httpry is a specialized packet sniffer designed for displaying and logging HTTP traffic. It is not intended to perform analysis itself, but instead to capture, parse, and log the traffic for later analysis. It can be run in real-time displaying the live traffic on the wire, or as a daemon process that logs to an output file. It is written to be as lightweight and flexible as possible, so that it can be easily adaptable to different applications. It does not display the raw HTTP data transferred, but instead focuses on parsing and displaying the request/response line along with associated header fields.
|Tags||Security Networking Monitoring Systems Administration Internet Web|
|Operating Systems||Mac OS X POSIX BSD Linux|
Release Notes: The latest release adds a number of useful features and tweaks. VLAN tagged packets are now handled, and the PPP link type is supported. There's a new option available for specifying a custom ethernet header offset. Packet parsing is also improved with better handling of partial headers and a non-zero read timeout for live captures.
Release Notes: This release brings substantial improvements to some existing features. First, IPv6 parsing can now follow extension headers that are present in the captured packets. Second, the rate statistics code has been substantially overhauled to handle an arbitrary number of hosts, along with a couple of additional switches for controlling behavior. Additionally, this release fixes compiling on Mac OS X and adds an optional switch to specify the PID filename.
Release Notes: Several new features have been added with this release. The first is IPv6 support, which has been one of the most requested new features. Second, there is a new HTTP rate statistics mode that shows the requests per second for active hosts. Additionally, a new switch was added to manually disable output buffering as necessary.
Release Notes: This release adds SIGHUP handling for gracefully reopening output files and defaults output files to line buffering. Additionally, there is a new binary pcap dump file option, and "source-port" and "dest-port" were added as available output fields. Within the log parsing scripts, plugins can now include a list() function that allows them to specify required fields in the input file. The content analysis plugin was substantially rewritten to use a sliding window to evaluate flows instead of time delimiting them and the search terms plugin was updated for accuracy and performance.
Release Notes: The program now parses all standard request methods by default, and has a new -m switch to allow the selection of which methods to parse. There are also a number of less visible improvements to make the structure and output more consistent. Two new plugins were added to the included log parser to provide additional options and examples.