Wednesday, 10 September 2014

Using Wireshark to observe Mobile HTTP Network traffic

You can find wireshark on line - it is a free tool.

https://www.wireshark.org/

Note that you may not be able to capture the mobile traffic on Windows because of WinPCap limitations. You may need to buy an additional adapter to do this. I'm using Mac to show you this functionality.
http://wiki.wireshark.org/CaptureSetup/WLAN#windows

What is it?

Wireshark is a tool for monitoring network traffic. Unlike an HTTP proxy server where you have to configure your machine to point to the HTTP proxy server in order to monitor the traffic. With Wireshark, you tell it to capture traffic from your network card, and it can then capture any traffic going through that network.
So if your mobile device is on the same wifi network as your Wireshark machine's wifi card. Then you can capture the wifi traffic, filter it, and then monitor the HTTP traffic from your mobile device.

Why would I want to do that?

Because sometimes the mobile app you are testing does not honour the proxy settings of the device and goes direct, so you don't see the traffic.
And because you can start learning more about the network traffic layers being used by your application and your device in general.
(It's also fun to hook into hotel wifi and airport lounge wifi - but don't tell anyone.)
But the serious point, is that we know we want to observe the http traffic. If we have the issue that we can't because we can't configure the app to point to the proxy then we need other options. We need to increase our flexibility to approaching the observation. So we have a new option - work at the network traffic level, rather than proxy.
Our aim is to keep looking for new ways of achieving our outcomes. Not finding tools, for the sake of tools. But finding new approaches.

Installing Wireshark

On Windows

The Windows install is simple. Just download and run.
https://www.wireshark.org/download.html

On Mac

Mac install was a little harder for me and it didn't work out the box so I had to do the extra steps to add the application to XQuartz
If it doesn't work then you could try, start xquartz In the Applications menu of Xquartz, customize it and "Add Item" with the command:
  • "open /Applications/Wireshark.app/Contents/MacOs/Wireshark"
  • or "open wireshark"
  • or "wireshark"
Then you could try, running wireshark from the Applications menu in XQuartz, or from the application icon directly.
You might find these links helpful if you are on a mac:

On Linux

I haven't tried the install on linux - I imagine the instructions on the Wireshark website work fine.

First Usage

Wireshark, can seem intimidating initially to work with.
It is a complicated tool and there is a lot to learn about it.

Start a Capture

On the main page, select your network card hooked to the wifi network. Then click "Capture Options".
In Capture options table. Check to see that "Mon. Mode" says enabled, for the interface you want to use. If it doesn't, you'll only see your own traffic.
To change "Mon. Mode", double click the item in the table, and choose "Capture packets in promiscuous mode" and "Capture packets in monitor mode", press [OK].
Then [Start] the capture.
If you are on an encrypted network then you might need to decrypt the traffic.
http://wiki.wireshark.org/HowToDecrypt802.11
I sometimes have to fiddle with the IEEE 802.11 preferences: changing them, hitting apply, changing them, etc. Until I see the actual http traffic.
I also have to disconnect the android device from the network, and then reconnect it, so that it sends the initial network connection and decryption packets. Feel free to test on open networks where you don't have these type of issues because they are insecure if you want to.

Filter the capture

At this point your going to start seeing a lot of traffic flowing through your network.
So you want to filter it.
in the filter text editor type "ip.addr eq 192.168.1.143" or whatever the ip of your device is, to start seeing that traffic.
then if you just want to see the http traffic you can do
"ip.addr eq 192.168.1.143 and http"
or, to see just the GET requests:
"ip.addr eq 192.168.1.143 and http.request.method eq "GET""
This is a useful tool to have in your toolbox, for those moments where you have less control over the application under test, but still want to observe the traffic in your testing.

You can see examples of Wireshark in action to help test an Android app in our Technical Web Testing 101 online course.

Monday, 8 September 2014

StarEast 2014 Lightning Talk: "A Sense of Readiness"

At StarEast 2014, I presented a Lightning Talk as part of their "Lightning Strikes the Keynotes"
You can watch it here.
I make quite a lot of notes and prep for my talks before I present them, and so in this post I will walk you through some of the notes, and the process I used to get ready for the talk.
And I'll use the medium of the blog to expand on the topic a little with additional lessons learned from pulp authors, relating to test planning and preparation.


I think a lightning talk is 'as hard' as a full talk, in some ways it is harder. For those people who present a lightning talk as their 'first talk' because they think it will be easier. The only 'easy' part is that you are on and off the stage faster. I find I have to work much harder to condense my message into such a small time frame. 
I made notes on a few different topics, but eventually decided upon the theme:
  • "Are you ready to start testing tomorrow?"
with the title 
  • "A sense of urgency"? or "A sense of readiness"?
Because... "Are you ready to start testing tomorrow?" was a question I use when evaluating my strategy and planning process as a test manager, and when I'm a tester. I always want to know that I am ready to test tomorrow (or now) if I have to. And because I don't think everyone else adopts this frame of mind, I wanted to explore it a little.


My first step when preparing a talk is...
  1. to just talk
Given the title, I talk to the wall, record it, and make notes.
For me, this is a purely temporary measure, and I delete these artifacts afterwards.
Then I collate my notes into a small first person script like essay.
Which in this instance came out as a single thread below. By single thread I mean, one topic, one path through, no 'asides' or references to analogous material.

Over the years, I've been on site and people have been talking about a "sense of urgency", 'people' generally means management. And "sense of urgency" generally means "why aren't these people working harder to meet the deadlines that we have arbitrarily imposed upon them.
When I get involved, I don't usually try and solve that problem. What I like to focus on is a sense of readiness.
Because I often see testers - not ready to test the software. They are writing the strategy and the approach and everything else they are asked to, but they aren't getting ready. 
This is really basic but I ask people "could you start testing the software tomorrow"? If you could then you're in a pretty good place. If you're not ready, then you're in a pretty good place because you have your todo list to get ready, by asking 'what do we need in order to be ready'. Everything else - strategy, policy, approach, etc. is a bonus. Because if you're ready - you can communicate your readiness, and your 'documentation' is a result of taking the time to write it down.
And you need to be ready to test at different levels. functionality, requirements, domain, technology. But all of that is for nothing if you don't yet have the attitude that you could test this thing at the drop of a hat. Mentally building that 'testing' sense of readiness so that you could test it now, if you had to.
So I encourage you all. Build a sense of readiness. Are you ready to test a week from now, tomorrow, an hour from now, can you test it now? If not - work out why not and and stick that on your preparation list. and get ready.


This had the basics of what I wanted to cover. And I left it to sit for a while. Because really, I wanted to try multi-threading the talk. Adding in some analogous threads, creating and closing open loops as I talked.  I hadn't tried this approach for a short talk before, but since this wasn't a 'Lightning Talk', it was supposed to be a 'Lightning Keynote', I wanted to add more texture to the presentation.
And during the 'sitting' period I read a Novel called "Silvertip's Search" by Max Brand.
You can see my copy above. The London, Hodder and Stoughton edition, first published in 1948. (Max Brand died in 1944)

And in here, I found a passage that I thought fit my topic. A conversation between the head bad guy and one of his minions. 
Throughout the book, both the head bad guy, and the hero, are 'ready for anything' and 'at any time'. And In this paragraph, the head bad guy explains his secret.
"Are you laughing at me, chief?" he asked. "You know that nobody in the world can stand up to you."
"Nobody? Ah, ah, the world is larger than we are," said the criminal. "I should never pretend that nobody can stand up against me. All I know is that I keep myself in practice, patiently, every day, working away my hours." He sighed. "A little natural talent, and constant preparation. That's all it needs. You fellows are my equals, every one of you. Taking a little pains is all the difference between us..."
This is on page 70 of the edition I own.


Given this, I thought I could weave into the presentation: the text of the book, and additionally, Max Brand and his writing strategies. 
That would then give me at least three threads. One personal, one fictional, and one cross domain.
So my next set of notes looked like this.

Some managers like to talk about a “Sense of Urgency”, which in management speak means - why are my staff not working hard enough to meet these arbitrary deadlines we’ve set.
I read a lot of pulp novels. Most written to very tight deadlines. Generally filled with life and death decisions, made quickly, based on minimal information and minimal planning. Urgency in a pulp novel gets you killed, or lets the villain get away. Readiness defines the best heroes.
Max Brand knew a lot about deadlines. His official biography lists over 500 novels. and 400 short stories He was so prolific, that new books based on his outlines continue to be written and published after his death.
I see a lot of testers on site being busy, writing stuff like policies, strategies, plans, approaches etc. They think they are getting ‘ready’, most often they are complying with a ‘sense of urgency’ that says we need a strategy, or we need a plan. They are getting ready. They’re getting ready for their next meeting. But they are not getting ready for their testing.
And if you ask them. Are you ready? They’ll typically tell you about all the things they are waiting for, and they are in a holding pattern. 
And that’s not what I mean by readiness.
Readiness works at different levels. Could you test an application that you don’t know anything about about? But you understand the technology it is built on? Or you understand the domain it sits in. There are lots of models around readiness: skills, domain, the app requirements, techniques, technology, and these models all overlap.
And if you were ready, you could test the app from the point of view of any of these models and add value. And gain enough time to develop one of the other models and test from another perspective. Your strategies, and plans and policies become a communication and explanation of your readiness.
A Sense of Readiness leads to a confidence and flexibility that you could test something if it was delivered to you tomorrow, or now.
So back to Max Brand, and specifically his novel "Silvertip’s Search". 
One of the bad guys has betrayed his gang, and he’s up before the head bad guy trying to convince them not to kill him.
And I’ll paraphrase, here. Max Brand is a better writer than I’m making him sound like here.
The bad guy persuading for is life says “I wouldn't betray you boss, nobody can stand up to you”
And the boss disagrees, and Max Brand, or Faust, then has the lead bad guy describe his approach to writing. and it is “Nope, I don’t promise no-one is better than me. I just keep myself in practice, a little every day, constant preparation. We’re the same. Taking pains is all the difference between us”
Max Brand describes his prolific approach to writing. And how we go about developing a sense of readiness, because we don’t know what is going to come at us. All we can do is work on ourselves so that we have the confidence to tackle it if it comes in next week, or tomorrow, or today, or ten minutes from now.


I emboldened the first part of the sentence because that becomes the outline that I commit to memory to inform my talk.


At this point, I discovered the Internet Archive contains a version of the novel. The quoted paragraph is on page 86 of the Internet Archive version. Yes, if you want to read this novel, you can.
So I decided to download the novel to my Kindle and wrap the hardback cover around the Kindle as a 'prop' for the talk. Since I didn't want slides, and I was talking about the novel, having a physical representation of it seemed like a useful stage device. 
And I could possibly build some tension by 'teasing' a reveal early in the talk, then reading from the novel at the end of the talk.And I added the following lines into the outline.
I brought along a pulp novel for you. This is Silvertip’s Search. A western published in 1945, based on his pulp story published in 1933, written by Max Brand. Or Frederick Faust - his real name. He created the character of Destry, and probably most famously Dr Kildare.
And hidden In this novel, Max Brand describes the secret of his writing success.

You can watch the talk and see how closely it matches the outline above. I think I missed out some stuff and I think I added a little more.
 And now, in this blog, I can expand a little further - with information I wouldn't include in a lightning talk. 
If I was using this in a longer talk then I might well include the information I'm about to give you below.

Additional reasons I like pulp as an example of readiness... 
The pulp authors worked from small outlines:
  • A Title
  • A Paragraph
  • A Blurb
  • A short plot outline
They did this for a number of reasons:
  • They wrote for money.
    • So they had to pitch the story, and didn't want to spend the time writing a full treatment, so they pitched outlines. Sometimes they pitched titles, to see what grabbed attention.
  • They could expand them, quickly, when needed. 
    • Sometimes they would be asked to contribute a story to a magazine with only a few days notice because some other author had let the editor down. And out would come, either an earlier story that hadn't sold, or an expanded form from the outline. 
"Silvertip's Search" is a good example of this process. The novel, was an expanded version of one of Max Brand's short stories. So a published (and previously paid for) work, was expanded into a novel, which was then sold again. 
And because pulp authors worked like this, they often left behind lots of outlines, scraps of ideas, blurbs etc. Which hadn't been sold, or used, or expanded. Which is how pulp authors continue to publish work long after they are dead. Someone manages to take their fast preparation and turn it into something else.
 
And so, to relate this back to testing...
A lot of the time in testing we see promoted the idea that you have to prep in advance, and that your advanced prep has to have copious detail.
I don't think you have to. My experience of testing tells me otherwise.
I work to be 'ready' as fast as I can. I know there will be gaps in my readiness. But I know I could start, and add value, fast. And with each passing moment that allows me more time to prepare I increase my readiness, until at some point, I test.
And one external source of validation I use for this, is the work, and approach, of pulp authors.
Pulp authors used "a sense of readiness" to help them. We can too.



Thursday, 14 August 2014

How to convert VirtualBox to VMWare and install the ethernet device drivers

I couldn't work around the recent bug in VirtualBox version 4.3.14. It conflicts with my Anti-virus software under windows.

When I upgraded to version 4.3.15, I no longer experienced the anti-virus crash, but my networking was trashed and I couldn't get it working. So I decided to try and migrate over to VMWare.

I use VMWare Fusion on the Mac to run my Windows and Linux VMs, and VMWare VMs are cross platform. It seems like a sensible move, even though it will cost me some cash to buy the VMWare Player on Windows.

  • Step 1 - convert VirtualBox to an Appliance
  • Step 2 - load the appliance into VMWare
  • Step 3 - uninstall the VirtualBox addons
  • Step 4 - install the VMWare addons
  • Step 5 - edit the .vmxf file to change the network settings
  • Step 6 - reauthenticate the Windows license
  • Step 7 - enjoy your ported VM
  • Step 8 - delete the VirtualBox VMs

Step 1 - convert VirtualBox to an Appliance

In VirtualBox I exported the VM as an appliance using the "File \ Export Appliance..." menu.

Step 2 - load the appliance into VMWare

Using VMWare Player, I open the appliance using "Open a Virtual Machine".

VMWare complains about certificates, but we tell it to retry and continue.

Then it prompts to save as a VM location.

Voila, the VM is converted - but it doesn't work yet.

Step 3 - uninstall the VirtualBox addons

Start the VMWare machine, and uninstall the VirtualBox addons.

Step 4 - install the VMWare addons

Install the VMWare tools.

At this point, we should be finished, but I wasn't. I had to fix the networking.

It took me a while to find the right online resource for the next step.

Step 5 - edit the .vmxf file to change the network settings

I could not get the drivers for the ethernet adapters to work with the VMWare Windows XP VM.

I had to edit the .vmxf file that configures the virtual machine, and remove the "e1000" line.

Then, when I restart the machine, the correct drivers from the VMWare tools are used for the ethernet device.

I also had to make sure that the "Automatic Bridging Settings" in the VM Settings were set to bridge the correct networks, including the "Microsoft Wi-Fi Direct Virtual Adapter" and the "Microsoft Hosted Network Virtual Adapter".

Step 6 - re-authenticate the Windows license

At this point Windows complains that the hardware configuration has changed, and needs to re-authenticate.

For some reason, it wouldn't re-authenticate when I was logged in, so I had to restart the machine, and re-authenticate prior to the login.

Step 7 - enjoy your ported VM

I couldn't face a re-install of Windows, and downloading all the service packs etc. So I wanted to get this conversion working, which is why I persisted, and you now see my notes as a blog post.

So now. I'll use VMWare for my VMs on Windows, as well as Mac.

Hopefully, Oracle will fix VirtualBox fully, as I like to have options.

But I think VirtualBox has lost me as a user for my licensed Windows VMs. The conversion from VMWare to VirtualBox is not as easy as the conversion from VirtualBox to VMWare.

Step 8 - delete the VirtualBox VMs

Since I use licensed versions of Windows, in addition to the modern.ie VMs, I had to remember to delete the VirtualBox VMs.


Monday, 17 February 2014

Back to Basics: How to use the Windows Command Line

Those of us that have worked with computers for most of our lives, take the command line for granted. We know it exists, we know basically how to use it, and we know how to find the commands we need even if we can't remember them.

But, not everyone knows how to use the command line. I've had quite a few questions on the various courses I conduct because people have no familiarity with the command line. And the worst part was, I could not find a good resource to send them to, in order to learn the command line.

As a result, I created a short 6 minute video that shows how to start the windows command line, change to a specific directory, run some commands, and how to find out more information.



Start Command line by:
  • clicking on start \ "Command Prompt"
  • Start \ Run, "cmd"
  • Start \ search for "cmd"
  • Win+R, "cmd"
  • Windows Powertoy "Open Command Window Here"
  • Shift + Right Click - "Open Command Prompt Here"
  • type "cmd" in explorer (Win+e, navigate, "cmd")     
  • Windows 8 command from dashboard
Change to a directory using "cd /d " then copy and paste the absolute path from Windows Explorer.

Basic Commands:
  • dir - show directory listing
  • cd .. - move up a directory
  • cd directoryname  - change to a subdirectory
  • cls - clear the screen
  • title name - retitle a command window
  • help - what commands are available
  • help command - information on the command

If anyone wants more videos like this then please either leave comments here, or on YouTube and let me know. Or if you know of any great references to point beginners at then I welcome those comments as well.

Thursday, 13 February 2014

Introducing Virtualbox modern.ie Turnkey Virtual Machines for Web Testing

My install of VirtualBox prompted me to update today. And I realised that I hadn't written much about VirtualBox, and I find any videos I had created about it.

Which surprised me since I use Virtual Machines. A lot.


No Matter, since I created the above video today.

In it, I show the basic install process for VirtualBox. A free Virtualisation platform from Oracle which runs on Windows, Mac and Linux.

Also, Modern.IE, which I know I have mentioned before. The Microsoft site where you can download virtual machines for each version of MS Windows - XP through to Windows 8, with a variety of IE versions.

Perfect for 'compatibility' testing - the main use case I think Microsoft envisioned for the site. Or for creating sandbox environments and for running automation against different browsers, which I often use it to do.

I even mention TurnkeyLinux, where you can find pre-built virtual machines for numerous open source tools.

In fact the version of RedMine that I used on the Black Ops Testing Workshops to demonstrate the quick automation I created. I installed via a TurnkeyLinux virtual machine.

Oracle, even host a set of pre-built virtual machines.

A New Feature in VirtualBox (that I only noticed today)

I noticed some functionality had crept in to VirtualBox today.

The cool 'Seamless Mode' which I had previously noticed in Parallels on the Mac (as 'Coherence' mode) and on VM Fusion on the Mac called ('Unity' mode). This allows 'windows' on the virtual machine to run as though they were 'normal' windows on your machine - so not contrained within the virtual machine window.

I love this feature. It means I no longer have to keep switching in and out of a VM Window and can run the virtualised apps alongside native apps. And with shared clipboard and drag and drop, it seems too easy to forget that I ran the app from a VM.

If you haven't tried this yet. Download VirtualBox, install the Win XP with IE6 VM, and then run it in 'Seamless' Mode so you have IE6 running on the desktop of your shiny whiz bang monster desktop. Try it. Testing with IE6 becomes a fun thing to do - how often do you hear that?



Thursday, 6 February 2014

How to emulate mobile devices using Chrome browser

Google Chrome continually changes, which usually means good news as new features appear. Unfortunately sometimes it means changes to our existing workflow.
This happened recently when Google released a new version of Chrome, but moved the Emulator settings.
I eventually found them, and show you how in the video below:

Or for those of you that prefer to read, read on. I've added references at the bottom.
We have to start by using the Overrides in the Chrome developer tools settings. All the emulation used to exist here, but it has moved.
Right click, and Inspect, to show the developer tools. Then click the cog on the right to show the Settings. And show the Override settings.
So the first thing we do is make sure that we have checked "Show 'Emulation' view in console drawer".
Great.
So now where is the console drawer?
Close the settings and in the dev tools on any of these tabs, we can display the "Console drawer" by pressing the escape key, and lo the drawer did appear and an emulation tab was present.
And we can use the emulation tab to help us test.
In the demo video I show this in action on the bbc site.
Choose a device to emulate. I pick the "Samsung Galaxy Note II" because I have a physical device for that on my desk, and if I encounter any issues I can try the same functionality on my device.
Choose Device, Click Emulate, and you can see the screen size refreshes to a scaled smaller size.
You can amend the display settings using the 'Screen' options. By default it is shown scaled, but you can make if full size if you want.
But we still don't have the mobile site yet. So I refresh the screen. Using Ctrl+F5. And because Chrome is now sending the correct mobile headers for the Note II, we are directed to the Mobile site.
And now the issues.
I try and use the site. Click on the links. And nothing happens.
So, I change sensors and switch off the emulate touch screen. And we have a working site again.
This works on the Note, so it might be a BBC issue, or it might be a Chrome issue. But really it shows us the problems of testing through emulation, when we find suspected issues, we have to replicate them on a better emulator or a physical device.
But the Chrome emulation is so convenient on the desktop that for a first run check on the site, and certainly checking how your server responds to mobile headers, these are a great first step.
And you can stop the emulation by clicking the [Reset] button.
In the video I show a bonus, which I thought was an emulator bug, but seems to be by design by the BBC, where the Weather page does not redirect.
Chrome emulation? Very easy way to run a first check on the site, if you know how to access the functionality.
Additional References:

Tuesday, 17 December 2013

Software Development Summit 2013

I attended the Software Development Summit December 2013 in Helsinki.

I was fortunate in being asked to perform a keynote, and asked to fill in for a keynote speaker who unfortunately couldn't attend, so I did two keynotes. Lucky me.

You can find slides for the talks listed over on my Compendium Developments site.

I managed to catch up with Kristian Karl and learn more about the CI and testing regime at spotify, you can watch his Eurostar conference Experiences of Test Automation Webinar online (Q&A).

I was able to quickly hang out and see a few of the twitter enabled attendees: Johan Atting,  Johan Jonasson, Aleksis Tolonen, and my fellow Eurostar Committee member Maaret Pyhäjärvi

I did receive a pointer to FreeNest - an open source platform put together by students which is designed to help teams get up to speed with a set of collaboration tools on Ubuntu quickly.

But it was all over very quickly and I had very little time to chat with Ilari Aegerter or Gojko Adzic.

The only downside I had was that I had to miss Gojko's Keynote because I thought I was flying out early. Of course the London Fog had other ideas so instead of learning from Gojko, I was stuck at the airport instead of enjoying the end of the conference :).