LinuxCommandLibrary

httpry

Capture and display HTTP traffic

TLDR

Save output to a file

$ httpry -o [path/to/file.log]
copy

Listen on a specific interface and save output to a binary PCAP format file
$ httpry [eth0] -b [path/to/file.pcap]
copy

Filter output by a comma-separated list of HTTP verbs
$ httpry -m [get|post|put|head|options|delete|trace|connect|patch]
copy

Read from an input capture file and filter by IP
$ httpry -r [path/to/file.log] '[host 192.168.5.25]'
copy

Run as daemon process
$ httpry -d -o [path/to/file.log]
copy

SYNOPSIS

httpry [options] [bpf filter]

PARAMETERS

-d
    Daemonize

-i
    Listen on

-n
    Exit after receiving packets

-o
    Log to

-p
    Don't run in promiscuous mode

-s
    Snap length (default: 2048)

-u
    Drop privileges to

-h
    Show help

-v
    Show version


    Berkeley Packet Filter (BPF) expression

DESCRIPTION

httpry is a specialized packet sniffer designed for displaying and logging HTTP traffic. It doesn't perform protocol analysis beyond recognizing HTTP requests and responses, making it very lightweight and efficient for capturing HTTP headers.
It captures packets from the network interface, analyzes them, and displays information about HTTP requests and responses, including headers, methods (GET, POST, etc.), URLs, status codes, and other relevant data.
Unlike general-purpose packet sniffers like tcpdump or Wireshark, httpry focuses exclusively on HTTP, providing a more streamlined and human-readable output for HTTP-related troubleshooting, analysis, and monitoring.
It can log the captured traffic to a file for later analysis.
This tool is designed to be silent; it doesn't inject or modify network packets.

CAVEATS

httpry only captures HTTP headers. It does not analyze the content of HTTP bodies. Also, HTTP/3 protocol, and encrypted packets (HTTPS) are not visible without decryption.

BPF FILTERS

httpry uses Berkeley Packet Filters (BPF) to filter network traffic before analyzing it. This allows you to specify complex conditions to capture only the HTTP traffic you're interested in. For example, 'port 80 or port 8080' captures traffic on standard HTTP ports. 'host example.com' captures traffic to/from example.com. BPF filters can significantly improve performance by reducing the amount of data that httpry needs to process.

HISTORY

The history of httpry is somewhat difficult to trace in detail, as it is often distributed as part of penetration testing or security auditing toolsets. Development has been consistent over the years by various contributors, improving its features and functionalities to keep pace with changes in HTTP protocol and network security practices. It is primarily used for web traffic analysis, security auditing, and debugging HTTP-based applications.

SEE ALSO

tcpdump(1), tshark(1), ngrep(1)

Copied to clipboard