LinuxCommandLibrary

httpry

Capture and display HTTP traffic

TLDR

Save output to a file

$ httpry -o [path/to/file.log]
copy

Listen on a specific interface and save output to a binary PCAP format file
$ httpry [eth0] -b [path/to/file.pcap]
copy

Filter output by a comma-separated list of HTTP verbs
$ httpry -m [get|post|put|head|options|delete|trace|connect|patch]
copy

Read from an input capture file and filter by IP
$ httpry -r [path/to/file.log] '[host 192.168.5.25]'
copy

Run as daemon process
$ httpry -d -o [path/to/file.log]
copy

SYNOPSIS

httpry [options] [bpf-filter]

PARAMETERS

-h, --help
    Display help and exit

-v, --version
    Print version information

-i, --interface=IFACE
    Capture on interface IFACE (default: all interfaces)

-o, --outfile=FILE
    Write parsed output to FILE (default: stdout)

-w, --pcapfile=FILE
    Write raw packets to PCAP FILE

-d, --outdir=DIR
    Output directory for rotated log files

-O, --maxfiles=NUM
    Maximum rotated files (default: 10)

-j, --json
    Output in JSON format

-x, --xml
    Output in XML format

-f, --fast
    Use compact fast output format

-q, --quiet
    Suppress initial banner

-F, --flush
    Flush output after each packet

-n, --no-fqdn
    Disable FQDN resolution

-m, --mapfile=FILE
    Load custom field map from FILE

-t, --timestamp
    Prefix output with timestamps

-s, --stats
    Print capture statistics on exit

-I, --import=FILE
    Read offline PCAP from FILE

-p, --pidfile=FILE
    Write process ID to FILE

-l, --listen=PORT
    Listen on TCP PORT for control commands

DESCRIPTION

httpry is a lightweight, command-line tool for capturing and analyzing HTTP network traffic. It sniffs packets on specified interfaces, parses HTTP requests and responses, and displays key headers in a structured, human-readable format. Core output includes fields like method, host, URI, user-agent, referer, response codes, and content lengths.

Designed for real-time monitoring, httpry excels in security auditing, web debugging, and traffic forensics. It supports BPF filters (e.g., port 80 or port 443) to target specific flows, IPv4/IPv6, and HTTP/1.0-1.1 (with partial HTTP/2). Output options include console display, file logging, JSON/XML formats, and PCAP dumps for tools like Wireshark.

Unlike heavy analyzers, httpry is efficient, low-overhead, and daemonizable. It handles gzip/deflate decoding and customizable field maps. Run as root for live capture or offline with PCAP imports. Ideal for servers, IDS, or proxies needing HTTP visibility without full decryption.

CAVEATS

Requires root privileges for live packet capture on most systems; no native HTTPS decryption (headers only if unencrypted); limited HTTP/2 support; high traffic may increase CPU usage.

EXAMPLE USAGE

httpry -i eth0 -o http.log 'tcp port 80 or tcp port 443'
Live capture on eth0, log to file, filter HTTP/HTTPS ports.

httpry -j -I capture.pcap
JSON output from offline PCAP.

DEFAULT FIELDS

method, host, uri, referrer, user-agent, accept, accept-language, accept-encoding, accept-charset, keep-alive, conn-type, auth, cookie, cache-control, request-size, response-code, response-str, content-type, content-length, content-encoding, server, x-forwarded-for, via

HISTORY

Developed by Jason Bittel starting in 2011 as an open-source HTTP sniffer. First release focused on efficient header logging; evolved with JSON/XML support, BPF filters, and PCAP export. Maintained on GitHub, widely used in security tools and server monitoring.

SEE ALSO

tcpdump(1), tshark(1), ngrep(1), pcap(3)

Copied to clipboard