←back to thread

Httptap: View HTTP/HTTPS requests made by any Linux program

(github.com)
664 points alexflint | 1 comments | 03 Feb 25 16:28 UTC | HN request time: 0.283s | source
Show context
adtac ◴[03 Feb 25 19:11 UTC] No.42921654[source]
Using a TUN device for this is a really cool idea! And the "How it was made" section is one of the best things I've read in a Github README.

I'm building something called Subtrace [1] but it can intercept both incoming and outgoing requests automatically. Looks like we converged on the same interface for starting the program too lol [2]. Subtrace's purpose is kinda different from httptap's though (more observability / monitoring for cloud backend services, hence the emphasis on both incoming and outgoing). Also, it uses a different approach -- using Seccomp BPF to intercept the socket, connect, listen, accept, and ~10 other syscalls, all TCP connections get proxied through Subtrace. We then parse the HTTP requests out of the TCP stream and then show it to the user in the Chrome DevTools Network tab, which we repurposed to work in the browser like a regular webapp.

Any fun stories there from running programs under httptap? Who phones home the most?

[1] https://github.com/subtrace/subtrace

[2] https://docs.subtrace.dev/quickstart

replies(2): >>42921762 #>>42921976 #
afarah1 ◴[03 Feb 25 19:23 UTC] No.42921762[source]
Reminds me of NetGuard, which uses Android's VPN service (instead of raw TUN) for packet filtering. https://github.com/M66B/NetGuard
replies(1): >>42921990 #
1. alexflint ◴[03 Feb 25 19:43 UTC] No.42921990[source]
Wow, did not know about this!