A specialized packet sniffer designed for displaying and logging HTTP traffic
Perl C Other
Switch branches/tags
Nothing to show
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.


                        _     _   _
                       | |   | | | |
                       | |__ | |_| |_ _ __  _ __ _   _
                       | '_ \| __| __| '_ \| '__| | | |
                       | | | | |_| |_| |_) | |  | |_| |
                       |_| |_|\__|\__| .__/|_|   \__, |
                                     | |          __/ |
                                     |_|         |___/

                  HTTP logging and information retrieval tool
                                 version 0.1.5

         Copyright (c) 2005-2009 Jason Bittel <jason.bittel@gmail.com>

                For further information about the program, see:

       For modification and redistribution information, see COPYING file

--{ ABOUT }--

httpry is a tool designed for displaying and logging HTTP traffic. It is not
intended to perform analysis itself, but instead to capture, parse and/or
log the traffic for later analysis. It can be run in real-time displaying
the live traffic on the wire, or as a daemon process that logs to an output
file. It is written to be as lightweight and flexible as possible, so that
it can be easily adaptable to different applications. It does not display
the raw HTTP data transferred, but instead focuses on parsing and displaying
the request/response line along with associated header fields.

"How is this tool useful?" you may ask. Here's just a few ideas:

 > See what users on your network are browsing online
 > Check for proper server configuration (or improper, as the case may be)
 > Research patterns in HTTP usage
 > Watch for dangerous downloaded files
 > Verify the enforcement of HTTP policy on your network
 > Extract HTTP statistics out of saved capture files
 > It's just plain fun to watch in realtime

In addition to the core program, there are several Perl scripts included
for processing httpry log files. They should be useful for a number of
generic situations, and can serve as a useful starting point for your own
log parsing toolset. More information about these scripts can be found in
the doc/perl-tools file.


httpry should compile on almost any *nix based OS with a relatively recent
version of libpcap (specifically tested against 0.9.4 and newer). To compile
and install, run these commands in the base httpry directory:

 $ make
 # make install

which compiles the program and copies the binary and man page to their
appropriate locations. You can run the binary from the compilation directory
if you don't want to install it. To uninstall the program, run:

 # make uninstall

from the installation directory, or manually delete the executable and man

--{ USAGE }--

Running the program with the -h switch will print out an abbreviated
description of the available options. This section describes these options
in greater detail.

httpry [ -dhpq ] [ -b file ] [ -f format ] [ -i device ] [-m methods ]
       [ -n count ] [ -o file ] [ -r file ] [ -u user ] [ 'expression' ]

-b file
Write all processed HTTP packets to a binary pcap dump file. Useful for
further analysis of logged data.

Run the program as a daemon process. All program status output will be sent
to syslog. A pid file is created for the process in /var/run/httpry.pid by
default. Requires an output file specified with -o.

-f format
Provide a comma-delimited string specifying the parsed HTTP data to output.
See the doc/format-string file for further information regarding available
options and syntax.

Display a brief summary of these options.

-i device
Specify an ethernet interface for the program to listen on. If not specified,
the program will poll the system for a list of interfaces and select the
first one found.

-m methods
Provide a comma-delimited string that specifies the request methods to parse.
The program defaults to parsing all of the standard RFC2616 method strings if
this option is not set. See the doc/method-string file for more information.

-n count
Parse this number of HTTP packets and then exit. Defaults to 0, which means
loop forever.

-o file
Specify an output file for writing parsed packet data.

Do not put the NIC in promiscuous mode on startup. Note that the NIC could
already be in that mode for another reason.

Suppress non-critical output (startup banner, statistics, etc.).

-r file
Provide an input capture file to read from instead of performing
a live capture. This option does not require root privileges.

-u user
Specify an alternate user to take ownership of the process and any output
files. You will need root privileges to do this; it will switch to the new
user after initialization.

Specify a bpf-style capture filter, overriding the default. Here are a few
basic examples, starting with the default filter:

 'tcp port 80 or 8080'
 'tcp dst port 80'
 'tcp dst port 80 and src host'

These filters will capture all web traffic both directions on two common
ports, capture only requests made to port 80, and capture requests to port
80 by a particular host, respectively. See 'man tcpdump' for further
information on the syntax and available primitives.