I’m experimenting with
↑chaosreader to analyze my
smartphone’s network traffic. (Smartphones are, let’s say, interesting
when privacy is concerned. I’ve got
↑freed ones, where
I tend to capture most network traffic via
↑tcpdump. Sometimes I feel like analyzing
what my phone does behind the scenes; then, in addition to chaosreader,
↑Wireshark is a great tool …)
As long as chaosreader was not actively maintained I published my
patched versions here. In June 2014, the original author, Brendan Gregg,
merged my patches in his ↑Git
repository. Hence, the
following is only of historical interest now.
- Switch to GPLv3.
- Integrate ↑diff to reassemble chunked HTTP
- Parse linux cooked captures, which result from listening on “any”
interface. (Chaosreader0.94 does not produce any output for such
- Use HTTP content-type to identify file types such as HTML, XML,
- More systematic Content-Type handling based on MIME types. (More
image types included in Image Report based on MIME types.)
- Uncompress gzip’ed data.
- Add new command line switch (“-n”) to show host names in HTTPlog and
to create href-links from HTTPlog rows to the corresponding rows in
the table on index.html.
- Add new command line switch (“-d”) to parse captured DNS replies and
show DNS names instead of IP addresses on index page; save DNS
replies as text files.
- Prefer host names obtained from HTTP Host headers over IP addresses
in HTTP logs.
- Create new text HTTPlog file indicating referrers and cookies.
- Extend GET/POST report to include all GET requests instead of only
those containing parameters.
- Create new “External Image Report” (linked from index.html), where
images are embedded from their origin servers. In contrast, the
“Image Report” points to images on the local hard disk. The new
report may be more suitable for publication on Web pages as it does
not require to publish (potentially copyright protected) images.
- Show also empty parts on index.html that result from cache hits.
- Create directory passed after switch “-D.”
- Optimized hexadecimal dumps to use less memory.
- Modified “IP Count” to “IP and MAC Count.”
- Fixed a few bugs concerning output.
- Treat port 8118 (polipo) and 9050 (Tor) as HTTP, also from localhost
- My versions of chaosreader
- 0.95i, 2014-04-14
- 0.95h, 2014-04-12, new version by Pavel Hančar
- 0.95g, 2013-04-18
- 0.95f, 2013-04-15
- 0.95e, 2013-03-15
- 0.95d, 2012-02-10
- 0.95c, 2012-01-04
- 0.95b, 2011-09-24
- 0.95, 2011-09-11
Letzte Änderung dieses Abschnitts: 2017-01-07 11:45:29