Httptap: View HTTP/HTTPS requests made by any Linux program

(github.com)

664 points alexflint | 1 comments | 03 Feb 25 16:28 UTC | HN request time: 0.411s | source

Show context

alexflint ◴[03 Feb 25 16:28 UTC] No.42919910[source]▶

>>42919909 (OP) #

httptap is a process-scoped http tracer that you can run without root priveleges. You can run `httptap <command>` where <command> is a linux program and you get a trace of http/https requests and responses in standard output:

    httptap -- python -c "import requests; requests.get('https://monasticacademy.org')"
    ---> GET https://monasticacademy.org/
    <--- 308 https://monasticacademy.org/ (15 bytes)
    ---> GET https://www.monasticacademy.org/
    <--- 200 https://www.monasticacademy.org/ (5796 bytes)

It works by running <command> in an isolated network namespace. It has its own TCP/IP stack (for which it uses gVisor). It is not an HTTP proxy and so does not rely on <command> being configured to use an HTTP proxy. It decrypts TLS traffic by generating a CA on the fly. It won't install any iptables rules or make other global system changes.

replies(3): >>42920666 #>>42921671 #>>42922996 #

gear54rus ◴[03 Feb 25 17:35 UTC] No.42920666[source]▶

>>42919910 #

can it modify requests or responses? with the current web getting increasingly user-hostile a need for tool like this was never more apparent

especially if it doesn't require proxy configuration

replies(4): >>42921354 #>>42921863 #>>42922082 #>>42930927 #

1. knome ◴[03 Feb 25 19:50 UTC] No.42922082[source]▶

>>42920666 #

if the program doesn't pin certificates, you should be able to intercept them by telling your machine to trust a certificate authority of your own creation and performing a mitm attack on the process's traffic. if it does do certificate pinning, then it won't trust your home issued cert, and will refuse to send data through your proxy.

↑