←back to thread

Httptap: View HTTP/HTTPS requests made by any Linux program

(github.com)
664 points alexflint | 3 comments | 03 Feb 25 16:28 UTC | HN request time: 0.52s | source
Show context
ranger_danger ◴[03 Feb 25 19:23 UTC] No.42921763[source]
Why not use eBPF instead? Then you could see all http requests from all processes at once, including ones that are already running. Plus you wouldn't need to bother with TLS at all, just hook on e.g. write(2).
replies(5): >>42921870 #>>42921954 #>>42923824 #>>42924500 #>>42927428 #
somanyphotons ◴[03 Feb 25 19:39 UTC] No.42921954[source]
Presumably eBPF requires root privs?
replies(2): >>42922030 #>>42922926 #
trallnag ◴[03 Feb 25 19:46 UTC] No.42922030[source]
I'm having a hard time coming up with a use case where I want to use a tool like that but I'm also lacking root privileges
replies(1): >>42922087 #
freedomben ◴[03 Feb 25 19:51 UTC] No.42922087[source]
Inside most production environments. I could use this today inside a Pod that isn't allowed root privs.
replies(2): >>42922183 #>>42924734 #
1. zamubafoo ◴[03 Feb 25 20:00 UTC] No.42922183[source]
In production environments that won't give you root access, you won't be exec'ing inside of a pod if you aren't an operator or sysadmin.
replies(2): >>42923186 #>>42924603 #
2. imcritic ◴[03 Feb 25 21:10 UTC] No.42923186[source]
No, you are wrong. I would. The pod would be mine though.
3. freedomben ◴[03 Feb 25 23:02 UTC] No.42924603[source]
In my particular case, I am an operator and sys admin, but I don't give myself root privileges without having to go through some serious hoops, which I only jump through if I really truly need it. If I want root, I have to actually change the kubernetes manifest yaml to allow elevation to root privileges. That's not something that can be done without getting others involved for code reviews and what not.

However, even in the case of general developers, it isn't true. Companies do restrict exec abilities, but we don't. Many startups are the same, because developers are expected to also troubleshoot and debug production issues. If you don't allow shells in pods, you are really binding the hands of your devs.

To be clear, I am not disagreeing with you. You are correct in many cases. But there are a number of exceptions in my experience.