Deep Web Off! Keeping those bugs at bayx - E

Download Report

Transcript Deep Web Off! Keeping those bugs at bayx - E 

Deep Web Off!
Deep Web Off!
It’s All About Me
•
•
•
•
•
•
•
Solutions Architect
Manager
Developer
Debug Specialist
Network Engineer
Digital Forensics Expert
Yeah whatever…
•
Speaker for:
• FBI
• CIA
• Spec Ops
• NEW-PMI
• ThatConference
• Lotsa mirrors…
Haven’t stopped touching computer code
since the Commodore Vic 20
I’m a gnat
Agenda
Goal 1
Define the issues
Goal 2
Introduce a set of tools
Goal 3
Demonstrate a few
Goal 4
Answer Questions
Enjoy!
End user: There’s a
problem with my web app!
Helpdesk
can’t figure it
out – send to
Server group
Server group
shows server is
up.
Not their prob!
Send to network
group
Blame Game
Network says no
problems. “Oh,
this is a custom
App”
Send to developer
IT’S YOU!
Developer in
debug mode…
nothing wrong
with code! No
changes! Argh…
We Develop!
Goals…
WebServer
Versions -IIS, Apache
Memory/Performance
Logging
Ugh…
Firewalls
“You firewalled my port, ass!”
Ima Developer?!?
Browser Debugging
Every major browser has built-in debugging tools.
These include:
• Internet Explorer’s F12 Developer Tools
• Firefox’s Web Developer Tools and the Firebug add-on
• Chrome’s Developer Tools
• Opera’s Dragonfly
• Safari’s Web Inspector
FireFox
Safari
Opera
Internet Explorer
BUG
Chrome
CSS Debugging
Old school
Browser client-side tools
Internet Explorer Compatibility
• DebugBar (IE)
•
http://my-debugbar.com
Compat Inspector
http://ie.microsoft.com/testdrive/html5/comp
atinspector/ (Fiddler Inject!)
• IE Tester
•
http://my-debugbar.com/wiki/IETester/HomePage
• CompanionJS
•
http://www.my-debugbar.com/wiki/CompanionJS/ConsoleAPI
• IE 9+ (Press F12)
“Meh...”
Browser client-side tools
FireFox Compatibility
• Web Developer Extension
•
http://chrispederick.com/work/web-developer/
• Firebug (duh)
•
https://getfirebug.com/
• Yslow
•
http://yslow.org/
• Tilt
https://addons.mozilla.org/en-us/firefox/collections/ganti/firetools/
“Wow...”
Browser client-side tools
Google Chrome
• Dev Tools
•
•
•
•
•
Use Ctrl+Shift+I to open the DevTools.
Use Ctrl+Shift+J to open the DevTools and bring focus to the Console.
Use Ctrl+Shift+C to open the DevTools in Inspect Element mode, or toggle Inspect
Element mode if the DevTools are already open.
https://developers.google.com/chrome-developer-tools/?hl=en
http://webdesignledger.com/tools/13-useful-google-chrome-extensions-for-web-developers
• Page Speed!
Psych
“Hmmm…”
Proxy Debugging
• Fiddler 2? 4? Whatever!
• Extensions!
• Stress Testing
• Security Auditing
• Javascript formatting/injecting
• Traffic diffing
• Charles In Charge…
• Charles is an HTTP proxy / HTTP monitor / Reverse Proxy that
enables a developer to view all of the HTTP and SSL / HTTPS
traffic between their machine and the Internet. ($)
Free??!
Emulator / Engine / Debugging
• MITE
• http://mite.keynote.com/
• IETester / DebugBar
• Test multiple versions of IE
IE 6?? 7??? …. Dammit…
Upgrade??!
Server Side tools
Internet Information Server/SQL
• Debug Diagnostic Tool (MS)
•
•
http://www.microsoft.com/en-us/download/details.aspx?id=26798
http://support.microsoft.com/kb/919789 (Sample debug)
• Glimpse
•
http://getglimpse.com/
Remotely FUN
Server Side tools
Internet Information Server / .NET
• Remote Debugger (MS)
•
MVSMON – Visual Studio
Why Remote Debugging :
• Local development server does not have IIS installed.
• Development server and Build/Released/Hosting Server is different
• Application located in centralized location.
http://www.codeproject.com/Articles/38132/Remote-IIS-Debugging-Debugyour-ASP-NET-Applicatio
Anyone??!
ERROR Logging - Server
• ELMAH
• As easy to install as glimpse
Painless
ERROR Logging - Server
• IIS Logs
• Log Parser
• http://www.microsoft.com/enus/download/details.aspx?id=24659
• http://logparserplus.com/Examples
Querying
PERFMon - Server
•
•
•
•
•
•
•
•
•
•
•
•
Processor(_Total)\% Processor Time
Process(aspnet_wp)\% Processor Time
Process(aspnet_wp)\Private Bytes
Process(aspnet_wp)\Virtual Bytes
Process(aspnet_wp)\Handle Count
Microsoft® .NET CLR Exceptions# Exceps thrown / sec
ASP.NET\Application Restarts
ASP.NET\Requests Rejected
ASP.NET\Worker Process Restarts (not applicable to IIS 6.0)
Memory\Available Mbytes
Web Service\Current Connections
Web Service\ISAPI Extension Requests/sec
Developer?
Network Debugging? - Pushback
• Wireshark
• NetMon3 (Microsoft)
• Ping “mysite.com”
• Telnet “mysite.com portnum”
• NetCat (if allowed on network ;) )
Suck It!
Heisenbug
http://en.wikipedia.org/wiki/Heisenbug
Gesundheit!
Self Serving
Take care of yourself first!
Platinum Sponsors
Gold Sponsors
August 11th – 13th 2014
Same Place, Same Time
Questions? Comments?
NO hard ones!
Tim Fischer
@_Trip
www.edevinci.com