How to Debug HTTP/HTTPS Traffic on Linux

Debug HTTP Traffic linux

In this article, we'll delve and look how you can debug HTTP/HTTPS traffic on your Linux system. We'll feature OpenSSL and script.  is a simple shell script used for debugging HTTP/https traffic tracing.

In addition, it can also be used for scanning domain with external security tools mainly  Mozilla Observatory and SSL Labs APIOn the other hand, OpenSSL is a cryptographic toolkit that relies on SSL  (V2 & 3) and TLS  v1 protocols to debug traffic.

1) Using htrace script

The shell script is used in checking basic SSL configuration, domain configuration of web servers & reverse proxies, response headers for each query ran and conducting redirect analysis with an aim of eliminating redirect loops. In addition, more detailed information can be displayed using the simple shell script command. This includes

  • Remote address
  • HTTP version
  • Server the site is running on
  • Content type
  • Content encoding


Before proceeding any further, ensure the following is installed in your system

  1. Curl 7.49 and later
  2. OpenSSL
  3. Git

Installation and running of script

First, Clone the htrace repository

git clone


Cloning into ''...
remote: Counting objects: 300, done.
remote: Compressing objects: 100% (141/141), done.
remote: Total 300 (delta 151), reused 288 (delta 139), pack-reused 0
Receiving objects: 100% (300/300), 421.03 KiB | 0 bytes/s, done.
Resolving deltas: 100% (151/151), done.
Checking connectivity... done.

Navigate into the htrace directory


Next, Install htrace using the following command

./ install


Create symbolic link to /usr/local/bin
Create man page to /usr/local/man/man8

Usage of htrace

Now, we can run the application and test a domain. The syntax of the command is --domain

Other options include

        --help                        show this message
        -d|--domain                   set domain name
        -h|--headers                  show response headers

In the command below, we are going to test --domain --headers

The output below is from site

2) Using OpenSSL

Apart from using the shell script, you can use OpenSSL to debug SSL certificate problem from the shell prompt . OpenSSL is a robust , general-purpose cryptographic toolkit that uses Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) network protocols. Also included is the openssl  command which you can use to debug problems with SSL certificates.


openssl s_client -connect

Below is an example of how the command can be used to connect to on port 443

openssl s_client -connect

Sample Output

depth=3 C = SE, O = AddTrust AB, OU = AddTrust External TTP Network, CN = AddTrust External CA Root
verify return:1
depth=2 C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO ECC Certification Authority
verify return:1
depth=1 C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO ECC Domain Validation Secure Server CA 2
verify return:1
depth=0 OU = Domain Control Validated, OU = PositiveSSL Multi-Domain, CN =
verify return:1
Certificate chain
 0 s:/OU=Domain Control Validated/OU=PositiveSSL Multi-Domain/
   i:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO ECC Domain Validation Secure Server CA 2
 1 s:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO ECC Domain Validation Secure Server CA 2
   i:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO ECC Certification Authority
 2 s:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO ECC Certification Authority
   i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
Server certificate

That's all we had for you today. Feel free to try out the shell script and openssl command to debug SSL certificates. As always, your feedback is valuable and most welcome.

Jamie Arthur 12:05 am

About Jamie Arthur

James is a passionate Linux and Windows Systems Administrator with 4 years of experience in Linux, databases and Front-End development. He loves doing research on different Linux distributions and experimenting with installation and configuration of different services and features. His hobbies include swimming, reading novels and playing video games.

Author's All Posts
Like to become part of Linoxide Team and contribute tips? Contact us here.


Your email address will not be published. Required fields are marked *

All comments are subject to moderation.

1 Comment

  1. Hi! I have released a new version of this tool with Nmap NSE Library support and minor fixes/updates. There is an error from on the screenshots of this article - curl: unknown --wirte-out variable. To fix this you should use curl ≥ 7.52.0 version. Big thx for this! Very nice and usefull blog.