I would like something that allows me to: 1. Inspect all HTTP(S) traffic between my computer and the Internet, including 127.0.0.1 2. Modify incoming or outgoing data 3. It would also be nice if it had a scripting subsystem for setting rules and events 4. I prefer it be a GUI application. Please do not answer with WireShark . I am aware of WireShark and I have used it many many times and it's a great app. I would like something that restricts it's captures to the application layer and HTTP(S) traffic only and ignores the other Internet Protocol Suite layers. Also, it doesn't have some of the features I listed above.

I am looking for a command line tool that listens on a given part, happily excepts every HTTP POST request and dumps it. I want to use it for testing purposes, i.e. for testing clients that issue HTTP POST requests. That means I am searching the counterpart to curl -F (which I can use to send test HTTP POSTs to a HTTP server). Perhaps something like socat TCP4-LISTEN:80,fork,bind=127.0.0.1 ... - but socat is not enough because it does not talk HTTP.

In this specific case I am using fabio and nginx and apache http proxy that just proxies requests to destinations. Both the "Combined Log Format" and "Common Log Format" _do not_ include where to a proxy request is redirected and if the client is using http or https of the request and to which host the request wants to connect to. They also do not include the client port of the request. Is there a standardized "proxy log format" that should be used to log such information? How do I go about adding them - on the end of common log format? or should I ignore and just come up with something of my log format?

I would like to use tcpflow to monitor **https** requests. I have read tutorials on how to monitor http traffic but when I connect to a host using https the output is garbled. I am using tcpflow in the following manner: sudo tcpflow -s -c -i eth0 src or dst host api.linkedin.com

I would like to log all incoming requests, before it hits my worker nodes.

I have an apache server which uses mod_security configuration. Those logs are further analyzed and sent out to OSSEC server for intrusion detection and monitoring. That OSSEC server then sends those logs for normalization and advance correlation to SIEM, the parser at SIEM is able to parse quiet a few mod_sec messages but the one particular type message including in the payload > "rx ^%{tx.allowed_request_content_type}$" cannot seemed to be parsed at SIEM system, Instead of changing the parse code at SIEM end which may seems impossible because its closed source, I want to know if there is way to change the logging output much like apache custom log features. The full log payload is shown below:- > Sep 13 13:35:37 ossec-server ossec: Alert Level: 7; Rule: 50118 - > Access attempt blocked by Mod Security.; Location: (WebServer) > 127.0.0.1->/usr/local/apache2/logs/error_log; [Fri Sep 13 13:37:09.190450 2013] [:error] [pid 2584:tid 140049089795840] [client > 127.0.0.1] ModSecurity: Access denied with code 403 (phase 1). Match of "rx ^%{tx.allowed_request_content_type}$" against "TX:0" required. > [file > "/usr/local/apache2/conf/modsecurity-crs/activated_rules/modsecurity_crs_30_http_policy.conf"] > [line "64"] [id "960010"] [rev "2"] [msg "Request content type is not > allowed by policy"] [data "application/octet-stream"] [severity > "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag > "OWASP_CRS/POLICY/ENCODING_NOT_ALLOWED"] [tag "WASCTC/WASC-20"] [tag > "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/EE2"] [tag "PCI/12.1"] > [hostname "abc.com"] [uri "/"] [unique_id "UjLOtQoKUakAAAoYEh8AAAAO"] Can I specify apache not to log the above highlighted text when writing logs?

I want to log custom headers from clients requests. I have added "$http_my_header" to my log_format and it is logged nicely for POST requests. All GET request, on the other hand, a logged with empty value. The example of GET request: GET /pws HTTP/1.1 upgrade: websocket connection: Upgrade sec-websocket-key: XXXX host: XXXX sec-websocket-origin: XXXX sec-websocket-version: 13 X-Plumbr-sessionId: XXXX X-Plumbr-accountId: XXXX X-Plumbr-build: SNAPSHOT My nginx log_format contains "$http_x_plumbr_accountid" "$http_x_plumbr_build" Does logging headers in GET requests require some special configuration?

For debugging purposes I want to monitor the http requests on a network interface. Using a naive tcpdump command line I get too much low-level information and the information I need is not very clearly represented. Dumping the traffic via tcpdump to a file and then using wireshark has the disadvantage that it is not on-the-fly. I imagine a tool usage like this: $ monitorhttp -ieth0 --only-get --just-urls 2011-01-23 20:00:01 GET http://foo.example.org/blah.js 2011-01-23 20:03:01 GET http://foo.example.org/bar.html ... I am using Linux.

What tool / function can we use on our linux server running CentOS to monitor the http headers that are sent from our application to another application on a different server? Looking for http header monitoring from server to server. My issue is I have no idea how to capture the data sent from the server, meaning the http headers sent via a post. I have tried many methods and third party software's like fiddler2 and ieinspector and the list goes on, but they only seem to capture the client headers and not what is being sent out from the server. I just need to capture the string being sent out via a post function and what is being returned. Seems simple, yet in this case, I'm beyond lost and running out of time to resolve what should be a simple solution. We can see the headers from the server to the client using fiddler2, however, our application is calling an api on a different server. So the sequence goes - client to server - server to server - server back to server - server back to client. We cannot tell if the http headers sent from our server to the other server are correct. The other server's support personnel are unable to capture that information & are forcing us to uncover the data. We know what we think we are sending, but cannot verify it. What we want is a fiddler2 like tool that resides on our server to track this, that can monitor the server to server traffic. If fiddler2 can do this, please let us know how to do this.