Shulou(Shulou.com)06/01 Report--

This article mainly explains "the method and steps of sniffing HTTP traffic on the command line of Linux system". Interested friends may wish to take a look. The method introduced in this paper is simple, fast and practical. Let the editor take you to learn the steps of sniffing HTTP traffic on the command line of the Linux system.

Suppose you want to sniff real-time HTTP Web traffic (such as HTTP requests and responses) on the network for some reason. For example, you may be testing the experimental functionality of a web server, or debugging Web applications or taking full advantage of REST services, or you want to troubleshoot PAC (agent autoconfiguration), or check for any malware files downloaded secretly from a website. Whatever the reason, sniffing HTTP traffic is mostly helpful, for system administrators, developers, and even end users.

Although packet sniffing tools such as tcpdump are widely used for real-time packet dumps, you still need to establish reasonable filtering mechanisms to capture only HTTP traffic; even then, it is often impossible to easily interpret their raw output at the HTTP protocol level. Real-time web server log analysis tools such as ngxtop provide human-readable traces of real-time website traffic, but they are only applicable when full access to real-time web server logs is available.

While it's nice to have sniffing tools like tcpdump, it's only for HTTP traffic. In fact, httpry is just one of the HTTP packet sniffing tools we need. Httpry captures real-time HTTP packets on the network and displays content at the HTTP protocol level in a human-readable format. In this tutorial, we will look at how to use httpry to sniff HTTP traffic.

Install httpry on Linux

On Debian-based systems (Ubuntu or Linux Mint), httpry does not appear in the base software library. So use its source code to build it:

_ FCKpd___0nbsp;sudo apt-get install gcc make git libpcap0.8-dev _ FCKpd___0nbsp;git clone https://github.com/jbittel/httpry.git _ FCKpd___0nbsp;cd httpry _ FCKpd___0nbsp;make _ FCKpd___0nbsp;sudo make install

On Fedora, CentOS or RHEL, you can use yum to install httpry, as shown below. On CentOS/RHEL, enable the EPEL software library before running yum.

_ FCKpd___1nbsp;sudo yum install httpry

If you still want to use source code to build httpry on RPM-based systems, it's easy to do this, as long as:

_ FCKpd___2nbsp;sudo yum install gcc make git libpcap-devel _ FCKpd___2nbsp;git clone https://github.com/jbittel/httpry.git _ FCKpd___2nbsp;cd httpry _ FCKpd___2nbsp;make _ FCKpd___2nbsp;sudo make install

The basic usage of httpry

The basic uses of httpry are as follows:

_ FCKpd___3nbsp;sudo httpry-I

Httpry then listens on a specific network interface and displays captured HTTP requests / responses in real time.

In most cases, however, as a large number of packets go in and out, you will see a fast scrolling output. Therefore, you should save the captured HTTP packets for offline analysis. To do this, use the "- b" or "- o" option. The "- b" option allows you to save the original HTTP packet to a binary file, and then play back the HTTP packet using httpry. On the other hand, the "- o" option saves httpry's human-readable output to a text file.

Want to save the original HTTP packet to a binary file:

_ FCKpd___4nbsp;sudo httpry-I eth0-b output.dump

Play back saved HTTP packets:

_ FCKpd___5nbsp;httpry-r output.dump

Please note that when you use the "- r" option to read the dump file, root permission is not required.

To save the output of httpry to a text file:

_ FCKpd___6nbsp;sudo httpry-I eth0-o output.txt

Advanced usage of httpry

If you only want to monitor specific HTTP methods (such as GET, POST, PUT, HEAD, CONNECT, etc.), you can use the "- m" option:

_ FCKpd___7nbsp;sudo httpry-I eth0-m get,head

If you download the httpry source code, you will notice that the source code comes with a series of Perl scripts that help analyze the httpry output. These scripts are located in the httpry/scripts/plugins directory. If you want to write custom scripts to analyze the httpry output, these scripts are good examples for reference. Some of these features are as follows:

Hostnames: displays a list of unique host names and number of hosts.

Find_proxies: test the website agent system.

Search_terms: find and count the search words entered in the search service.

Content_analysis: find URL with specific keywords.

Xml_output: converts the output to XML format.

Log_summary: generates a log summary.

Db_dump: dump the log file data to the MySQL database.

Before using these scripts, run httpry for a while with the "- o" option. Once you have the output file, use the following command to run the script once:

_ _ FCKpd___8nbsp;cd httpry/scripts _ FCKpd___8nbsp;perl parse_log.pl-d. / plugins

You may encounter warnings from several plug-ins. For example, if you do not create a MySQL database with a DBI interface, the db_dump plug-in may make an error. If a plug-in fails to initialize, it is automatically disabled. So, you can ignore those warnings.

After parse_log.pl is complete, you will see a lot of analysis results (* .txt / xml) in the httpry/scripts directory. For example, log_summary.txt looks like this:

At this point, I believe that everyone on the "Linux system command line sniffing HTTP traffic methods and steps" have a deeper understanding, might as well to the actual operation of it! Here is the website, more related content can enter the relevant channels to inquire, follow us, continue to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.