httpry

Inspect HTTP Traffic with httpry

The httpry utility is a lightweight packet inspector/analyzer specifically used to look at HTTP requests. It displays packet source and destination along with a request (GET, POST, PATCH, PUT) and the path followed by the response code, and other data going in the other direction.

Install httpry

httpry is available in the EPEL repo, and is easy to install with yum.

yum -y install httpry

Print HTTP requests to console.

To print HTTP requests to the console, simply use httpry with no arguments. It will automatically use the default interface and print packets to the screen.

httpry

Output looks like this:

2014-12-06 11:01:16     98.217.178.87   104.131.243.198 >       GET     centoshowtos.org        /       HTTP/1.1        -      -
2014-12-06 11:01:16     104.131.243.198 78.182.106.164  <       -       -       -       HTTP/1.1        200     OK

Run as Daemon

Sometimes it makes sense to let httpry run in the background as a daemon and log to a file for later parsing/analysis. To do this, we add the -d flag, and specify an output file with -o.

httpry -d -o /tmp/httpry_log-`date +%Y%m%d`.out

Specify an Interface

If you want to monitor a different interface than the default (say eth1), you just add the -i flag with the interface name.

httpry -i eth1

Run as Daemon as a non-privileged user with PID file

If you run as a daemon, and create a pidfile, you can use logrotate to rotate the log, and restart by sending a SIGHUP to the pid postrotate.

httpry -o /var/log/httpry.log -P /var/run/httpry.pid -d -F -u httpryuser

logrotate might look something like

/var/log/httpry.log {
daily
missingok
rotate 7
compress
delaycompress
notifempty
create 644 motorrobot motorrobot
sharedscripts
postrotate
[ -f /var/run/httpry.pid ] && kill -HUP `cat /var/run/httpry.pid`
endscript
}
(Comments)

Comments