https://github.com/six-ddc/httpflow

A command line utility helps to capture and dump HTTP stream
https://github.com/six-ddc/httpflow

capture http pcap-files tcpdump traffic-analysis

Last synced: 16 days ago
JSON representation

A command line utility helps to capture and dump HTTP stream

• Host: GitHub
• URL: https://github.com/six-ddc/httpflow
• Owner: six-ddc
• License: mit
• Created: 2017-02-23T15:59:01.000Z (over 7 years ago)
• Default Branch: master
• Last Pushed: 2023-09-21T18:19:53.000Z (about 1 year ago)
• Last Synced: 2024-10-02T07:38:18.096Z (about 1 month ago)
• Topics: capture, http, pcap-files, tcpdump, traffic-analysis
• Language: C++
• Homepage:
• Size: 11.7 MB
• Stars: 678
• Watchers: 25
• Forks: 80
• Open Issues: 5
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

        
# httpflow

[![Build Status](https://travis-ci.org/six-ddc/httpflow.svg?branch=master)](https://travis-ci.org/six-ddc/httpflow)

[![asciicast](https://asciinema.org/a/scdzwLDNytSPHtpbu1ECSv5FV.svg)](https://asciinema.org/a/scdzwLDNytSPHtpbu1ECSv5FV)

## Installation

### MacOs

```bash

brew update

brew install httpflow

```

### Linux

* Install [zlib](http://www.zlib.net/), [pcap](http://www.tcpdump.org/), [pcre](http://pcre.org/)

```bash

## On CentOS

yum update

yum install libpcap-devel zlib-devel pcre-devel

## On Ubuntu / Debian

apt-get update

apt-get install libpcap-dev zlib1g-dev libpcre3 libpcre3-dev

```

* Building httpflow

```bash

> git clone https://github.com/six-ddc/httpflow

> cd httpflow &&  make && make install

```

or directly download [Release](https://github.com/six-ddc/httpflow/releases) binary file.

## Usage

```

libpcap version libpcap version 1.9.1

httpflow version 0.0.9

Usage: httpflow [-i interface | -r pcap-file] [-u url-filter] [-w output-path] [expression]

  -i interface      Listen on interface, This is same as tcpdump 'interface'

  -r pcap-file      Read packets from file (which was created by tcpdump with the -w option)

                    Standard input is used if file is '-'

  -u url-filter     Matches which urls will be dumped

  -w output-path    Write the http request and response to a specific directory

  expression        Selects which packets will be dumped, The format is the same as tcpdump's 'expression' argument

                    If filter expression is given, only packets for which expression is 'true' will be dumped

                    For the expression syntax, see pcap-filter(7)

  For more information, see https://github.com/six-ddc/httpflow

```

* Capture default interface

```bash

> httpflow

```

* Capture all interfaces

```bash

> httpflow -i any

```

* Use the expression to filter the capture results

```bash

# If no expression is given, all packets on the net will be dumped.

# For the expression syntax, see pcap-filter(7).

> httpflow host httpbin.org or host baidu.com

```

* Use the regexp to filter request urls

```bash

> httpflow -u '/user/[0-9]+'

```

* Read packets from pcap-file

```bash

# tcpdump -w a.cap

> httpflow -r a.cap

```

* Read packets from input

```bash

> tcpdump -w - | httpflow -r -

```

* Write the HTTP request and response to directory `/tmp/http`

```bash

> httpflow -w /tmp/http

```