显示和记录HTTP流量的工具:httpry

jopen 10年前

httpry是专为显示和记录HTTP流量而设计的工具。它不是旨在进行分析本身,而是可以捕获,分析和/或记录流量供以后分析。它可以实时地运行展示线上实时流量,或作为守护进程记录到输出文件中。它尽可能写得轻巧和灵活,这样, 它可以很容易地适应于不同的应用。它不显示 原始的HTTP数据传输,而是着重于分析和显示 请求/响应线以及相关的报头字段。

"那这个工具有什么用呢?" 以下是一些应用的场景:     > 看看用户在你的网络上在线浏览什么   > 检查是否正确的服务器配置 (or improper, as the case may be)   > 在HTTP中使用模式的研究   > 关注危险下载的文件   > 验证HTTP策略在网络上的实施   > 提取的HTTP统计输出保存在捕捉文件   > It's just plain fun to watch in realtime
用法:
Running httpry with no options will cause it to listen on the first network  device and output to the console with some sane defaults. The -h switch will  print out an abbreviated description of the available options to change the  defaults. This section describes these options in greater detail.    httpry [ -dFhpqs ] [ -b file ] [ -f format ] [ -i device ] [ -l threshold ]         [ -m methods ] [ -n count ] [ -o file ] [ -P file ] [ -r file ]         [ -S bytes ] [ -t seconds ] [ -u user ] [ 'expression' ]    -b file  Write all processed HTTP packets to a binary pcap dump file. Useful for  further analysis of logged data.    -d  Run the program as a daemon process. All program status output will be sent  to syslog. A pid file is created for the process in /var/run/httpry.pid by  default. Requires an output file specified with -o.    -f format  Provide a comma-delimited string specifying the parsed HTTP data to output.  See the doc/format-string file for further information regarding available  options and syntax.    -F  Disable all output buffering. This may be helpful when piping httpry output  into another program.    -h  Display a brief summary of these options.    -i device  Specify an ethernet interface for the program to listen on. If not specified,  the program will poll the system for a list of interfaces and select the  first one found.    -l threshold  Specify a requests per second rate threshold value when running in rate  statistics mode (-s). Only hosts with a rps value greater than or equal to  this number will be displayed. Defaults to 1.    -m methods  Provide a comma-delimited string that specifies the request methods to parse.  The program defaults to parsing all of the standard RFC2616 method strings if  this option is not set. See the doc/method-string file for more information.    -n count  Parse this number of HTTP packets and then exit. Defaults to 0, which means  loop forever.    -o file  Specify an output file for writing parsed packet data.    -p  Do not put the NIC in promiscuous mode on startup. Note that the NIC could  already be in that mode for another reason.    -P file  Specify a path and filename for creating the PID file in daemon mode.    -q  Suppress non-critical output (startup banner, statistics, etc.).    -r file  Provide an input capture file to read from instead of performing  a live capture. This option does not require root privileges.    -s  Run httpry in an HTTP request per second display mode. This periodically  displays the rate per active host and total rate at a specified interval.    -S  Specify a number of bytes to skip in the ethernet header. This allows for  custom header offsets to be accounted for.    -t seconds  Specify the host statistics display interval in seconds when running in  rate statistics mode (-s). Defaults to 5 seconds.    -u user  Specify an alternate user to take ownership of the process and any output  files. You will need root privileges to do this; it will switch to the new  user after initialization.    'expression'  Specify a bpf-style capture filter, overriding the default. Here are a few  basic examples, starting with the default filter:     'tcp port 80 or 8080'   'tcp dst port 80'   'tcp dst port 80 and src host 192.168.1.1'

项目主页:http://www.open-open.com/lib/view/home/1411956741359