顯示和記錄HTTP流量的工具:httpry
httpry是專為顯示和記錄HTTP流量而設計的工具。它不是旨在進行分析本身,而是可以捕獲,分析和/或記錄流量供以后分析。它可以實時地運行展示線上實時流量,或作為守護進程記錄到輸出文件中。它盡可能寫得輕巧和靈活,這樣, 它可以很容易地適應于不同的應用。它不顯示 原始的HTTP數據傳輸,而是著重于分析和顯示 請求/響應線以及相關的報頭字段。
"那這個工具有什么用呢?" 以下是一些應用的場景:> 看看用戶在你的網絡上在線瀏覽什么 > 檢查是否正確的服務器配置 (or improper, as the case may be) > 在HTTP中使用模式的研究 > 關注危險下載的文件 > 驗證HTTP策略在網絡上的實施 > 提取的HTTP統計輸出保存在捕捉文件 > It's just plain fun to watch in realtime</pre>用法:
Running httpry with no options will cause it to listen on the first network device and output to the console with some sane defaults. The -h switch will print out an abbreviated description of the available options to change the defaults. This section describes these options in greater detail.httpry [ -dFhpqs ] [ -b file ] [ -f format ] [ -i device ] [ -l threshold ] [ -m methods ] [ -n count ] [ -o file ] [ -P file ] [ -r file ] [ -S bytes ] [ -t seconds ] [ -u user ] [ 'expression' ]
-b file Write all processed HTTP packets to a binary pcap dump file. Useful for further analysis of logged data.
-d Run the program as a daemon process. All program status output will be sent to syslog. A pid file is created for the process in /var/run/httpry.pid by default. Requires an output file specified with -o.
-f format Provide a comma-delimited string specifying the parsed HTTP data to output. See the doc/format-string file for further information regarding available options and syntax.
-F Disable all output buffering. This may be helpful when piping httpry output into another program.
-h Display a brief summary of these options.
-i device Specify an ethernet interface for the program to listen on. If not specified, the program will poll the system for a list of interfaces and select the first one found.
-l threshold Specify a requests per second rate threshold value when running in rate statistics mode (-s). Only hosts with a rps value greater than or equal to this number will be displayed. Defaults to 1.
-m methods Provide a comma-delimited string that specifies the request methods to parse. The program defaults to parsing all of the standard RFC2616 method strings if this option is not set. See the doc/method-string file for more information.
-n count Parse this number of HTTP packets and then exit. Defaults to 0, which means loop forever.
-o file Specify an output file for writing parsed packet data.
-p Do not put the NIC in promiscuous mode on startup. Note that the NIC could already be in that mode for another reason.
-P file Specify a path and filename for creating the PID file in daemon mode.
-q Suppress non-critical output (startup banner, statistics, etc.).
-r file Provide an input capture file to read from instead of performing a live capture. This option does not require root privileges.
-s Run httpry in an HTTP request per second display mode. This periodically displays the rate per active host and total rate at a specified interval.
-S Specify a number of bytes to skip in the ethernet header. This allows for custom header offsets to be accounted for.
-t seconds Specify the host statistics display interval in seconds when running in rate statistics mode (-s). Defaults to 5 seconds.
-u user Specify an alternate user to take ownership of the process and any output files. You will need root privileges to do this; it will switch to the new user after initialization.
'expression' Specify a bpf-style capture filter, overriding the default. Here are a few basic examples, starting with the default filter:
'tcp port 80 or 8080' 'tcp dst port 80' 'tcp dst port 80 and src host 192.168.1.1'</pre>