httpry
Capture and display HTTP traffic
TLDR
Save output to a file
Listen on a specific interface and save output to a binary PCAP format file
Filter output by a comma-separated list of HTTP verbs
Read from an input capture file and filter by IP
Run as daemon process
SYNOPSIS
httpry [options] [bpf filter]
PARAMETERS
-d
Daemonize
-i
Listen on
-n
Exit after receiving
-o
Log to
-p
Don't run in promiscuous mode
-s
Snap length (default: 2048)
-u
Drop privileges to
-h
Show help
-v
Show version
Berkeley Packet Filter (BPF) expression
DESCRIPTION
httpry is a specialized packet sniffer designed for displaying and logging HTTP traffic. It doesn't perform protocol analysis beyond recognizing HTTP requests and responses, making it very lightweight and efficient for capturing HTTP headers.
It captures packets from the network interface, analyzes them, and displays information about HTTP requests and responses, including headers, methods (GET, POST, etc.), URLs, status codes, and other relevant data.
Unlike general-purpose packet sniffers like tcpdump or Wireshark, httpry focuses exclusively on HTTP, providing a more streamlined and human-readable output for HTTP-related troubleshooting, analysis, and monitoring.
It can log the captured traffic to a file for later analysis.
This tool is designed to be silent; it doesn't inject or modify network packets.
CAVEATS
httpry only captures HTTP headers. It does not analyze the content of HTTP bodies. Also, HTTP/3 protocol, and encrypted packets (HTTPS) are not visible without decryption.
BPF FILTERS
httpry uses Berkeley Packet Filters (BPF) to filter network traffic before analyzing it. This allows you to specify complex conditions to capture only the HTTP traffic you're interested in. For example, 'port 80 or port 8080' captures traffic on standard HTTP ports. 'host example.com' captures traffic to/from example.com. BPF filters can significantly improve performance by reducing the amount of data that httpry needs to process.
HISTORY
The history of httpry is somewhat difficult to trace in detail, as it is often distributed as part of penetration testing or security auditing toolsets. Development has been consistent over the years by various contributors, improving its features and functionalities to keep pace with changes in HTTP protocol and network security practices. It is primarily used for web traffic analysis, security auditing, and debugging HTTP-based applications.