.txt file, zipped everything up and changed extension to .jar.

Now getting: Error
MySQL server:
MySQL
Sorry this has probably taken a lot more of your time than you initially hoped. Thanks--
mccarlIT Business Systems Analyst / Software Developer
Top Expert 2015

Commented:
So, everything you did is correct as far as I can see. The problem now looks like a compatibility issue perhaps between the client code library that is included in your app .jar file and the version of MySQL that you are running. Just going off dates in your jar, it looks like it is at least 12 years old whereas you are running a recent MySQL server.

Otherwise, a google search turned up this...   http://forums.mysql.com/read.php?39,6448,77511#msg-77511   You may want to just try that out to see if it is a quick fix.

Otherwise, you might be a bit stuck. If you can't find and go back to a very old version of MySQL that works with your client app's library, the only other way would be to upgrade the client version used in your app. Now, the further bad news is that it looks like that particular client library that it is using is no longer maintained, and so you would have to change to the newer official mysql connector. This would require much further changes to your app's code.

Author

Commented:
Thank you again so much for all your help.  May peace be upon you mccarl!
mccarlIT Business Systems Analyst / Software Developer
Top Expert 2015

Commented:
You're welcome! Did updating the user/password like in that link fix it?

Author

Commented:
Doesn't look promising.  Warnings received:

0 row(s) affected, 2 warning(s): 1287 'OLD_PASSWORD' is deprecated and will be removed in a future release. Please use PASSWORD instead 1287 'pre-4.1 password hash' is deprecated and will be removed in a future release. Please use post-4.1 password hash instead

I tried using PASSWORD too, but still getting the same alert: can't connect to database...
Top Expert 2016

Commented:
. This is NO "web" traffic for Fiddler to capture anymore, only MySQL traffic directly between the app and the database. Fiddler only captures web traffic

That, btw, was exactly the reason for my last question. But it looks like all is sorted out now.

Author

Commented:
k thanks
mccarlIT Business Systems Analyst / Software Developer
Top Expert 2015

Commented:
That message only says warning so hopefully it is still doing something. Try this... do the same command again, the one with OLD_PASSWORD. Now try and run your MySQL with the --skip-secure-auth option set, as mentioned in this link http://mysqlblog.fivefarmers.com/2012/05/30/why-your-pre-4-1-client-wont-like-mysql-5-6/

Now I wouldn't recommend this in any sort of production environment or anything, but if your just testing things and trying to confirm that you can get it working, it may be worth a try. Ultimately, I think you would just need to upgrade the MySQL connector library, but this may work as a temporary workaround.

Author

Commented:
I put this project on the backburner and thus haven't tried your last suggestion.  

Found some time today to revisit, but now find myself in some trouble trying to login to MySQL as a result of

SET PASSWORD FOR 'user'@'host' = OLD_PASSWORD('current_password');

Am getting following error:

errorBefore trying that work-around, I probably should have researched to better understand the ramifications... ; )

Been researching online, but spinning my wheels... about to try –skip-secure-auth, but nervous since I am unclear about what is going on/ ramifications.

Thought I'd post this follow-up in case you had some thoughts on the matter

Author

Commented:
Problem resolved.  If I have a chance to try your last suggestion, I'll let you know how it works out.  I found a different workaround (app creates SQL query without needing to access DB which I can copy/paste into MySQL Workbench)

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial