Monday, May 6, 2024
Homepage · networking
 Popular · Latest · Hot · Upcoming
88
rated 0 times [  88] [ 0]  / answers: 1 / hits: 210333  / 3 Years ago, fri, june 4, 2021, 8:24:23

My application is sending HTTP requests to some server and I want to see the actual data that it is sending out. Some specifics I would like to see:




  • Request method (GET/POST/PUT, etc.)

  • Content-type

  • Body



What is the best and simple way to accomplish this?


More From » networking
 Answers
0

Well, for all those tcpdump fans =)



RUN ALL THESE COMMANDS AS ROOT !!!



Obtain root in a terminal with



sudo -i


To capture the RAW packets ...



sudo tcpdump -i any -w /tmp/http.log &


This will capture all the raw packets, on all ports, on all interfaces and write them to a file, /tmp/http.log.



Run your application. It obviously helps if you do not run any other applications that use HTTP (web browsers).



Kill tcpdump



killall tcpdump


To read the log, use the -A flag and pipe the output toless:



tcpdump -A -r /tmp/http.log | less


The -A flag prints out the "payload" or ASCII text in the packets. This will send the output to less, you can page up and down. To exit less, type Q.



When I go to Google, I see (in the raw packets):



20:42:38.179759 IP ufbt.local.56852 > sea09s02-in-f3.1e100.net.www: Flags [P.], seq 1:587, ack 1, win 913, options [nop,nop,TS val 25523484 ecr 492333202], length 586

E..~.v@[email protected]......!#...P.(.gS.c..............u..Xh.GET /generate_204 HTTP/1.1

Host: clients1.google.com

Connection: keep-alive

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/534.34 (KHTML, like Gecko) rekonq Safari/534.34

Referer: http://www.google.com/

Accept: */*

Accept-Encoding: gzip, deflate, x-gzip, x-deflate

Accept-Charset: utf-8,*;q=0.5

Accept-Language: en-US, en-US; q=0.8, en; q=0.6

Cookie: PREF=ID=dd958d4544461998:FF=0:TM=1323842648:LM=1360205486:S=Fg_QCDsLMr4ZepIo; NID=67=OQJWjIDHG-B8r4EuM19F3g-nkaMcbvYwoY_CsOjzvYTOAxwqAos5kfzsk6Q14E70gIfJjHat8d8PuQIloB12BE-JuSHgsKHR2QSpgN12qSWoxeqhdcSQgzw5CHKtbR_a


tcpdump has a long set of options to refine data collection from specifying network interfaces to ports to source and destination IP addresses. It can NOT decrypt (so it will not work with HTTPS).



Once you know what you are interested in, you can use a number of options with tcpdump to record only the data of interest. The general strategy is to first record all the packets, review the raw data, and then capture only the packets of interest.



Some helpful flags (options):



-i Specify an interface

-i eth0



tcp port xx

tcp port 80



dst 1.2.3.4

specify a destination ip address


There is a learning curve, both to using tcpdump and learning how to analyze the data you collect. For further reading, I highly suggest Daniel Miessler's tcpdump Primer with Examples.


[#32804] Sunday, June 6, 2021, 3 Years  [reply] [flag answer]
Only authorized users can answer the question. Please sign in first, or register a free account.
urvedcaly
Add To Favorites
Follow
Total Points: 171
Total Questions: 118
Total Answers: 124
Location: Cape Verde
Member since Fri, Nov 27, 2020
4 Years ago
urvedcaly questions
Tue, Nov 8, 22, 19:40, 2 Years ago
Fri, May 26, 23, 15:27, 1 Year ago
Wed, Jan 19, 22, 08:09, 2 Years ago
Thu, May 13, 21, 03:34, 3 Years ago
Mon, Aug 15, 22, 03:20, 2 Years ago
View All
;