(Article from Hogwarts Testing Institute)
What exactly is an interface test? Why interface tests? What tools does it have? With this list of questions pounding at us, take these questions and find answers in this article as I open the door to interface testing.
1 Initial interface test
What an interface test is. It checks the process of data exchange, transfer and control management. It bypasses the mobile side and tests the server side.
You’ve heard of UI testing, which tests the front end. Selenium is a typical UI testing tool. Can YOU use UI testing to diagnose the back end? Can’t be!
Because the back end is very complex, as shown below. UI testing cannot cover such a complex link, and Selenium is inadequate in such a large structure. This is why we bypass the mobile side and use interface testing instead.
So what are the advantages of interface testing? We layered the test, as shown in the picture below. The higher up the test, the slower the speed, the later the bug detection, interface testing (service) can find problems earlier than UI testing, faster quality feedback.
Since interface testing is superior to UI testing, why don’t we eliminate UI testing? While the UI interface is unstable (it changes a lot) and shallow (it doesn’t cover all the back-end testing), there are a lot of things on the UI side that can’t be replaced, like how nice the color is, how many decimal places show up, whether the buttons are too small, and so on.
A lot of people think they can do just one test, but what you don’t know is that testing is a whole, and it can’t be replaced with each other. We expect an excellent engineer to be at least up to our level 3.5 standard. This is the core of automated testing + interface + continuous integration
— Hogwarts Testing Institute: Think cold
Our interface testing tools rely on the following seven-tier network model, but seven-tier is just a concept and only really uses five tiers (TCP/IP). Tcpdump, for example, is super low-level, sniffing at the network layer, and therefore requires root privileges.
Interface test tools can be classified as follows:
- Network sniffing tools: tcpdump and Wireshark
- Proxy tools: Fiddler, Charles, AnyproxyBurpSuite, MitmProxy
- Analysis tools curl, Postman, Chrome Devtool
Some of the tools are introduced below. I’ll tell you why, how, and the connections between the tools.
2 tcpdump
First came tcpdump. Complete interception of the “head” of packets transmitted in the network for analysis. It supports filtering by network layer, protocol, host, network or port, and provides logical statements such as AND, OR, or not to help you get rid of useless information.
As mentioned above, it sniffs at the network layer, is a super low-level tool, and we know its power with a few commands.
For example, you can have the administrator tcpdump listen to port 443 at all times and report to us if something goes wrong:
tcpdump port 443 -v -w /tmp/tcp.log
- Port 443 Listens on port 443
- -v displays slightly more detailed information
- -w Writes data to log
Using this command, you will save the generated reports to the directory/TMP /tcp.log, and then I will lead you to analyze the reports generated by tcpdump using Wireshark to experience their friendship.
3 wireshark
Wireshark is also a network sniffing tool. It includes tcpdump and other extended functions, such as analysis tools.
But it has one drawback, how can our packets go through HTTPS, you can’t catch them, because HTTPS is an encrypted message, encrypted to make the message more reliable, browsers hate it, they’ll convert HTTP to HTTPS, so what websites can use HTTP?
- Search mp3 on Baidu: www.baidu.com/s?wd=mp3
This is a typical HTTP request, first intercepted with tcpdump and generated log, then opened with Wireshark tcpdump generated log: you will see the first few items are very strange things, what is this?
It’s a three-way handshake. Why a three-way handshake? Since the channel is unreliable, we need to make sure it is stable before we can send data, and the three-way handshake is like the following:
- First handshake: When establishing a connection, the client sends a SYN packet (SYN = J) to the server and enters the SYN_SENT state, waiting for the server to confirm.
- Second handshake: After receiving a SYN packet, the server must acknowledge the client’s SYN (ACK = J +1) and send a SYN packet (SEq = K). In this case, the server enters the SYN_RECV state.
- Third handshake: After receiving the SYN+ACK packet from the server, the client sends an ACK packet (ACK = K +1) to the server. After the packet is sent, the client and the server enter the ESTABLISHED state (TCP connection is successful) and complete the three-way handshake.
If you’re feeling dizzy, try this:
- The dev guy greets the beta girl
- The tester nods and smiles and replies simply
- The developer nodded and smiled
By saying hello, they can further communicate, as follows:
Time flew by, and after an afternoon of chatting, it was time to say goodbye, so he waved four times:
- First wave: The client sends a FIN to the server to disable data transmission.
- Second wave: The server receives the FIN of the client and sends an ACK with the ACK value equal to FIN+SEQ to the client
- Third wave: The server sends a FIN to the client to tell the application to shut down.
- Fourth wave: The client sends an ACK to the server after receiving the FIN from the server. The ack value is FIN+SEQ
The process is like this:
- Developer: “It’s time to say goodbye”
- Test girl: “HMM”
- Test girl: “See you next time.”
- Developer: “Ok”
It is important to note that a request can be broken into multiple packets, as can data, so you will see many packets in Wireshark.
If Wireshak includes tcpdump, why are we exporting tcp.log instead of using Wireshark to capture packets?
In the interface test, the packet capture process was all performed on the server. The server was a hot-temper and did not provide you with a UI, but the Wireshark did not work on the server, so you instantly became blind.
You can use tcpdump to capture packets and generate logs. Then, the logs are distributed to the Wireshark for analysis on the wireshark. Wireshark can’t analyze HTTPS packets. No, we’re powerful. Charles, the proxy tool, can crack HTTPS.
Because this article is limited, please check out the Hogwarts Testing Institute video for details and use of Chrome Devtool.
4 chrome Devtools
This is chrome’s own analytics tool. To use it, check command Line -> More Tools -> Developer Tools and right-click on the page to open the analysis tool. It should be noted that this time we only focus on network, which is very comprehensive, such as status, type and so on.
Here it is in full view. Click on a link to see the interaction details below.
The list is long enough to filter by clicking on XHR, which can either synchronously or asynchronously return the Web server’s response and can return the content as text or as a DOM document. Right-click ->copy->copy as curl, the following is a snowball simulation search request “souguo” command.
However, when we run it directly from the command line, you’ll notice that there are some problems because cookies are missing:
curl ‘
Stock.xueqiu.com/v5/stock/ba…’ -H ‘Accept: */*’ -H ‘Referer:
xueqiu.com/k?q=sogo’ -H ‘Origin:
xueqiu.com’-h’ user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5_) AppleWebKit/ 57.36 (KHTML, like Gecko) Chrome/ 57.36 ‘–compressed
Windows does not contain the curl command. You need to install the curl command. To use the curl command, check out the hogwarts Test Institute teaching video.
Windows does not contain the curl command. You need to install the curl command. To use the curl command, check out the hogwarts Test Institute teaching video.
5 Common Interview Questions
1. The HTTP and HTTPS
Using the following curl command to access testerhome, you will see that it contains connection success, server authentication, encrypted connection, etc., which I call encryption.
- -VVV: View details
After the encrypted connection above is complete, you can move on to the subject and see a series of fields, including the request type is GET and what the request is about. Note that the < symbol returned below refers to what the server is returning to us, keep-alive means to keep alive, not to wave four times, etc. I call these themes.
Again, I attached the wireshark HTTP content:
See? The theme is exactly the same. So the conclusion is that HTTPS is essentially the same thing as HTTP, but the difference is this encryption process, HTTPS tries to encrypt links, and this encryption is really annoying to us developers, and I have to admit, HTTPS is great, it protects us.
The browser is great, too, converting HTTP links to HTTPS.
2. The difference between session and cookie
The first time you visit Baidu, you will get the setCookie command. So the browser saves a copy locally, and when it visits again, the browser puts the cookie in the request header, adding this mechanism to track the progress of a person’s visit.
So what is session? Session is a special cookie, which stores all the data in the server. There is only one ID locally, and the server can use the ID to find its corresponding data.
3. Differences between GET and POST
When making requests, we often see get and POST. What’s the difference? In the mysterious beauty of the World Wide Web, TCP is like a transport car. We use TCP to transport data.
It’s hard-working and reliable, and it never goes missing. If the road was full of identical transport cars, the road would be a mess, because cars in a hurry (police cars) could be blocked by cars in front of them because they are all TCP.
To prevent this from happening, the police made a traffic rule: HTTP. HTTP categorizes cars into categories like GET, POST, PUT, DELETE, and so on. HTTP states that cars with GET requests must be labeled AS GET, and the data to be sent must be placed on the roof of the car (in the URL). If it is a POST request, attach the POST label and put the goods in the compartment (request body).
Of course, you can also hide some goods in the body of the train when you GET it. You can also put some data on the roof (in the URL) when you POST. HTTP is just a code of conduct, TCP is basically how GET and POST are implemented.
The six is at the end
Of course, there is much more to interface testing than this, you need to know more, like how does Charles actually work? What happens when you open a website? What can be surreptitiously done using nc hacking tools to simulate browsers? What must an HTTP header have?
(Article from Hogwarts Testing Institute)
