buger / goreplay

GoReplay is an open-source tool for capturing and replaying live HTTP traffic into a test environment in order to continuously test your system with real data. It can be used to increase confidence in code deployments, configuration changes and infrastructure changes.
https://goreplay.org
Other
18.66k stars 29 forks source link

How to capture server egress traffic #872

Open Junm0 opened 3 years ago

Junm0 commented 3 years ago

Now,I want to capture all the network traffic from the server. Can I do it with this tool?

urbanishimwe commented 3 years ago

-input-raw-track-response?

Junm0 commented 3 years ago

Now I want to get all http traffic on nginx server

But my nginx is https

so I have to get export traffic, is what I need

urbanishimwe commented 3 years ago

If I understand correctly, you can dump your decrypted traffic(from nginx) to goreplay by opening a TCP server --input-tcp [address]. the data you send should follow this format https://github.com/buger/goreplay/wiki/Saving-and-Replaying-from-file#file-format and the communication is done with raw TCP connection.

buger commented 3 years ago

Can you describe your use-case a bit more?

Thanks!

Junm0 commented 3 years ago

I have A and B machines A installed nginx B installed web

Get the http request from A to B on machine A, can I do this

buger commented 3 years ago

Actually, I think can try to make it work. GoReplay allows you to set custom BPF rule.

Smth like --input-raw-bpf-filter "dst <some-ip>" See more docs on BPF language https://biot.com/capstats/bpf.html

Feels like it should be possible to use outbound and inbound directives too.

I'm quite curious about how it will work too. So if you will be able to succeed let us know!