←back to thread

Httptap: View HTTP/HTTPS requests made by any Linux program

(github.com)
664 points alexflint | 2 comments | 03 Feb 25 16:28 UTC | HN request time: 0.418s | source
Show context
alexflint ◴[03 Feb 25 16:28 UTC] No.42919910[source]
httptap is a process-scoped http tracer that you can run without root priveleges. You can run `httptap <command>` where <command> is a linux program and you get a trace of http/https requests and responses in standard output:

    httptap -- python -c "import requests; requests.get('https://monasticacademy.org')"
    ---> GET https://monasticacademy.org/
    <--- 308 https://monasticacademy.org/ (15 bytes)
    ---> GET https://www.monasticacademy.org/
    <--- 200 https://www.monasticacademy.org/ (5796 bytes)
It works by running <command> in an isolated network namespace. It has its own TCP/IP stack (for which it uses gVisor). It is not an HTTP proxy and so does not rely on <command> being configured to use an HTTP proxy. It decrypts TLS traffic by generating a CA on the fly. It won't install any iptables rules or make other global system changes.
replies(3): >>42920666 #>>42921671 #>>42922996 #
gear54rus ◴[03 Feb 25 17:35 UTC] No.42920666[source]
can it modify requests or responses? with the current web getting increasingly user-hostile a need for tool like this was never more apparent

especially if it doesn't require proxy configuration

replies(4): >>42921354 #>>42921863 #>>42922082 #>>42930927 #
alexflint ◴[03 Feb 25 18:43 UTC] No.42921354[source]
Agreed! So there isn't any interface for modifying requests/responses at present, but it's definitely possible given the underlying approach. If you consider [this line of code](https://github.com/monasticacademy/httptap/blob/main/http.go...) where you have an HTTP request parsed from the <command> that ran and are about to send it out to the public internet: you could modify the request (or the response that is received a few lines further) in just the way that you would modify a normal http.Request in Go.
replies(1): >>42923714 #
_boffin_ ◴[03 Feb 25 21:50 UTC] No.42923714[source]
Injecting random data into telemetry requests to mess up someone’s pretty dashboard?
replies(1): >>42924271 #
1. gear54rus ◴[03 Feb 25 22:34 UTC] No.42924271[source]
There's at least https://adnauseam.io/ for that already
replies(1): >>42942169 #
2. _boffin_ ◴[05 Feb 25 01:22 UTC] No.42942169[source]
that's a browser addin, if i remember. I'm talking about all the telemetry for native apps. Since those aren't messed with too much, i'm sure there would be a few meetings arranged to figure out what's happening.