Show whole url in query log instead of domain


#1

I have a lot of these api-calls, but i want to know the whole url

https://api.netatmo.com/api/setthermpoint
https://api.netatmo.com/api/getthermostatsdata
https://api.netatmo.com/api/gethomedata
https://api.netatmo.com/api/geteventsuntil
...

#2

Unfortunately, this is technically impossible. Your clients do only query the host name and never tell the DNS server the full URL.

You can see this also as a security feature - why should you tell e.g. your ISP’s or Google’s DNS servers the full path of what you are visiting?


#3

Thanks for your response.


#4

If you want to catch just a few URLs, use Wireshark (and if you don’t want to patch the topology a ARP-spoofer) with the filter “http” to catch http requests which contains the requested URL.


#5

When I have the time I will try to figure out how wireshark works.


#6

Just make sure, that the traffic goes over your pc. When you want to sniff you smartphone open a hotspot or use a hub instead of a switch.


#7

I want to sniff a raspberry pi connected to Ethernet.
And i’m Using a mac with wireshark, Can u explane me how to do that?


#8

What do you want to sniff? Just the traffic between your mac and the PI was better/easier to realize than sniffing the whole traffic?

If you want to sniff the whole traffic you need to be the man in the middle (you need to be a switch or catching traffing fron a switch, router ecetera). The FritzBox offers to sniff at their ports for example.
If you try to be the man in the middle via ARP-spoofing, you need to deactivate the security software of your pc’s because they would really fuck up :wink:

Just the traffic between your PI and your mac: Open Wireshark and start sniffing at your network interface card. Set as filter “ip.addr==ADRESS-OF-YOUR-PI” and confirm with enter.


#9

I want to sniff the traffic between my pi and API.netatmo.com.


#10

Ok so if the PI calls api.netatmo.com, the request passes your router. Maybe your router offers a function to sniff. Otherwise you need to use Cain & Abel for example to tell the PI “Hey i am the router” and the router “Hey i am the PI” so that the traffic is routed over your mac.

Maybe look here:


At 01:50 must be your router on the left side, your PI on the right side, then activate the nuker (radioactive-symbol)
At 02:13 traffic is full-routed. then you can start Wireshark with sniffing.
You just need to go until 02:15. After that it is just focussed on sniffing passwords.


#11

@DL6ER is correct here, but if you’re curious, /var/log/lighttpd/access.log can show the URL but only for blocked domains.


#12

Show whole url in query log instead of domain, 2nd try