Often when working with a TLS secured web page you'll find the odd file which accidentally includes something from a non-https scheme URI.
One fairly tidy solution I've come up with (and haven't seen documented elsewhere) is this:
tcpdump -i eth0 -A -n port 80 | grep GET
This will need to be run as root (use sudo or su as appropriate to your distro) but will print a convenient list of all non-https URLs being loaded on your PC while it runs. Change "eth0" to match whatever interface you reach the web server over.
If you're running something that is generating a lot of web traffic in the background (like a tor exit node) and you're reasonably sure you can narrow down which machine the undesired http traffic is coming from you could add a filter along these lines:
tcpdump -i eth0 -A -n port 80 and host example.com | grep GET
Where example.com is the machine hosting the content.
For more information see man 8 tcpdump. I think this solution should be fairly obvious if you use tcpdump a lot but may not jump immediately to mind.
--Michael Fincham <email@example.com> 2011-02-11
Back to Projects