Packet capture and analysis utility similar to tcpdump for HTTP
C++ C Makefile
Switch branches/tags
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.

README.md

httpflow

Build Status

Installation

MacOs

brew update
brew install httpflow

Linux

## On CentOS
yum update
yum install libpcap-devel zlib-devel pcre-devel

## On Ubuntu / Debian
apt-get update
apt-get install libpcap-dev zlib1g-dev libpcre3 libpcre3-dev
  • Building httpflow
> git clone https://github.com/six-ddc/httpflow
> cd httpflow &&  make && make install

or directly download Release binary file.

Usage

libpcap version libpcap version 1.8.1 -- Apple version 67.60.1
httpflow version 0.0.5

Usage: httpflow [-i interface | -r pcap-file] [-f packet-filter] [-u url-filter] [-w output-path]

  -i interface      Listen on interface
  -r pcap-file      Read packets from file (which was created by tcpdump with the -w option)
                    Standard input is used if file is '-'
  -f packet-filter  Selects which packets will be dumped
                    If filter expression is given, only packets for which expression is 'true' will be dumped
                    For the expression syntax, see pcap-filter(7)
  -u url-filter     Matches which urls will be dumped
  -w output-path    Write the http request and response to a specific directory

  For more information, see https://github.com/six-ddc/httpflow

  • Capture default interface
> httpflow
  • Capture all interfaces
> httpflow -i any
  • Use the expression to filter the capture results
# If no expression is given, all packets on the net will be dumped.
# For the expression syntax, see pcap-filter(7).
> httpflow -f 'tcp port 80 and host baidu.com'
  • Use the regexp to filter request urls
> httpflow -u '(google.com|httpbin.org)/.*/get'
  • Read packets from file
# tcpdump -w a.cap
> httpflow -r a.cap
  • Read packets from input
> tcpdump -w - | httpflow -r -