This repository has been archived by the owner. It is now read-only.

/coiltap

Use RAW sockets to capture HTTP traffic for analytics
  1. Go 100.0%
Switch branches/tags
Nothing to show
Find file
Clone or download

Clone with HTTPS

Use Git or checkout with SVN using the web URL.

Open in Desktop Download ZIP

Launching GitHub Desktop...

If nothing happens, download GitHub Desktop and try again.

Launching GitHub Desktop...

If nothing happens, download GitHub Desktop and try again.

Launching Xcode...

If nothing happens, download Xcode and try again.

Launching Visual Studio...

If nothing happens, download the GitHub extension for Visual Studio and try again.

Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
.gitignore
LICENSE
Makefile
README.md
elastic.go
main.go
pcap.go

README.md

Coiltap

Coiltap uses libpcap to capture HTTP traffic to and from a local port, storing the results in ElasticSearch.

Usage

coiltap -p 80 -i eth0 http://localhost:9200/requests

Development

Coiltap doesn't currently work on Vagrant. I'm not sure, but something to do with the type of packets that are returned on localhost.

You'll need both Bison and Flex installed. On Ubuntu

sudo apt-get install yacc flex

Interface

// For non-encrypted traffic, use
c := SniffHTTP(int port)

// For encrypt traffic, use
c := SniffHTTPS(int port, certFile string, keyFile string)

select {
case p := <- c.Pairs:
  // The full HTTP request
  log.Println("%+v", p.Request)

  // The full HTTP response
  log.Println("%+v", p.Response)

  // Timing contains the following information
  // - Total
  // - Blocked
  // - DNSResolving
  // - Connecting
  // - Sending
  // - Waiting
  // - Receiving
  log.Println("%+v", p.Timing)
}