Command dissect
The dissect command allows you to read a fluxzy archive file or a fluxzy dump directory and extract a specific part of it.
It takes as main argument the path to the fluxzy archive or dump directory.
List exchanges
Running the command without the filter id option (-i) will list all exchanges of the fluxzy archive or dump directory without the default formatting ( - - ).
fluxzy dissect -d "/path/to/archive.fxzy"
Filtering exchanges
You can use the -i option to filter exchanges by id. If you wish to select multiple exchange ids, you can separate the values with a comma (,).
fluxzy dissect -d "/path/to/archive.fxzy" -i "1,2,3"
Formatting output
By default, fluxzy will output the matching exchanges with the default format {id} - {url} - {status}. If you want to display a specific part of the exchange, you can change this default format with the -f option.
For example, the following formatting will output the remote host instead of the url.
fluxzy dissect -d "/path/to/archive.fxzy" -i "1,2,3" -f "{id} - {host}"
The possibles values of the format are:
| Value | Description |
|---|---|
| url | The url of the request |
| method | The method of the request |
| status | The status of the response |
| content-type | The content type of the response |
| authority | The authority of the request |
| path | The path of the request |
| host | The host of the request |
| id | The id of the exchange |
| http-version | The http version of the exchange |
| scheme | The scheme of the request |
| request-body-length | The length of the request body |
| response-body-length | The length of the response body |
| response-body | The response body, any transport transformation (gzip, chunk,...) are removed |
| request-body | The request body, any transport transformation (gzip, chunk,...) are removed |
| pcap | The pcap of the connection used by the exchange |
| pcap-raw | The pcap raw of the connection used by the exchange (encrypted) |
Filtering on specific fields
To filter on a specific field, you can use the format option (-f) referencing the specific field and use a shell search command (grep, egrep or find for windows) to find the desired entry.
Here a sample to search for all exchanges with a status code 200.
fluxzy dissect -d "/path/to/archive.fxzy" -f "{id} - {status}" | grep "200"
Exporting binary data
You can export binary datas of an exchange with the dissect command. Binary datas can be: request body, response body, pcap and pcap raw. For this you can use the format option with only the field you want to export.
fluxzy dissect -d "/path/to/archive.fxzy" -i "1" -f "{response-body}" -o "/path/to/output" -u
If want the result not be on standard output, you can use the -o option to specify the output file as in the example above.
Additionally you can use the -u option to abort the command if multiple outputs are found for the specified exchange.