Linux HTTP request monitoring Tool httpry---official documentation

Original address: http://dumpsterventures.com/jason/httpry/

Core Program

Httpry is a specialized packet sniffer designed for displaying and logging HTTP traffic. It is not a intended to perform analysis itself, but to capture, parse, and log of the traffic for later analysis. It can be run in real-time displaying the traffic as it's parsed, or as a daemon process that logs to an output file. It's written to being as lightweight and flexible as possible, so the it can be easily adaptable to different applications.

What can I do with it? Here's a few ideas:

• See who users on your network is requesting online
• Check for proper server configuration (or improper, as the case could be)
• The patterns in HTTP usage
• Watch for dangerous downloaded files
• Verify the enforcement of HTTP policy on your network
• Extract HTTP statistics out of saved capture files
• It ' s just plain fun-to-watch in realtime

Here's an example of the log file output using the default output format string:

# Httpry Version 0.1.8
# Fields:timestamp,source-ip,dest-ip,direction,method,host,request-uri,http-version,status-code,reason-phrase
2009-01-12 15:02:31192.168.0.16209.85.171.103>getwww.google.com/http/1.1--
2009-01-12 15:02:31192.168.0.16209.85.171.103>getwww.google.com/http/1.1--
2009-01-12 15:02:32192.168.0.16209.85.171.103>getwww.google.com/http/1.1--
2009-01-12 15:02:33192.168.0.16209.85.171.103>getwww.google.com/http/1.1--
2009-01-12 15:02:33209.85.171.103192.168.0.16<---Http/1.1200ok
2009-01-12 15:02:33192.168.0.16209.85.171.103>getwww.google.com/intl/en_all/images/logo.gifhttp/1.1--
2009-01-12 15:02:33209.85.171.103192.168.0.16<---Http/1.1200ok
2009-01-12 15:02:33192.168.0.16209.85.171.103>getwww.google.com/extern_js/f/ cgjlbhicdxmrmao4dswrma44aywrmbg4ayw/aq-hc7_2r8g.jshttp/1.1--
2009-01-12 15:02:33209.85.171.103192.168.0.16<---Http/1.1200ok
2009-01-12 15:02:33192.168.0.16209.85.173.101>getclients1.google.com/generate_204http/1.1--
2009-01-12 15:02:33209.85.173.101192.168.0.16<---http/1.1204no Content

Parsing scripts

Of course, the fun of collecting data was finding ways to analyze it. The log files is designed to being easily parsed by command line utilities, but sometimes you need to dig a little deeper. Complementing the core Httpry program was a set of parsing scripts for mining information out of generated log files. Most of these scripts is written as plugins for a core parsing script and include functionality for extracting search ter MS, searching for specified terms within client flows, and outputting the logs in XML among other things. It is relatively straightforward to write custom plugins for additional parsing tasks.

Latest News

The latest release adds a number of useful features and tweaks. VLAN tagged packets is now handled, and the PPP link type is supported. There ' s a new option available for specifying a custom Ethernet header offset. Packet parsing is also improved with better handling of the partial headers and a Non-zero read timeout for live captures. For specifics of the changes in this release, check out the Changelog

As with many previous releases, most of the major features and improvements in this version is a direct result of contrib Utions of code or ideas, which is always appreciated. The doc/authors file specifically lists those individuals as their contributions are greatly appreciated! The Httpry codebase is hosted on GitHub if you would like to file a bugs or contribute back to the project.

Linux HTTP request monitoring Tool httpry---official documentation