显示和记录HTTP流量的工具:httpry
jopen
10年前
httpry是专为显示和记录HTTP流量而设计的工具。它不是旨在进行分析本身,而是可以捕获,分析和/或记录流量供以后分析。它可以实时地运行展示线上实时流量,或作为守护进程记录到输出文件中。它尽可能写得轻巧和灵活,这样, 它可以很容易地适应于不同的应用。它不显示 原始的HTTP数据传输,而是着重于分析和显示 请求/响应线以及相关的报头字段。
"那这个工具有什么用呢?" 以下是一些应用的场景: > 看看用户在你的网络上在线浏览什么 > 检查是否正确的服务器配置 (or improper, as the case may be) > 在HTTP中使用模式的研究 > 关注危险下载的文件 > 验证HTTP策略在网络上的实施 > 提取的HTTP统计输出保存在捕捉文件 > It's just plain fun to watch in realtime用法:
Running httpry with no options will cause it to listen on the first network device and output to the console with some sane defaults. The -h switch will print out an abbreviated description of the available options to change the defaults. This section describes these options in greater detail. httpry [ -dFhpqs ] [ -b file ] [ -f format ] [ -i device ] [ -l threshold ] [ -m methods ] [ -n count ] [ -o file ] [ -P file ] [ -r file ] [ -S bytes ] [ -t seconds ] [ -u user ] [ 'expression' ] -b file Write all processed HTTP packets to a binary pcap dump file. Useful for further analysis of logged data. -d Run the program as a daemon process. All program status output will be sent to syslog. A pid file is created for the process in /var/run/httpry.pid by default. Requires an output file specified with -o. -f format Provide a comma-delimited string specifying the parsed HTTP data to output. See the doc/format-string file for further information regarding available options and syntax. -F Disable all output buffering. This may be helpful when piping httpry output into another program. -h Display a brief summary of these options. -i device Specify an ethernet interface for the program to listen on. If not specified, the program will poll the system for a list of interfaces and select the first one found. -l threshold Specify a requests per second rate threshold value when running in rate statistics mode (-s). Only hosts with a rps value greater than or equal to this number will be displayed. Defaults to 1. -m methods Provide a comma-delimited string that specifies the request methods to parse. The program defaults to parsing all of the standard RFC2616 method strings if this option is not set. See the doc/method-string file for more information. -n count Parse this number of HTTP packets and then exit. Defaults to 0, which means loop forever. -o file Specify an output file for writing parsed packet data. -p Do not put the NIC in promiscuous mode on startup. Note that the NIC could already be in that mode for another reason. -P file Specify a path and filename for creating the PID file in daemon mode. -q Suppress non-critical output (startup banner, statistics, etc.). -r file Provide an input capture file to read from instead of performing a live capture. This option does not require root privileges. -s Run httpry in an HTTP request per second display mode. This periodically displays the rate per active host and total rate at a specified interval. -S Specify a number of bytes to skip in the ethernet header. This allows for custom header offsets to be accounted for. -t seconds Specify the host statistics display interval in seconds when running in rate statistics mode (-s). Defaults to 5 seconds. -u user Specify an alternate user to take ownership of the process and any output files. You will need root privileges to do this; it will switch to the new user after initialization. 'expression' Specify a bpf-style capture filter, overriding the default. Here are a few basic examples, starting with the default filter: 'tcp port 80 or 8080' 'tcp dst port 80' 'tcp dst port 80 and src host 192.168.1.1'