Re: [users@httpd] Re: snooping on cgi data

Thu, 04 Oct 2007 11:34:39 -0700

Just write a simple cgi script that passes through the stdin stdout messages and logs them. You'd need to consider performance and file access conflicts on the log files. 

Eric S. Johansson wrote:

Peter Milanese wrote:


Eric, your post comes across a bit abbrasive.



my apologies.  It was not intended as such.



Wireshark (etherreal) is a totally different animal.



in implementation yes, conceptually what I want and wire shark are 
very similar.  I have traffic between two points and I want to see 
what that traffic is.



You failed to mention what operating system you are running on your 
servers.



Shouldn't matter.  my nutshell understanding of CGI is a sub process 
spoken to by environment variables and/or standard in.  Response comes 
back on standard out and any error data should come back on standard 
error and placed into the Web server error log.  wiretapping in the 
standard and/standard out/environment variables might be different 
between different operating systems but conceptually it's the same 
idea.  Put a tap read the tap



as far web server and operating system, it's some version of Apache 
2.mumble shipped with ubuntu 6.06.



What I _think_ you want to do is TRACE the process, to see what calls 
it is making to what. This can be done using TRUSS or STRACE.



I'm not sure that will work since I'm running Python code and they'll 
have a lot of extraneous calls I don't need to pay attention to.





The other route is to include debug code in your CGIs. You also 
failed to mention what type of CGIs they are.



Python CGI.  The bug doesn't help because it's probably leftover 
debugging information that's causing the problem in the first place.  
I've tried a suggestion someone else made about script log but it's 
not working.  So,like I said, my most productive route now is going to 
be scanning the code with grep and a careful eye.


---eric


---------------------------------------------------------------------

The official User-To-User support forum of the Apache HTTP Server 
Project.

See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]























					Reply via email to