←back to thread

Httptap: View HTTP/HTTPS requests made by any Linux program

(github.com)
664 points alexflint | 6 comments | 03 Feb 25 16:28 UTC | HN request time: 1.155s | source | bottom
1. eriksjolund ◴[03 Feb 25 19:25 UTC] No.42921785[source]
Another tool that can be used by an unprivileged user for analysing network traffic is rootless Podman with Pasta.

Just add the podman run option

--network=pasta:--pcap,myfile.pcap

Pasta then records the network traffic into a PCAP file that could later be analysed.

I wrote a simple example where I used tshark to analyse the recorded PCAP file https://github.com/eriksjolund/podman-networking-docs?tab=re...

replies(1): >>42922003 #
2. alexflint ◴[03 Feb 25 19:44 UTC] No.42922003[source]
Very good to know about. But you still have the problem of decrypting TLS traffic.
replies(1): >>42922209 #
3. mdaniel ◴[03 Feb 25 20:02 UTC] No.42922209[source]
I don't know if it's a standard but I believe a lot of tls libraries honor the SSLKEYLOGFILE env-var https://wiki.wireshark.org/TLS#:~:text=and%20curl%20when-,th...
replies(1): >>42922704 #
4. 2030ai ◴[03 Feb 25 20:35 UTC] No.42922704{3}[source]
That seems like an unnecessary vulnerability waiting to happen.
replies(2): >>42928262 #>>42931148 #
5. wruza ◴[04 Feb 25 05:08 UTC] No.42928262{4}[source]
Can’t wait till they patch it away and we lose the ability to investigate our own https traffic.
6. frogsRnice ◴[04 Feb 25 11:44 UTC] No.42931148{4}[source]
At some point someone needs to take responsibility for allowing modification of environment variables via something dumb like http. Debugging interfaces are fine- we should expect more from developers.