4

I want to intercept/sniff incoming HTTP request and filter/modify their contents (before they reach the application).

"Fiddler" seems to have this functionality, but for the sake of integration and portability I would rather have some library in Java/C to do this. Like JPCAP, for example. It intercepts IP packets, but, as stated, I need to intercept the -higher level- HTTP requests.

Furthermore, how can SSL encrypted (HTTPS) requests be read/modified in the same way?

Thanks in advance.

Thomas
  • 2,070
  • 3
  • 16
  • 21
  • This might prove useful reading - http://stackoverflow.com/questions/2260710/creating-a-reverse-proxy-using-jpcap. – Perception Feb 15 '13 at 08:45
  • @Perception, that indeed looks useful. The implementation in JPCAP is definitely not necessairy. Do you I should look into some straight-forward examples of a HTTP(S) - proxy/filter? – Thomas Feb 15 '13 at 08:57
  • What *precisely* do you need to do here? Filtering to drop 'bad' HTTPRequests, for example? What contents do you need modify? – Andrew Alcock Feb 15 '13 at 08:58
  • 1
    @Thomas - its really hard to say without concrete requirements. Are you trying to filter all HTTP requests coming in to a server? A domain? Into an app server? Or an app running on an app server? The crux of it is that you want an HTTP reverse proxy written in Java, but the level of interception is going to determine what kind of traffic you can monitor, and also determine the level of filtering you are going to be able to do. – Perception Feb 15 '13 at 09:00
  • @Perception, I would need to "read" incoming HTTP request and determine if it can pass on to, for example a WebService. This would involve reading the source and destionation (IP, ports), as well as the content of the request (SOAP, XML document). So basically, checking for malicious behaviour and content. – Thomas Feb 15 '13 at 09:05
  • @Thomas - that sounds more like you need a routing engine, like [Apache Camel](http://camel.apache.org/). – Perception Feb 15 '13 at 09:08
  • @Perception, I don't think so. It is not up to me to determine the route to the webservice endpoint. It is up to me to determine if the request headed for the webservice is malicious or not. And drop it, if necessary. – Thomas Feb 15 '13 at 09:10
  • @Thomas: Are the web services in a one application server or several? What technology/technologies are the web services running in (Java, C#, Python, PHP, etc?) – Andrew Alcock Feb 15 '13 at 09:22
  • @Thomas - [lets continue this conversation in chat](http://chat.stackoverflow.com/rooms/24557/intercept-and-filter-http-request). – Perception Feb 15 '13 at 09:26

1 Answers1

5

Have you tried Servlet Filters?

They wrap the HTTP request and so can modify the request before it gets to the servlet, and can modify the response as well. They can (and are) used to wrap third-party servlets and JSPs.

Because they are in the servlet container, you have secure, unencrypted access to both the request and response.

anjanb
  • 12,999
  • 18
  • 77
  • 106
Andrew Alcock
  • 19,401
  • 4
  • 42
  • 60
  • I am not familiar with Servlets. Would this require to be part of some particular Java Server? Because I'd like it to be completely independent of where the http request is headed. I understand that this requirement most definitely rules out the possibility of filtering SSL encrypted content? – Thomas Feb 15 '13 at 08:41
  • 2
    Ahh, I guessed from the "java" tag in the question that you were trying to probe the HTTPRequest for a Java server, so servlets would work fine. To answer your question, Servlets are Java classes handle HTTP requests, and reside in an web application container (eg Tomcat, WebSphere, Weblogic and others). However, filters can be added to an *existing* web application container without any code modification of the existing applications. – Andrew Alcock Feb 15 '13 at 08:56