I have tcpdump traces from which I want to recover reassemble HTTP requests and responses. Is there a good tool to do that. Python preferred but willing to write a wrapper if python solution not available.
Bro performs robust TCP stream reassembly and parses a variety of application-layer protocols in a port-independent fashion. That is, if your trace contains HTTP traffic on any non-standard HTTP ports, Bro detects it.
Bro's HTTP analyzer does exactly what you need out of the box: it takes the TCP stream and deconstructs it into HTTP headers and bodies, for both requests and responses. Simply run Bro and look at the http.log:
bro -r trace.pcap
less http.log
Bro also comes with Python bindings, meaning, you can send all HTTP events to your custom Python script for individual processing.