10

I need something that can intercept HTTP requests, extract their information (content, destination,...), perform various analysing tasks, and finally determine if the request should be dropped or not. Legal requests must than be forwarded to the application.

Basically, same functionalities as an IDS. But mind, I am NOT looking for a packet sniffer/filter. I want something that operates on the HTTP level.

It should be implementable on linux and run on the same system as the application(s) to which the requests are headed.

As a bonus, https could be supported (unencrypted viewing of the request content)

Thomas
  • 2,070
  • 3
  • 16
  • 21
  • You're probably going to have to sniff packets and sort out the HTTP ones... http://stackoverflow.com/questions/3798733/how-do-i-programatically-collect-packets-from-passively-sniffing – gsgx Feb 17 '13 at 19:30
  • HTTP request can come in multiple packets, right? – Thomas Feb 17 '13 at 19:35

7 Answers7

14

Try mitmproxy.

  • mitmproxy is an SSL-capable man-in-the-middle proxy for HTTP. It provides a console interface that allows traffic flows to be inspected and edited on the fly.

  • mitmdump is the command-line version of mitmproxy, with the same functionality but without the user interface. Think tcpdump for HTTP.

Features

  • Intercept HTTP requests and responses and modify them on the fly.
  • Save complete HTTP conversations for later replay and analysis.
  • Replay the client-side of an HTTP conversations.
  • Replay HTTP responses of a previously recorded server.
  • Reverse proxy mode to forward traffic to a specified server.
  • Make scripted changes to HTTP traffic using Python.
  • SSL certificates for interception are generated on the fly.

Screenshot

enter image description here

Example

I setup an example Jekyll Bootstrap app which is listening on port 4000 on my localhost. To intercept it's traffic I'd do the following:

% mitmproxy --mode reverse:http://localhost:4000 -p 4001

Then connect to my mitmproxy on port 4001 from my web browser (http://localhost:4001), resulting in this in mitmproxy:

ss of mitmproxy w/ JB #1

You can then select any of the GET results to see the header info associated to that GET:

ss of mitmproxy w/ JB #2

Community
  • 1
  • 1
slm
  • 15,396
  • 12
  • 109
  • 124
3

Try using Burp Proxy, sounds like what you need.

Dana Ezer
  • 61
  • 7
2

I use Wire Shark for this, if you provide all the server certs it wil even decypt HTTPS.

Boris the Spider
  • 59,842
  • 6
  • 106
  • 166
1

You should be able to use squid proxy for that (https://en.wikipedia.org/wiki/Squid_(software))

Srdjan Grubor
  • 2,605
  • 15
  • 17
0

You should learn more about ICAP, then make an ICAP server of your HTTP filtering application.

Basile Starynkevitch
  • 223,805
  • 18
  • 296
  • 547
0

Why not Apache HTTP Client http://hc.apache.org/httpclient-legacy/tutorial.html This simple lib is useful.

slm
  • 15,396
  • 12
  • 109
  • 124
Fred
  • 116
  • 6
0

I ended up using LittleProxy because it is java, fast and lightweight. It is a originally forward proxy, so I had to adjust it for reverse proxy functionality by forwarding every request to the local host. I did this simply by editing the HttpRequestHandler. I hardcoded the host and port address.

hostAndPort = "localhost:80";
Thomas
  • 2,070
  • 3
  • 16
  • 21