Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Intercept HTTP requests on linux

Tags:

java

linux

http

https

I need something that can intercept HTTP requests, extract their information (content, destination,...), perform various analysing tasks, and finally determine if the request should be dropped or not. Legal requests must than be forwarded to the application.

Basically, same functionalities as an IDS. But mind, I am NOT looking for a packet sniffer/filter. I want something that operates on the HTTP level.

It should be implementable on linux and run on the same system as the application(s) to which the requests are headed.

As a bonus, https could be supported (unencrypted viewing of the request content)

like image 767
Thomas Avatar asked Feb 17 '13 19:02

Thomas

People also ask

Can HTTP traffic be intercepted?

HTTP traffic passing through the proxy server can be intercepted. An intercepted request or response means the roundtrip is halted by the server, awaiting manual action. Stalled requests/responses can be inspected and (optionally) edited, before letting them continue to be sent/received.

What website can be used to catch HTTP requests from a server?

You can use RequestBin to create a public endpoint to receive and inspect HTTP requests from any source, and easily inspect the headers, payload and more.

4 Answers

Try mitmproxy.

  • mitmproxy is an SSL-capable man-in-the-middle proxy for HTTP. It provides a console interface that allows traffic flows to be inspected and edited on the fly.

  • mitmdump is the command-line version of mitmproxy, with the same functionality but without the user interface. Think tcpdump for HTTP.

Features

  • Intercept HTTP requests and responses and modify them on the fly.
  • Save complete HTTP conversations for later replay and analysis.
  • Replay the client-side of an HTTP conversations.
  • Replay HTTP responses of a previously recorded server.
  • Reverse proxy mode to forward traffic to a specified server.
  • Make scripted changes to HTTP traffic using Python.
  • SSL certificates for interception are generated on the fly.

Screenshot

enter image description here

Example

I setup an example Jekyll Bootstrap app which is listening on port 4000 on my localhost. To intercept it's traffic I'd do the following:

% mitmproxy --mode reverse:http://localhost:4000 -p 4001

Then connect to my mitmproxy on port 4001 from my web browser (http://localhost:4001), resulting in this in mitmproxy:

ss of mitmproxy w/ JB #1

You can then select any of the GET results to see the header info associated to that GET:

ss of mitmproxy w/ JB #2

like image 142
slm Avatar answered Sep 22 '22 02:09

slm

Try using Burp Proxy, sounds like what you need.

like image 34
Dana Ezer Avatar answered Sep 21 '22 02:09

Dana Ezer

I use Wire Shark for this, if you provide all the server certs it wil even decypt HTTPS.

like image 28
Boris the Spider Avatar answered Sep 23 '22 02:09

Boris the Spider

You should be able to use squid proxy for that (https://en.wikipedia.org/wiki/Squid_(software))

like image 37
Srdjan Grubor Avatar answered Sep 20 '22 02:09

Srdjan Grubor
Sign in to Comment

Related questions

DefaultListModel in Java
Concept Behind Static classes in Java
java.lang.StackOverflowError when persisting an object jpa
Why can't I access a variable declared in a class, which implements a Java interface, from Scala?
Invalid Entry Compressed Size
Duplicate text in <p:messages> summary and detail
Spring/Java Mail: The FROM address is being ignored
println does not print the expected value
How to write array to OutputStream in Java?
A suitable pattern instead of returning nulls
How to specify frontend for wsdl2java in a pom.xml?
How to properly hide a JFrame
FileNotFoundException with Universal Image Loader
Basic Authentication with RestTemplate (3.1)
Convert a JPanel to an image in a JScrollPane
Modern Java Annotation Processing
Does the JVM swap the heap?
How to determine last element when using an iterator?
How can I detect whether a Mac has a Retina display from Java?
How to implement screens sharing for web application? [closed]

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!