Neil Jedrzejewski

Useful tools for HTTP/2 debugging

Blog Post created by Neil Jedrzejewski Employee on Jun 5, 2015

This May, myself and Lukasz Czerpak gave a presentation on HTTP/2 at the Akamai Services Academy 2015 in Krakow. One of the most common questions we were asked by those attending was how to debug and analyse HTTP/2 traffic.

 

Below are three tools that Lukasz and myself found the most useful during the preparation for our talk and should serve as a good starting point for those of you wanting to investigate this new version of the HTTP prototcol.

 

Command Line Debugging - H2I - https://github.com/bradfitz/http2/tree/master/h2i

 

h2i.PNGThe simplicity of the HTTP/1.x protocol allows you to do a raw, low level debugging by using telnet (or OpenSSL's s_client for SSL/TLS connections) and manually entering HTTP semantics yourself. Unfortunately the binary nature of HTTP/2 makes this method somewhat redundant.

 

H2I gives you back this ability allowing you to send raw HTTP/2 frames, use HTTP/1 commands and have them translated to HTTP/2, header packing and easy to read output of the frames and properties.

 

H2I is written in Google's Go programming language (https://golang.org/) so you'll need the necessary run-time installed on your system.


Browser Debugging - Chrome Net Internals - http://www.google.com/chrome/browser

 

chrome.png

For debugging in browser, probably the best current implementation is built into Google Chrome via the Net Internals console. You can access this in Chrome using the URL chrome://net-internals/ and in the drop-down, select HTTP/2. In the list of HTTP/2 session is a link to view the current live sessions. Following this will take you to a second tab which provides a list of current sessions which can be selected to give you the raw output of the HTTP/2 streams and frames.

 

On the Wire - WireShark - https://www.wireshark.org/

 

wireshark_http2.pngIf you need to intercept HTTP/2 traffic between a client and server probably your best bet right now is Wireshark. At time of writing, the stable release had support for HTTP/2 up to draft 13 (h2-13) but the development branch supports later versions. Now HTTP/2 is finalised I would expect Wireshark to support the final draft fairly soon.

 

One important point, for TLS encrypted HTTP/2 traffic you'll need to have your browser/client export the session SSL keys to a keyfile that Wireshark can then read to decrypt the traffic. This is done by setting the environment variable SSLKEYLOGFILE.


Other proxies - Fiddler and Charles

 

At time of writing the popular Fiddler and Charles debugging proxies don't support HTTP/2. This is due to the underlying Java and .NET communication libraries they uses not having the necessary protocol support.

Outcomes