3

I'm trying to experiment with some HTTP data for a personal project. What I would like to do is capture all the HTTP traffic that passes through my Wifi Router at home and use that data for some analysis.

Only capturing the HTTP header information will suffice for this task. I want to monitor traffic from my laptop, phone, iPad everything. I don't have a dedicated server at home for capturing this data, so I want to use Amazon's cloud servers for this. I have an AWS account.

So, how would I go about doing this? I'm guessing I'll need to set up a proxy of some sort, but I'm a novice at networking things.

I have a FTTH modem from my ISP. And the Wifi router connects to it.

Improve this question
2
  • 1
    To intercept, you need a common point in the network through which all network traffic passes, and where you can insert a monitoring device. A wifi router is usually a standalone box, without the capability of monitoring. What is on the "outside" of the router? How does it connect to the internet?
    – Paul
    Commented Feb 9, 2014 at 8:22
  • @Paul I have a FTTH modem from my ISP. And the Wifi router connects to it. I guess I have to install something between those? Can I use something like a Raspberry Pi?
    – sfactor
    Commented Feb 9, 2014 at 9:44

2 Answers 2

Reset to default
1

Inserting something in your network between the router and the modem seems ideal. This could be achieved with a raspberry pi. It only has a single ethernet interface, but you could get a USB nic so that you have an incoming and outgoing interface.

These should be bridged so that the pi does not need to participate as a router. Anything coming into the pi on one interface will go out the other. You may need a third USB nic to act as a management port that you can connect to the inside of your network.

One approach is to have netcat running on AWS, then run tcpdump filtering out any http headers from port 80, and sending them to AWS.

tcpdump -s 0 -U -n -w - -i br0 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)'  | nc AWS_IP -p 10000

This is saying 

-s 0   Get the whole packet
-U     Send output immediately, don't buffer
-n     No name conversion with dns etc
-w -   write to standard output
-i br0 Listen for packets on the br0 interface (assumes the ethernet ports are bridged)

The filter then pulls out any http headers. The output from this is piped into netcat, which sends it to the AWS IP address to port 10000

And on AWS

nc -l -p 10000 > http.pcap

This sets up a listener on port 10000 and outputs anything that arrives on this port to a file called http.pcap.

This file can then be opened using something like wireshark.

To secure this traffic, look into tunnelling the data over ssh.

Improve this answer
0

There's a program called fiddler which might suit your needs without being an overkill.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .