CODEWITHSUNDEEP
javalinuxhttphttps
Thomas
Thomas

Reputation: 2070

Intercept HTTP requests on linux

I need something that can intercept HTTP requests, extract their information (content, destination,...), perform various analysing tasks, and finally determine if the request should be dropped or not. Legal requests must than be forwarded to the application.

Basically, same functionalities as an IDS. But mind, I am NOT looking for a packet sniffer/filter. I want something that operates on the HTTP level.

It should be implementable on linux and run on the same system as the application(s) to which the requests are headed.

As a bonus, https could be supported (unencrypted viewing of the request content)

Upvotes: 10

Views: 25648

Answers (7)

slm
slm

Reputation: 16416

Try mitmproxy.

  • mitmproxy is an SSL-capable man-in-the-middle proxy for HTTP. It provides a console interface that allows traffic flows to be inspected and edited on the fly.

  • mitmdump is the command-line version of mitmproxy, with the same functionality but without the user interface. Think tcpdump for HTTP.

Features

  • Intercept HTTP requests and responses and modify them on the fly.
  • Save complete HTTP conversations for later replay and analysis.
  • Replay the client-side of an HTTP conversations.
  • Replay HTTP responses of a previously recorded server.
  • Reverse proxy mode to forward traffic to a specified server.
  • Make scripted changes to HTTP traffic using Python.
  • SSL certificates for interception are generated on the fly.

Screenshot

enter image description here

Example

I setup an example Jekyll Bootstrap app which is listening on port 4000 on my localhost. To intercept it's traffic I'd do the following:

% mitmproxy --mode reverse:http://localhost:4000 -p 4001

Then connect to my mitmproxy on port 4001 from my web browser (http://localhost:4001), resulting in this in mitmproxy:

ss of mitmproxy w/ JB #1

You can then select any of the GET results to see the header info associated to that GET:

ss of mitmproxy w/ JB #2

Upvotes: 16

Dana Ezer
Dana Ezer

Reputation: 61

Try using Burp Proxy, sounds like what you need.

Upvotes: 3

Fred
Fred

Reputation: 114

Why not Apache HTTP Client http://hc.apache.org/httpclient-legacy/tutorial.html This simple lib is useful.

Upvotes: 0

Thomas
Thomas

Reputation: 2070

I ended up using LittleProxy because it is java, fast and lightweight. It is a originally forward proxy, so I had to adjust it for reverse proxy functionality by forwarding every request to the local host. I did this simply by editing the HttpRequestHandler. I hardcoded the host and port address.

hostAndPort = "localhost:80";

Upvotes: 0

Boris the Spider
Boris the Spider

Reputation: 61148

I use Wire Shark for this, if you provide all the server certs it wil even decypt HTTPS.

Upvotes: 2

Basile Starynkevitch
Basile Starynkevitch

Reputation: 1

You should learn more about ICAP, then make an ICAP server of your HTTP filtering application.

Upvotes: 0

Srdjan Grubor
Srdjan Grubor

Reputation: 2675

You should be able to use squid proxy for that (https://en.wikipedia.org/wiki/Squid_(software))

Upvotes: 1

Related Questions