←back to thread

Httptap: View HTTP/HTTPS requests made by any Linux program

(github.com)
664 points alexflint | 2 comments | 03 Feb 25 16:28 UTC | HN request time: 0.433s | source
Show context
alexflint ◴[03 Feb 25 16:28 UTC] No.42919910[source]
httptap is a process-scoped http tracer that you can run without root priveleges. You can run `httptap <command>` where <command> is a linux program and you get a trace of http/https requests and responses in standard output:

    httptap -- python -c "import requests; requests.get('https://monasticacademy.org')"
    ---> GET https://monasticacademy.org/
    <--- 308 https://monasticacademy.org/ (15 bytes)
    ---> GET https://www.monasticacademy.org/
    <--- 200 https://www.monasticacademy.org/ (5796 bytes)
It works by running <command> in an isolated network namespace. It has its own TCP/IP stack (for which it uses gVisor). It is not an HTTP proxy and so does not rely on <command> being configured to use an HTTP proxy. It decrypts TLS traffic by generating a CA on the fly. It won't install any iptables rules or make other global system changes.
replies(3): >>42920666 #>>42921671 #>>42922996 #
wutwutwat ◴[03 Feb 25 20:57 UTC] No.42922996[source]
Did everyone forget about wireshark, which can totally be ran as non-root?

https://blog.wireshark.org/2010/02/running-wireshark-as-you/

replies(3): >>42923168 #>>42923185 #>>42923396 #
1. boobsbr ◴[03 Feb 25 21:10 UTC] No.42923185[source]
It's still more setup than just installing this tool.

Also, can Wireshark/libpcap decrypt SSL/TLS traffic this easily?

replies(1): >>42925377 #
2. graerg ◴[04 Feb 25 00:15 UTC] No.42925377[source]
Not in my experience; I think I gave up and opted for mitmproxy which works but is not this easy/seamless.