3

My overall goal is to not interrupt a production system while capturing HTTP Posts to a web application so that I can reverse engineer the telemetry coming from a closed application. I have control over the transmitter of the HTTP Posts but not the receiving web application.

It seems like I need a request "forking" proxy. Sort of a reverse proxy that pushes the request to 2 endpoints, a master and slave, only relaying the response from the master endpoint back to the requester. I am not a server geek so something like this may exist but I don't know the term of art for what I am looking for.

Another possibility could be a simple logging proxy. Capture a log of the web requests. Rewrite the log to target my "slave" web application. Playback the log with curl or something.

Thank you for your assistance.

KevM
  • 153
  • 1
  • 6

5 Answers5

2

Try burpsuite. BurpSuite

The free version will allow you to proxy requests/responses. You can then modify and replay these. The pro version gives you some nice scanning tools.

Check the free version and see if it will work for you.

jimm101
  • 133
  • 5
sxw123
  • 61
  • 3
2

Three more options:

Browser add-ons: Postman for Chrome or RESTClient for Firefox, those allows you to replay requests.

As desktop app, a very powerful one is Fiddler for Windows, also available for Linux/Mac (alpha) under Mono framework.

Juanga Covas
  • 191
  • 1
  • 2
1

wireshark, ettercap, tcpdump and snort come to mind. Almost any libpcap application will do it. You might try freshmeat.net or sourceforge.net to look for packet capture applications. I am sure someone has developed something that would allow you to do a WWW Replay/Analysis.

If you can control the source, you could even put a router between that would allow you to capture the traffic. This is how a Man in the Middle Attack works.

However, short of writing some complex rules with snort, I'm not sure how easily you'll get the data you're looking for. tcpdump can write to files for each 'transaction', but, you still need to do a bit of decoding of the resulting files.

Any solution will likely be problematic if the POST machine uses https://

karmawhore
  • 3,865
  • 18
  • 9
1

Where I work we have been doing a lot with the Go programming language lately and this tool https://github.com/buger/gor looks like it is exactly what you are looking for. It is easy to use, open source and plays nice with almost anything. However this is only one of the multitude of solutions that exist out there and if you look around you will probably find something better suited to your stack.

Noah Heil
  • 11
  • 1
  • Could you add a bit of information on how to use `gor` to address the problem in the question. (And the first half sentence mentioning what you have been doing with Go is hardly relevant to the question.) – kasperd Aug 03 '16 at 07:52
0

If you want to resend/playback captured requests from a browser then you need to enter Web developer mode in the browser and view network requests. Then right click on the request of interest and, in most modern browsers, there is an option to Copy as cURL after which you can then paste the resulting command into a terminal and rerun the captured command as you see fit using the curl tool. Some browsers (e.g. Mozilla) also offer the option to edit and resend from within the browser.

Pierz
  • 623
  • 8
  • 9