Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Intercept HTTP requests on linux

I need something that can intercept HTTP requests, extract their information (content, destination,...), perform various analysing tasks, and finally determine if the request should be dropped or not. Legal requests must than be forwarded to the application.

Basically, same functionalities as an IDS. But mind, I am NOT looking for a packet sniffer/filter. I want something that operates on the HTTP level.

It should be implementable on linux and run on the same system as the application(s) to which the requests are headed.

As a bonus, https could be supported (unencrypted viewing of the request content)

like image 767
Thomas Avatar asked Feb 17 '13 19:02

Thomas


People also ask

Can HTTP traffic be intercepted?

HTTP traffic passing through the proxy server can be intercepted. An intercepted request or response means the roundtrip is halted by the server, awaiting manual action. Stalled requests/responses can be inspected and (optionally) edited, before letting them continue to be sent/received.

What website can be used to catch HTTP requests from a server?

You can use RequestBin to create a public endpoint to receive and inspect HTTP requests from any source, and easily inspect the headers, payload and more.


4 Answers

Try mitmproxy.

  • mitmproxy is an SSL-capable man-in-the-middle proxy for HTTP. It provides a console interface that allows traffic flows to be inspected and edited on the fly.

  • mitmdump is the command-line version of mitmproxy, with the same functionality but without the user interface. Think tcpdump for HTTP.

Features

  • Intercept HTTP requests and responses and modify them on the fly.
  • Save complete HTTP conversations for later replay and analysis.
  • Replay the client-side of an HTTP conversations.
  • Replay HTTP responses of a previously recorded server.
  • Reverse proxy mode to forward traffic to a specified server.
  • Make scripted changes to HTTP traffic using Python.
  • SSL certificates for interception are generated on the fly.

Screenshot

enter image description here

Example

I setup an example Jekyll Bootstrap app which is listening on port 4000 on my localhost. To intercept it's traffic I'd do the following:

% mitmproxy --mode reverse:http://localhost:4000 -p 4001

Then connect to my mitmproxy on port 4001 from my web browser (http://localhost:4001), resulting in this in mitmproxy:

ss of mitmproxy w/ JB #1

You can then select any of the GET results to see the header info associated to that GET:

ss of mitmproxy w/ JB #2

like image 142
slm Avatar answered Sep 22 '22 02:09

slm


Try using Burp Proxy, sounds like what you need.

like image 34
Dana Ezer Avatar answered Sep 21 '22 02:09

Dana Ezer


I use Wire Shark for this, if you provide all the server certs it wil even decypt HTTPS.

like image 28
Boris the Spider Avatar answered Sep 23 '22 02:09

Boris the Spider


You should be able to use squid proxy for that (https://en.wikipedia.org/wiki/Squid_(software))

like image 37
Srdjan Grubor Avatar answered Sep 20 '22 02:09

Srdjan Grubor