I'm looking for a command I can run to watch port 5000 on my local loopback and log the full HTTP requests and responses on it, live, without dumping to a file and postprocessing it. Desired output would look like:
GET /index.html HTTP/1.1
Host: www.example.com
HTTP/1.1 200 OK
Date: Mon, 23 May 2005 22:38:34 GMT
Content-Type: text/html; charset=UTF-8
Content-Encoding: UTF-8
Content-Length: 138
Last-Modified: Wed, 08 Jan 2003 23:11:55 GMT
Server: Apache/1.3.3.7 (Unix) (Red-Hat/Linux)
ETag: "3f80f-1b6-3e1cb03b"
Accept-Ranges: bytes
Connection: close
<html>
<head>
<title>An Example Page</title>
</head>
<body>
Hello World, this is a very simple HTML document.
</body>
</html>
I've tried using tshark -i lo0 -d tcp.port==5000,http -Y http but that doesn't print the full content of the HTTP requests and responses, and it prints a lot of extra stuff I don't care about:
13 2.644627 127.0.0.1 → 127.0.0.1 HTTP 387 POST /battsim/loadprofile HTTP/1.1 (application/json)
21 2.692109 127.0.0.1 → 127.0.0.1 HTTP 57 HTTP/1.0 200 OK (application/json)
32 2.706703 127.0.0.1 → 127.0.0.1 HTTP 100 PUT /battsim/loadprofile/3b3135f0-b8aa-4ece-94c2-e9baf1c4998e/data HTTP/1.1 (text/csv)
37 2.722450 127.0.0.1 → 127.0.0.1 HTTP 244 HTTP/1.0 500 INTERNAL SERVER ERROR (text/html)
There are several tools for this purpose and they are often called something like "httpflow". One example is https://github.com/six-ddc/httpflow which looks exactly what you want, i.e. just dumping the data.