My overall goal is to not interrupt a production system while capturing HTTP Posts to a web application so that I can reverse engineer the telemetry coming from a closed application. I have control over the transmitter of the HTTP Posts but not the receiving web application.
It seems like I need a request "forking" proxy. Sort of a reverse proxy that pushes the request to 2 endpoints, a master and slave, only relaying the response from the master endpoint back to the requester. I am not a server geek so something like this may exist but I don't know the term of art for what I am looking for.
Another possibility could be a simple logging proxy. Capture a log of the web requests. Rewrite the log to target my "slave" web application. Playback the log with curl or something.
Thank you for your assistance.
Best Answer
wireshark, ettercap, tcpdump and snort come to mind. Almost any libpcap application will do it. You might try freshmeat.net or sourceforge.net to look for packet capture applications. I am sure someone has developed something that would allow you to do a WWW Replay/Analysis.
If you can control the source, you could even put a router between that would allow you to capture the traffic. This is how a Man in the Middle Attack works.
However, short of writing some complex rules with snort, I'm not sure how easily you'll get the data you're looking for. tcpdump can write to files for each 'transaction', but, you still need to do a bit of decoding of the resulting files.
Any solution will likely be problematic if the POST machine uses https://