httpry is packet sniffer designed for displaying and logging HTTP traffic. It is not intended to perform analysis itself, but to capture, parse, and log the traffic for later analysis. It can be run in real-time displaying the traffic as it is parsed, or as a daemon process that logs to an output file. It is written to be as lightweight and flexible as possible, so that it can be easily adaptable to different applications.
What can you do with it? Here’s a few ideas:
- See what users on your network are requesting online
- Check for proper server configuration (or improper, as the case may be)
- Research patterns in HTTP usage
- Watch for dangerous downloaded files
- Verify the enforcement of HTTP policy on your network
- Extract HTTP statistics out of saved capture files
This release brings substantial improvements to some existing features. IPv6 parsing can now follow extension headers that are present in the captured packets. Also, the rate statistics code has been substantially overhauled to handle an arbitrary number of hosts, along with a couple of additional switches for controlling behavior. Additionally, this release adds an optional switch to specify the PID filename, which is helpful when running multiple instances of httpry on the same box.