Using an Ad-Hoc Nginx Server to Catch-Web Requests
Set up Custom Logging
sudo apt install -y libnginx-mod-http-lua
Install Nginx LUA libraries
sudo nano /etc/nginx/nginx.conf
Edit the Nginx configuration file
http {
# ...
# ...
# ...
log_format custom 'Time: $time_local'
'
'
'Remote Addr: $remote_addr'
'
'
'Request: $request'
'
'
'Request Headers: $request_headers'
'
'
'Body: $request_body'
'
'
'Status: $status'
'
'
'-----';
# ...
# ...
# ...
}
Add a custom logging format using LUA script
Define an Ad-Hoc Server
sudo nano /etc/nginx/sites-available/ad-hoc.conf
Create a configuration file for the ad-hoc server
server {
# Replace listener_ip_goes_here with the IP you wish to listen on
server_name listener_ip_goes_here;
listen 80;
root /tmp/ad-hoc;
index index.html;
# Uncomment to allow directory listing
# autoindex on;
##
# LUA Advanced Logging
##
# Lua script to scrape and format the headers
set_by_lua_block $request_headers {
local h = ngx.req.get_headers()
local request_headers_all = ""
for k, v in pairs(h) do
request_headers_all = request_headers_all .. ""..k..": "..v..";"
end
return request_headers_all
}
access_log /tmp/ad-hoc/access_verbose.log custom;
location / {
try_files $uri $uri/ =404;
}
}
ad-hoc.conf
Enable the Configuration
mkdir /tmp/ad-hoc
sudo ln -s /etc/nginx/sites-available/ad-hoc.conf /etc/nginx/sites-enabled/ad-hoc.conf
sudo nginx -t && sudo systemctl restart nginx
Making any changes to ad-hoc.conf
should be done on /etc/nginx/sites-available/ad-hoc.conf
. DO NOT edit the symbolically linked file.
Making any changes will also require a service restart using sudo systemctl restart nginx
.
tail -fn 0 /tmp/ad-hoc/access_verbose.log
Monitor the verbose access logs as they come in
You could even add this to your local shell rc
file -- like .bashrc
or .zshrc
function start_nginx_adhoc () {
if ! [ -d /tmp/ad-hoc ] ; then
mkdir /tmp/ad-hoc
fi
if ! [ -f /etc/nginx/sites-enabled/ad-hoc.conf ] ; then
sudo ln -s /etc/nginx/sites-available/ad-hoc.conf /etc/nginx/sites-enabled/ad-hoc.conf
fi
sudo nginx -t && sudo systemctl restart nginx
}
If you've just added this function to your rc
file, it will require you log out and log back in, or run the command source ~/.zshrc
for example
# Invoke the function
start_nginx_adhoc
Disable the Configuration
sudo systemctl stop nginx
sudo unlink /etc/nginx/etc/sites-enabled/ad-hoc.conf
rm -rf /tmp/ad-hoc
Again with the automation example using your rc
file
function stop_nginx_adhoc () {
sudo systemctl stop nginx
if [ -d /tmp/ad-hoc ] ; then
rm -rf /tmp/ad-hoc
fi
if [ -f /etc/nginx/sites-enabled/ad-hoc.conf ] ; then
sudo unlink /etc/nginx/sites-enabled/ad-hoc.conf
fi
}