►
Description
A
Hello,
everyone
I'm
David
from
the
package
registry
team
and
today
with
us,
we
have
Rod
mowers
and
Dima
and
we
are
going
to
discuss
how
to
use
a
local
proxy
to
inspect
the
traffic
from
any
client
could
be
a
package
industry.
Current
could
be
the
docker
client
for
container
images
yeah,
it's
really
a
tool
that
can
be
applied
on
a
bunch
of
situations.
A
So
the
idea
is
to
have
a
small
server
running
that
will
act
as
a
proxy
and
that
server
will
allow
you
to
see
all
the
requests
and
all
the
response
bodies
which
sometimes
can
be
super
useful
in
the
package
registry.
We
have
a
bunch
of
clients
to
support
and
we
don't
always
have
a
press
back
on
what
to
expect
on
requests,
what
to
expect
on
parameters
and
and
yeah
what
to
expect
on,
for
example,
file,
uploads,
that's
another
subject,
so
I'm
going
to
share
my
screen.
A
A
So
it's
yeah
very
simple
tool.
You
can
install
it
with
blue
and
it
has
a
command
line
interface
or
a
web
interface.
Whatever
works
for
you.
So
what
I
wanted
to
go
through
is
simply
use
npm
to
pull
the
package
and
configure
this
proxy
so
that
we
see
the
traffic
I'm
using
npm.
But
again
you
can
use
this
with
Maven
and
nougat
Conan.
Well,
any
any
client,
even
even
Docker,
as
long
as
the
client
has
a
proxy
option,
which
is
usually
pretty
well
supported,
so
it
should
be
there.
A
A
And
that's
it:
we
are
going
to
add
the
npmrc
file
and
for
the
package
yeah,
given
that
this
is
to
check
the
interactions.
I
don't
want
to
pull
a
private
package
and
set
up
authentication.
So
what
I'm
using?
Is
this
thing?
We
do
have
this
project.
That
is
public.
You
can
see
it
here
and
it
has
a
bunch
of
dummy
npm
packages.
So
we
are
going
to
use
that,
given
it's
public,
you
don't
need
to
set
up
authentication
at
all.
So
that's
that's!
Okay,
so
the
npm
RC
file
super
quick.
A
A
Is
am
I
going
to
check
if
that
works,
or
not?
No
I'm,
pretty
sure
it's
working
I'm
going
to
clear
the
cache.
So
you've
got
this
thing:
yeah,
okay,
so
the
proxy!
Now
so
you
will
have
a
bunch
of
commands
at
your
disposal
I'm
going
to
use
the
web
one,
which
is
the
web
interface
and
usually
I,
use
the
Dash
a
option
which
means
that
there
is
always
SSL
in
the
way.
A
So
you
can
have
a
bunch
of
checks
if
the
proxy
has
to
check
for
the
validity
the
the
SSL
certificate
validity
on
the
target
server,
and
so
this
option
allows
to
disable
that
because
well
we
don't
care
about
SSL
errors
for
now,
so
this
will
open
a
new,
a
new
page
here.
So
now
it's
running
and
it's
basically
how
this
is
organized,
it's
that
you
will
see
one
row
per
request
and
that's
it.
A
A
Now.
This
is
the
the
part
where
you
need
to
configure
the
the
client
that
is
connecting
you
need
to
configure
the
proxy
aspect
so
for
npm,
that
is
done
with
the
config,
the
config
config
command.
You
set
a
proxy
and
we
are
going
to
say:
hey.
The
proxy
is
on
yeah.
This
address
zero,
zero,
zero,
zero.
Eighty
eighty
and
this
way
npm
will
redirect
all
the
traffic
there
this
works,
but,
given
that
we
in
the
npm
RC
file
here,
we
we
are
using
a
https
server.
A
A
If
I'm
not
wrong,
it
generates
a
local
certificate
and
well
you
would
need
to
update
the
the
client
to
accept
or
configure
to
say,
hey.
This
certificate
is
a
valid
one,
because
it's
a
safe
sign
certificate,
I
think,
but
that's
a
bit
beyond
my
knowledge
on
the
on
the
tool.
I
think
there's
a
way
to
like
install
the
certificate
widely
on
the
system,
so
that
it's
it's
always
accepted.
A
Usually,
what
I
do
is,
there
is
usually
a
way
to
disable
SSL
checks
on
clients
and
that's
what
I
use
it's
more
faster
and
actually
I
I
use
way
more
often,
the
proxy
tool
with
my
GDK
running
so
I
use
it
locally
and
locally
I,
don't
use
https,
I
use,
HTTP
and
so
I
don't
have
these
problems.
So
well,
it's
it's
up
to
you
how
to
solve
this,
but
for
me
I,
just
disabled
the
SSL
checks
all
right.
We
can
then
install
the
package
that
is
I
think
we
have
lemons.
A
A
Yeah,
that's
this
is
for
get
request,
but
it
also
works
for
upload
requests,
delete
or
whatever
method.
Upload
requests
are
interesting
because
in
GitHub
the
file
upload
support
depends
on
how
the
files
are
sent.
So
we
need
to
have
a
very,
very,
very
good
or
accurate
idea
of
how
the
clients
will
send
the
the
file
uploads.
It's
mainly
either
a
body
upload
or
a
multi-part
file
upload.
So
we
need
to
know
which
one
is
which
one
of
these
two
things
are
using.
A
The
other
client
is
using,
and
so
this
tool
can
help
to
to
check
that.
What
else
can
you
do?
Yeah?
There
is
a
fun
thing
to
do.
If,
if
I
don't
know,
if
you
want
to
try
something,
you
can
also
intercept
and
intercept
and
modify
the
request.
So
let
me
do
this
pretty
quick.
Well,
I
guess:
I
can
just
skip
this
and
reinstall
this.
A
So
here
you
can
see
that
the
request
has
been
paused
and
you
can
actually
change
any
parameter
so
well,
in
this
case
it's
on
the
headers
HTTP
headers,
but
you,
you
would
see
query
params
if
we
had
some
of
them
or
or
a
body,
a
body
of
the
request
if
it
was
a
put
request,
for
example.
So
let's
say
that
we
change
the
version
of
the
user
agent.
A
We
can
let
go
the
request
and
then
it
will
stop
again
for
the
response
this
time
around.
So
we
can
even
change
how
the
other
things
are
presented
to
the
to
the
client
so
yeah.
What
can
we
change
here?
I,
don't
know
any
anything
can
be
changed.
So
it's
it's
really.
You
can
rewrite
the
requests
and
the
response,
and
then
you
you
can
just
let
go
and
yeah.
It
will
also
pause
on
the
second
request,
so
you
can
really
manipulate
the
request.
A
A
yeah
on
the
container
registry
side.
Sometimes
you
it's
it's
good
to
have
the
request
and
response
that
there
are
some
orchestration
between
the
the
requests
that
are
quite
complex
and
having
the
request
is
it's
it's
better
yeah
and
that's
that's
about
it
for
the
for
the
tool.
It's
nothing
too
magical.
A
B
B
B
A
A
So
what
I
did
is
that
you
have
in
the
Mac
OS
preferences
in
your
network.
You
can
set
up
a
proxy
for
HTTP
and
HTTP
as
traffic,
and
so
you
can
point
to
and
the
mitm
proxy
instance
the
the
address,
and
you
will
see
all
the
all
the
traffic
that
is
generated
by
your
Mac
and
that
included
the
client
I
I
wanted
to
to
check.
So
that's
another
way
to
check
how
things
are
doing.