Summary
Debug files that capture the communication between a client machine and server machines, such as a user’s computer and the ArcGIS Online servers, can be a vital source of information for resolving Esri Support Cases. While troubleshooting issues related to web-based Esri applications and services via screenshare and over the telephone is preferred, Esri Support Services recognizes that in some complex or urgent cases, analysts will need to ask users to provide these debug files for troubleshooting purposes. These debug files can either be captured as HAR files using the Developer Tools (DevTools) in the web browser or via a web capture program such as Telrik's Fiddler.
Although debug files can be crucial to quickly resolving issues, it is important to note that these files may also contain sensitive information, including but not limited to:
- ArcGIS authorization tokens
- Sensitive URL Query Parameters
- Sensitive information (usernames and passwords) in a request body
- Sensitive information (other query parameters) in a request body
- Sensitive information in a response body
- Cookie details
Esri values the security and privacy of their customers’ data, and as such, acknowledges the potential security and privacy issues associated with sharing debug files. To limit these risks, Esri recommends 'sanitizing' these files (instructions below) prior to sharing client debug files with Esri support.
Esri cannot be held liable if this notice is ignored, and Esri cannot sanitize debug files on a customer’s behalf. While by policy Esri Support Services uses a secure environment to test customer data and review client debug files, this environment, by necessity, cannot be completely isolated and can access:
- ArcGIS Online
- Esri managed file transfer services (read-only FTP to download customer provided datasets)
- Esri Support case attachments (read-only FTP to download customer provided datasets)
Access to all other hosts is denied.
All files sent to Support services will be deleted in 90 days.
If there are doubts regarding the content of debug files or regarding Esri’s customer provided client trace sanitization procedures, Esri recommends that customers choose to NOT share debug files with Esri support services and work with the support analyst to address the problem via other methods.
Procedure
Capturing Debug Files (HAR) in the Browser
The following instructions are for capturing debug files using common browsers. In each case, it is important to capture only the traffic that occurs during the problematic steps to limit unnecessary secure information from being captured, reduce file size, and to filter out unrelated traffic from troubleshooting analysis.
Google Chrome
- Open Google Chrome and go to the page where the issue is occurring. Perform all steps in the process prior to the one that is causing the issue.
- In the browser, at the top right, click on the vertical ellipsis button () and in the drop-down menu click More Tools, and click Developer tools.
- To undock the DevTools pane, click the vertical ellipsis button () on the DevTools pane and select the first option to Undock into separate window () in the Dock side section.
- Select the Network tab.
- Look for a round Record button ( ) in the upper left corner, and make sure it is red. If it is grey, click it once to start recording
- Select the Preserve log checkbox.
- Click the Clear button ( ) to clear all current network requests from the network panel.
- With the DevTools open, reproduce the issue while requests are being recorded.
- Once you have reproduced the issue, in Chrome, click the Export HAR down arrow () to download, and save the file to your computer.
For more information on capturing a HAR with Google Chrome, see Open Chrome DevTools on the Google Developers website.
Microsoft Edge (Chromium)
- Open Microsoft Edge and go to the page where the issue is occurring. Perform all steps in the process prior to the one causes the issue.
- In the browser, at the top right, click the horizontal ellipsis button () and in the drop-down menu, click More Tools, and click Developer tools.
- To undock the DevTools pane, click the vertical ellipsis button () on the DevTools pane and select the first option to Undock into separate window ( ) in the Dock side section.
- Select the Network tab.
- Look for a Record button ( ) in the upper left corner of the tab, and make sure it is red. If it is grey, click it once to start recording
- Select the Preserve log check-box.
- Click the Clear button ( ) to clear all current network requests from the Network panel.
- With the DevTools open, reproduce the issue while requests are being recorded.
- Once you have reproduced the issue in Edge, click the Export HAR button down arrow () to download. Then save the file to your computer.
For more information, see Save all network requests to a HAR file on the Network Analysis Reference page of the Microsoft Docs website.
Mozilla Firefox
- Open Mozilla Firefox and go to the page where the issue is occurring. Perform all steps in the process prior to the one that is causing the issue.
- In the browser, at the top right, click on the hamburger button () and in the dropdown menu click on More Tools then choose Web Developer Tools from the secondary dropdown.
- To undock the DevTools pane, click on the vertical ellipsis button () on the DevTools pane and select the Separate Window option.
- Select the Network tab at the top to open.
- Look for a round Play/Pause button in the upper left corner of the tab, and make sure showing the pause option ( ) If you see the play button () instead, click it once to start recording
- Click on the gear button () in the upper right corner of the panel, and click the Preserve Log option to check it on.
- With the Developer Tools open, reproduce the issue while requests are being recorded.
- Once you have reproduced the issue in Firefox, left-click on any request and select Save all as HAR, and save the file to your computer.
Capturing Debug Files (.HAR) for other programs
Esri Technical Support uses Telrik's Fiddler Classic to capture traffic that takes place outside of the browser, such as when troubleshooting ArcGIS Pro. As with browser-based captures it is important to capture only the traffic that occurs during the problematic steps.
To capture a .HAR file using Fiddler Classic you will need to:
- Download Fiddler Classic
- Follow steps 1 to 8 described in: How To: Use Fiddler to capture https connections and decrypt https traffic, stopping before you save the file.
- Once you have captured the traffic, open the File dropdown > Export Session > All sessions.
- In the pop-up dropdown select HTTPArchive v1.2 and click Next.
- Save the file.
Sanitize HTTP Archive (.HAR) files
Once the HAR file is captured, you will need to inspect it with a text editor such as Notepad, Notepad ++, or Sublime Text and remove all sensitive information using the steps below.
- Open the HAR file in a text editor, right-click the file, select Open With, then select the text editor application.
- Use the text editor's Find and Replace tools to identify and replace all sensitive information captured in the HAR file. This includes:
- usernames
- passwords
- API keys - these are long strings of letters, numbers, and symbols used to access custom applications, and look like this:
AAPK5f9f39a988764653b27dd7d01fa14d35kfSLvKsiJoeoXX2oFBXE_021u_apQt1eAssZEfnmcri1hUhBmHEyxoOXJhaW9xgie
- Authorization Tokens - these are long strings of letters, numbers, and symbols, similar to API keys, but used in any web-based Esri application to authenticate the user. Tokens will look like this:
VBQlHZ__ONCdOUPteoQPfEEPYTyrfy3XugMasrGO90rUmGiMa_tzvjfksFsZ57MtTE1gywBYtVhrldIKuPPu7MFt4u6ukauvDtH4r2kZePZtgbCFomXc0ThIuwF9cPK6LNTFOJ3Q850ilLO2zP6kzmaY0cfnsJBMcoPmFH9BOLamDQFig3628HwU53xis4gIiEJNkWhnI3ynb
-
- Search for any “generateToken” calls and delete them.
- Any other pieces of sensitive information (for example, if your data includes a field with identifying information about medical patients, you would want to search for, and remove, this information.) If you have any questions about whether your data is sensitive, please reach out to the data scheme owner in your organization and review the data classification with them. Esri cannot provide guidance on what each customer organization considers sensitive.
- Save the edited HAR file with the sensitive information removed.
- Provide the HAR to Esri Support Services with written notice that you have:
- reviewed these instructions
- and have sanitized the client debug archive prior to providing it to Esri Support Services.
If you are unable to take the appropriate steps to sanitize the HAR file of tokens specifically, please wait 30 minutes from the time the network traffic was captured to share the file via the Support case.
- This is to ensure that all tokens have expired and cannot be used for unwarranted access/authorization.
If you have any questions about this, please feel free to discuss them with your Support Service analyst.