Shulou(Shulou.com)06/01 Report--

This article introduces the knowledge about "how to use httpry to sniff HTTP traffic under Linux". In the actual case operation process, many people will encounter such difficulties. Next, let Xiaobian lead you to learn how to deal with these situations! I hope you can read carefully and learn something!

Packet-sniffing tools such as tcpdump are commonly used for real-time packet dumps and require some filtering rules to capture only HTTP traffic. Even so, their output is difficult to understand and requires some basic knowledge of the protocol. Real-time Web server log analysis tools such as ngxtop provide readable traces of real-time web traffic, but only for logs with fully accessed Web servers.

Is there a powerful tool that targets HTTP traffic only? That's httpry, the HTTP packet sniffing tool. Captures HTTP packets and displays HTTP protocol-level content in readable format.

Install httpry

On debian-based systems such as Ubuntu, httpry is not included in the base repository.

$ sudo apt-get install gcc make git libpcap0.8-dev$ git clone https://github.com/jbittel/httpry.git$ cd httpry$ make$ sudo make install

Fedora, centos, RHEL systems require EPEL source installation

$ sudo yum install httpry

You can also compile the source code.

$ sudo yum install gcc make git libpcap-devel$ git clone https://github.com/jbittel/httpry.git$ cd httpry$ make$ sudo make install

httpry Basic Usage

$ sudo httpry -i

httpryMonitor captures and displays HTTP request and response packets in real-time under the specified network card.

In most cases, the output scrolls very fast and requires saving captured HTTP packets for offline analysis. You can use the-b or-o option. The "-b" option saves the original HTTP packet to a binary file that can then be replayed with httpry. The-o option saves readable output to a text file.

Save to binary file:

$ sudo httpry -i eth0 -b output.dump

Playback:

$ httpry -r output.dump

Save to text file:

$ sudo httpry -i eth0 -o output.txt

httpry Advanced Usage

If you want to capture specific HTTP methods such as GET, POST, PUT, HEAD, CONNECT, etc., you can use the '-m' option:

$ sudo httpry -i eth0 -m get,head

If you download the httpry source code, there is a perl script in the source directory that helps us parse httpry output. The script is in the httpry/scripts/plugins directory. If you want to write a custom parser for httpry output, these scripts are a good example. Functions include:

hostname : Displays a list of unique host names

find_proxies: detect web proxies

search_terms: Find and calculate search terms entered in search services

content_analysis: Finds URIs containing specific keywords

xml_output: output in xml format

log_summary: Generates a log summary

db_dump: dump logs to mysql database

Before using these scripts, run them for a while using the '-o' option. Once you have the output, run these script analyses:

$ cd httpry/scripts

$ perl parse_log.pl -d ./ plugins

After parse_log.pl is executed, it will generate some analysis result files (*.txt/xml) under httpry/scripts directory. For example, log_summary.txt looks like this:

All in all, httpry is a great help if you have a situation where you need to interpret real-time HTTP packets. The average Linux user may not interpret real-time HTTP packets very often, but it's never a bad thing to be proactive.

"How to use httpry to sniff HTTP traffic under Linux" is introduced here. Thank you for reading. If you want to know more about industry-related knowledge, you can pay attention to the website. Xiaobian will output more high-quality practical articles for everyone!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.