TrafficLens - HTTP traffic inspector

Introducing Trafficlens – HTTP traffic inspector for developers

The problem

Does this sounds familiar to you? You create an API to power the latest features of your company iOS application. It’s the first time the iOS team integrate with the API and it’s not working. You then spend time looking through log files to see what the error was. Sometimes, that was insufficient. You then have to ask them to resend the request to your local endpoint so you can debug it. If only there is an easier way for you to see the HTTP traffic in real time

How a http inspector can help

That’s when Trafficlens can help you. It gives you a URL hosted by Trafficlens. Any requests sent to it are immediately forward to your original API unchanged. It then returns your API response. This allows it to serve an drop in replacement for your API. Trafficlens inspect all traffic and display them in real time in the console. Your team can immediately see what went wrong whether it’s a missing header or an incorrectly formatted response.

What about security?

A HTTP traffic inspector would capture and save your HTTP traffic for later viewing. Therefore security is of paramount importance. Here are the some of the security measures that Trafficlens take to protect your data

Encryption

Trafficlens encrypts all customers’ data including PII information such as name, email address and traffic data with AES-256 before saving to the database. We use AWS KMS to manage encryption key. See https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#enveloping for more information about encryption scheme that Trafficlens uses

Password & MFA

TrafficLens uses AWS Cognito service for user authentication. AWS Cognito is a service dedicated to secure authentication for companies like TrafficLens. They never store passwords in plaintext in data stores, and ensure all passwords are hashed and salted via bcrypt. More information on AWS Cognito’s security can be found here.

Our critical accounts (AWS, BitBucket, etc) enforce mandatory 2FA for people. SMS 2FA is discouraged over other 2FA medians. If a service allows non SMS based 2FA to be enforced, we make it mandatory.

Open source

I’m in the process of open sourcing the main http traffic inspector service. Follow along at https://github.com/maxclique/trafficlens-proxy

Next steps

This is my first side project that I launched. I have learned a lot and yet there are so much more to learn. I’m planning on documenting my business learning here as well as technical aspects of the service. Subscribe to my mailing list to learn more

/0 Comments/by
You might also like
What I learnt marketing TrafficLens - Part 1
0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.