httpry是一個專業的封包嗅探器,用C語言開發的用來用於顯示和記錄HTTP流量。此工具不會進行自身分析,而是用來捕獲、分析、並記錄流量。
它可以作爲一個後臺進程記錄實時流量並輸出到文件,由於具有輕型和靈活的特性,所以它可以很容易適應不同的應用程序。它不顯示原始HTTP傳輸的數據,而是着重解析和顯示相關數據字段的請求和響應行。
應用場景
查看用戶在你的網絡上在線瀏覽的內容
檢查是否正確的服務器配置
在HTTP中使用模式的研究
關注危險下載的文件
驗證HTTP策略在網絡上的實施
提取的HTTP統計輸出保存在捕捉文件
項目地址: http://dumpsterventures.com/jason/httpry/
安裝httpry
通過包安裝
CentOS/RHEL
$ yum install epel-release #安裝EPEL repo
$ yum install httpry
Debian/Ubuntu
$ apt-get install httpry httpry-tools httpry-daemon
編譯安裝
安裝依賴包
CentOS/RHEL
$ yum install wget gcc make libpcap libpcap-devel
Debian/Ubuntu
$ apt-get install wget gcc make git libpcap0.8-dev
編譯httpry
創建相關數據目錄
$ mkdir -p /usr/local/man/man1
$ mkdir -p /usr/man/man1/
編譯httpry
$ wget http://dumpsterventures.com/jason/httpry/httpry-0.1.8.tar.gz
$ tar zvxf httpry-0.1.8.tar.gz
$ cd httpry-0.1.8
$ make
$ make install
$ mkdir /usr/local/share/httpry-0.1.8
$ mv doc scripts $_
httpry用法
$ httpry -h
httpry version 0.1.8 -- HTTP logging and information retrieval tool
Copyright (c) 2005-2014 Jason Bittel <[email protected]>
Usage: httpry [ -dFhpqs ] [-b file ] [ -f format ] [ -i device ] [ -l threshold ]
[ -m methods ] [ -n count ] [ -o file ] [ -P file ] [ -r file ]
[ -t seconds] [ -u user ] [ 'expression' ]
-b file write HTTP packets to a binary dump file
-d run as daemon
-f format specify output format string
-F force output flush
-h print this help information
-i device listen on this interface
-l threshold specify a rps threshold for rate statistics
-m methods specify request methods to parse
-n count set number of HTTP packets to parse
-o file write output to a file
-p disable promiscuous mode
-P file use custom PID filename when running in daemon mode
-q suppress non-critical output
-r file read packets from input file
-s run in HTTP requests per second mode
-t seconds specify the display interval for rate statistics
-u user set process owner
expression specify a bpf-style capture filter
Additional information can be found at:
http://dumpsterventures.com/jason/httpry
httpry使用實例
監聽指定的網絡接口,並且實時顯示捕獲到的HTTP請求與響應的包
$ httpry -i eth0
httpry version 0.1.8 -- HTTP logging and information retrieval tool
Copyright (c) 2005-2014 Jason Bittel <[email protected]>
Starting capture on eth0 interface
2016-05-25 13:24:25 192.168.119.100 23.91.98.188 > GET hi-linux.com /2016/05/16/Linux%E5%91%BD%E4%BB%A4%E8%A1%8C%E5%AD%A6%E4%B9%A0%E7%A5%9E%E5%99%A8tldr/ HTTP/1.1 - -
2016-05-25 13:24:25 23.91.98.188 192.168.119.100 < - - - HTTP/1.1 200 OK
2016-05-25 13:24:58 192.168.119.100 23.91.98.188 > HEAD www.hi-linux.com / HTTP/1.0 - -
2016-05-25 13:24:58 23.91.98.188 192.168.119.100 < - - - HTTP/1.1 200 OK
2016-05-25 13:24:59 192.168.119.100 23.91.98.188 > HEAD www.hi-linux.com / HTTP/1.0 - -
2016-05-25 13:24:59 23.91.98.188 192.168.119.100 < - - - HTTP/1.1 200 OK
2016-05-25 13:25:00 192.168.119.100 23.91.98.188 > HEAD www.hi-linux.com / HTTP/1.0 - -
2016-05-25 13:25:00 23.91.98.188 192.168.119.100 < - - - HTTP/1.1 200 OK
^CCaught SIGINT, shutting down...
92 packets received, 0 packets dropped, 8 http packets parsed
87.6 packets/min, 7.6 http packets/min
使用-b
或-o
選項保存數據包。-b
選項將數據包以二進制文件的形式保存下來,這樣可以使用httpry軟件打開文件以瀏覽。另一方面,-o
選項將數據以可讀的字符文件形式保存下來。
以二進制形式保存文件
$ httpry -i eth0 -b output.dump
瀏覽所保存的HTTP數據包文件
$ httpry -r output.dump
注意:不需要根用戶權限就可以使用-r
選項讀取數據文件。
將httpry數據以字符文件保存
$ httpry -i eth0 -o /tmp/output.txt
想監視指定的HTTP方法(如:GET,POST,PUT,HEAD,CONNECT等),使用-m
選項
$ httpry -i eth0 -m get,head
httpry version 0.1.8 -- HTTP logging and information retrieval tool
Copyright (c) 2005-2014 Jason Bittel <[email protected]>
Starting capture on eth0 interface
2016-05-25 13:30:57 192.168.119.100 23.91.98.188 > HEAD www.hi-linux.com / HTTP/1.0 - -
2016-05-25 13:30:57 23.91.98.188 192.168.119.100 < - - - HTTP/1.1 200 OK
2016-05-25 13:30:58 192.168.119.100 23.91.98.188 > HEAD www.hi-linux.com / HTTP/1.0 - -
2016-05-25 13:30:58 23.91.98.188 192.168.119.100 < - - - HTTP/1.1 200 OK
2016-05-25 13:30:59 192.168.119.100 23.91.98.188 > HEAD www.hi-linux.com / HTTP/1.0 - -
2016-05-25 13:30:59 23.91.98.188 192.168.119.100 < - - - HTTP/1.1 200 OK
2016-05-25 13:31:09 192.168.119.100 23.91.98.188 > GET hi-linux.com /2016/05/16/Linux%E5%91%BD%E4%BB%A4%E8%A1%8C%E5%AD%A6%E4%B9%A0%E7%A5%9E%E5%99%A8tldr/ HTTP/1.1 - -
2016-05-25 13:31:09 23.91.98.188 192.168.119.100 < - - - HTTP/1.1 200 OK
^CCaught SIGINT, shutting down...
130 packets received, 0 packets dropped, 16 http packets parsed
185.7 packets/min, 22.9 http packets/min
分析httpry記錄
如果是編譯安裝,有一個perl腳本用來幫助我們分析httpry輸出。該腳本在/usr/local/share/httpry-0.1.8/scripts/
目錄下。 該腳本功能有
hostname : 顯示一些列唯一主機名
find_proxies:檢測web代理
search_terms:查找並計算在搜索服務中輸入搜索詞
content_analysis:查找包含特定關鍵字的URI
xml_output:以xml格式輸出
log_summary:生成日誌摘要
db_dump:將日誌轉存到mysql數據庫中
在使用這些腳本前,先使用-o
選項運行一段時間。一旦得到輸出,可運行腳本分析
產生摘要報表
$ cd /usr/local/share/httpry-0.1.8/scripts/
$ perl ./parse_log.pl -p plugins/log_summary.pm /tmp/output.txt
parse_log.pl執行完後,會在/usr/local/share/httpry-0.1.8/scripts/
目錄下生成分析結果文件log_summary.txt。看起來像下面這樣
$ cat log_summary.txt
LOG SUMMARY
Generated: Wed May 25 13:57:40 2016
Total lines: 14
Total run time: 0.0 secs
REQUESTS BY HOUR
0% 0% 0% 0% 0% 0% 0% 0% 0% 0% 0% 0%
|----|----|----|----|----|----|----|----|----|----|----|
00 01 02 03 04 05 06 07 08 09 10 11
0% 100% 0% 0% 0% 0% 0% 0% 0% 0% 0% 0%
|----|----|----|----|----|----|----|----|----|----|----|
12 13 14 15 16 17 18 19 20 21 22 23
15/5 VISITED HOSTS
2 28.6% hi-linux.com
2 28.6% www.hi-linux.com
1 14.3% www.163.com
1 14.3% www.qq.com
1 14.3% www.baidu.com
15/1 TOP TALKERS
7 100.0% 192.168.119.100
15/1 RESPONSE CODES
7 100.0% 200
產生所有報表
$ perl ./parse_log.pl -d plugins /tmp/output.txt
$ ls -l *.txt
parse_log.pl執行完後,會在httpry-0.1.8/scripts
目錄下生成一些分析結果文件(*.txt/xml)。