• Home
  • History
  • Annotate
Name Date Size #Lines LOC

..03-May-2022-

doc/H04-Jun-2014-858684

scripts/H04-Jun-2014-2,6601,748

test/H04-Jun-2014-2818

MakefileH A D03-May-20221.9 KiB6144

READMEH A D04-Jun-20146.5 KiB177129

config.hH A D04-Jun-20141.8 KiB6018

error.hH A D04-Jun-20141.6 KiB4425

format.cH A D04-Jun-20147 KiB282183

format.hH A D04-Jun-2014522 2310

httpry.1H A D04-Jun-20143.8 KiB9188

httpry.cH A D04-Jun-201426.4 KiB765568

methods.cH A D04-Jun-20144.1 KiB15999

methods.hH A D04-Jun-2014419 196

rate.cH A D04-Jun-201412.3 KiB407288

rate.hH A D04-Jun-2014529 207

rc.httpryH A D04-Jun-20142 KiB8154

tcp.hH A D04-Jun-20147.9 KiB18767

utility.cH A D04-Jun-20143.2 KiB13178

utility.hH A D04-Jun-2014592 229

README

1
2                        _     _   _
3                       | |   | | | |
4                       | |__ | |_| |_ _ __  _ __ _   _
5                       | '_ \| __| __| '_ \| '__| | | |
6                       | | | | |_| |_| |_) | |  | |_| |
7                       |_| |_|\__|\__| .__/|_|   \__, |
8                                     | |          __/ |
9                                     |_|         |___/
10
11
12                  HTTP logging and information retrieval tool
13                                 version 0.1.8
14
15         Copyright (c) 2005-2014 Jason Bittel <jason.bittel@gmail.com>
16
17                For further information about the program, see:
18                   http://dumpsterventures.com/jason/httpry
19
20       For modification and redistribution information, see COPYING file
21
22
23--{ ABOUT }--
24
25httpry is a tool designed for displaying and logging HTTP traffic. It is not
26intended to perform analysis itself, but instead to capture, parse and/or
27log the traffic for later analysis. It can be run in real-time displaying
28the live traffic on the wire, or as a daemon process that logs to an output
29file. It is written to be as lightweight and flexible as possible, so that
30it can be easily adaptable to different applications. It does not display
31the raw HTTP data transferred, but instead focuses on parsing and displaying
32the request/response line along with associated header fields.
33
34"How is this tool useful?" you may ask. Here's just a few ideas:
35
36 > See what users on your network are browsing online
37 > Check for proper server configuration (or improper, as the case may be)
38 > Research patterns in HTTP usage
39 > Watch for dangerous downloaded files
40 > Verify the enforcement of HTTP policy on your network
41 > Extract HTTP statistics out of saved capture files
42 > It's just plain fun to watch in realtime
43
44In addition to the core program, there are several Perl scripts included
45for processing httpry log files. They should be useful for a number of
46generic situations, and can serve as a useful starting point for your own
47log parsing toolset. More information about these scripts can be found in
48the doc/perl-tools file.
49
50
51--{ INSTALLATION }--
52
53httpry should compile on almost any *nix based OS with a relatively recent
54version of libpcap (specifically tested against 1.1.1 and newer). To compile
55and install, run these commands in the base httpry directory:
56
57 $ make
58 # make install
59
60which compiles the program and copies the binary and man page to their
61appropriate locations. You can run the binary from the compilation directory
62if you don't want to install it. To uninstall the program, run:
63
64 # make uninstall
65
66from the installation directory, or manually delete the executable and man
67page.
68
69
70--{ USAGE }--
71
72Running httpry with no options will cause it to listen on the first network
73device and output to the console with some sane defaults. The -h switch will
74print out an abbreviated description of the available options to change the
75defaults. This section describes these options in greater detail.
76
77httpry [ -dFhpqs ] [ -b file ] [ -f format ] [ -i device ] [ -l threshold ]
78       [ -m methods ] [ -n count ] [ -o file ] [ -P file ] [ -r file ]
79       [ -S bytes ] [ -t seconds ] [ -u user ] [ 'expression' ]
80
81-b file
82Write all processed HTTP packets to a binary pcap dump file. Useful for
83further analysis of logged data.
84
85-d
86Run the program as a daemon process. All program status output will be sent
87to syslog. A pid file is created for the process in /var/run/httpry.pid by
88default. Requires an output file specified with -o.
89
90-f format
91Provide a comma-delimited string specifying the parsed HTTP data to output.
92See the doc/format-string file for further information regarding available
93options and syntax.
94
95-F
96Disable all output buffering. This may be helpful when piping httpry output
97into another program.
98
99-h
100Display a brief summary of these options.
101
102-i device
103Specify an ethernet interface for the program to listen on. If not specified,
104the program will poll the system for a list of interfaces and select the
105first one found.
106
107-l threshold
108Specify a requests per second rate threshold value when running in rate
109statistics mode (-s). Only hosts with a rps value greater than or equal to
110this number will be displayed. Defaults to 1.
111
112-m methods
113Provide a comma-delimited string that specifies the request methods to parse.
114The program defaults to parsing all of the standard RFC2616 method strings if
115this option is not set. See the doc/method-string file for more information.
116
117-n count
118Parse this number of HTTP packets and then exit. Defaults to 0, which means
119loop forever.
120
121-o file
122Specify an output file for writing parsed packet data.
123
124-p
125Do not put the NIC in promiscuous mode on startup. Note that the NIC could
126already be in that mode for another reason.
127
128-P file
129Specify a path and filename for creating the PID file in daemon mode.
130
131-q
132Suppress non-critical output (startup banner, statistics, etc.).
133
134-r file
135Provide an input capture file to read from instead of performing
136a live capture. This option does not require root privileges.
137
138-s
139Run httpry in an HTTP request per second display mode. This periodically
140displays the rate per active host and total rate at a specified interval.
141
142-S
143Specify a number of bytes to skip in the ethernet header. This allows for
144custom header offsets to be accounted for.
145
146-t seconds
147Specify the host statistics display interval in seconds when running in
148rate statistics mode (-s). Defaults to 5 seconds.
149
150-u user
151Specify an alternate user to take ownership of the process and any output
152files. You will need root privileges to do this; it will switch to the new
153user after initialization.
154
155'expression'
156Specify a bpf-style capture filter, overriding the default. Here are a few
157basic examples, starting with the default filter:
158
159 'tcp port 80 or 8080'
160 'tcp dst port 80'
161 'tcp dst port 80 and src host 192.168.1.1'
162
163These filters will capture all web traffic both directions on two common
164ports, capture only requests made to port 80, and capture requests to port
16580 by a particular host, respectively. See 'man tcpdump' for further
166information on the syntax and available primitives.
167
168
169--{ KNOWN ISSUES }--
170
171It is worth noting that httpry is rather naive when it comes to parsing HTTP
172packets. It does not perform any reordering or reassembly of packets and
173simply searches the start of each packet for HTTP data and ignores the packet
174if it does not find valid data. HTTP packets that are fragmented within the
175request/response line will be parsed to the end of the packet and any header
176data present in subsequent packets will not be parsed.
177