MadCode Meetup: Sniffers

December 29, 2014

On December 16 we conducted our second MadCode Webinar dedicated to analysis and modification of HTTP requests for mobile applications testing. The main goal of MadCode was to share our experience in mobile development, which over the years has progressed quite a lot, and begin organizing dev meetups in Kiev. Yet, we go in the webinar format and plan to move further to live chat in a friendly environment .

Oleg Nikiforov, QA engineer has shared his experience about using sniffers — computer programs that can intercept and log traffic passing over a digital network for testing client-server communications in mobile applications.

While comparing client and cloud based sniffers, the main goal of his report was to convince listeners that working with the network traffic is a significant part of mobile apps testing, and it has to be performed in order to ensure that an app behaves correctly under various server conditions, as well as to help engineers rely less on the working server during development, testing, or conducting demos. For this purpose, a live example of working with Burp Suite (one of the most versatile sniffers) was presented during the webinar.

Our QA uses sniffers to improve testing of app’s interaction with server, by:

  • Ensuring that all possible server errors are handled correctly by the app.
  • Checking how the app handles user session.
  • Changing different parameters received from the server to see whether they are displayed correctly by the app, or not.
  • Logging server errors occurring while using the app.

Some disadvantages of using client-based sniffers are as follows:

  • network connection speed becomes slower (due to an additional unit between the client and the server);
  • in case of proxy’s running on device and sniffer is turned off — the entire connection will be down (in this situation, don’t forget to turn off proxy when work with sniffer is finished);
  • some services (like the AppStore) won’t be available while using proxy.

Common mistakes that can be found in the app using sniffers include:

  • incorrect handling of an expired user session (the app doesn’t get new session token or doesn’t prompt user to relogin);
  • not handling of network time-outs;
  • incorrect display of long values (e.g. username, full name, location, etc.) in the app;
  • incorrect handling of server errors.

Our work with sniffers is based on two tools:

  1. Burp Suite —
  2. Runscope —

It doesn’t mean that you should use only these sniffers, however they can offer you a rather big amount of functions useful in testing of mobile apps. The main trick is to try as many new tools as possible to gain a new experience and find what works for you in the best way to provide the proper quality assurance.