Flashback vs BrowserMob Proxy

[lazyuser]

From the first glance Flashback looks quite similar to BrowserMob Proxy. Both are HTTP(S) MITM proxies written in Java. BMP focuses on recording HAR (http archive), simulating bandwidth and latency, and online request/response interception which may be used for both simple blacklisting and complete rewriting. The rewriting can be used for replay, but replay is not a core feature and may require more manual work than with Flashback.

Can Flashback devs which are aware of BMP (or even inspired by it!) comment on the two project differences?

[sf1152]

We didn't aware BMP when we developed Flashback. Flashback is inspired by Betamax idea. I did have brief look at BMP implementation and at least one thing(please correct me if I was wrong) I noticed is that: From MITM proxy aspect, BMP is very similar to Betamax, they both relied on LittleProxy. That means regardless replay or record mode, the real request will go through LittleProxy to the internet(even it could return response from files in replay mode). This is big no in our testing environment because our integration test is running in an isolated environment which has no internet access. I believe similar like Betamax, BMP won't work without completely override LittleProxy. With Flashback, you could run in replay mode without internet needed so you also don't need worry about rate limiting from internet providers.

[jongler]

I believe you are wrong about Betamax. I'm using Betamax for 6 months now. When set to READ_ONLY mode, Betamax first tries to find a match in the tape file. If no match is found it return 403 Forbidden response, it does not go outside. It goes outside only in READ_WRITE/WRITE_ONLY mode.

Quote from Betamax documentation: READ_ONLY - The proxy will play back responses from tape but if it intercepts an unknown request it will not forward it to the target URI or record anything, instead it responds with a 403: Forbidden status code.

[sf1152]

One way you can easily verify is that setup READ_ONLY mode and turn off internet connection and see if you still can replay back successfully. Maybe I was wrong about Betamax

From what I was seeing in the past, Betamax could control what to replay back but not control proxy itself. Betamax intercept Http request but can't disable Http request to real target. If you take SSL into consideration, that TCP connection between proxy and target was built even before you start intercepting real request. What I found is that even Betamax could replay back response correctly, there is still connection between Betamax and your target endpoint( in internet). Our integration test environment t has no internet access, so this is hard requirement for us. Another scenario is that even when we have internet access, some testing requires periodically execution Http call in a very shot time. It ended up our testing account get captured or get rate limit error.

[jongler]

I did that exactly. Turned off the internet connection and run it with READ_ONLY & even READ_WRITE. All test passed! Moreover, I've captured the traffic (using Wireshark) while in READ_WRITE mode. There was no communication whatsoever with the remote target. Not even tcp three-way handshake. Perhaps you worked on an old version of Betamax? Anyway, your assumption is wrong. If that is the case is there any other good reason to prefer Flashback over Betamax?

[sf1152]

Probably you are right. There are new commit around that. I don't know what new feature Betamax have now so don't have answer whether use Flashback or Betamax. It looks like Betamax support your use cases very well. Are you looking for some feature that is not supported by Betamax now?