Skip to content
/ rewind Public

A capture-first HTTP traffic analyzer that uses a C++ (PcapPlusPlus) agent for packet capture and a Bun + SvelteKit stack to visualize HTTP sessions and metrics in real time.

sreekarnv.github.io/rewind/

License

MIT license
2 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

sreekarnv/rewind

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

66 Commits
.github/workflows
.github/workflows
 
 
docs
docs
 
 
packages
packages
 
 
services
services
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
bun.lock
bun.lock
 
 
package.json
package.json
 
 

Repository files navigation

Rewind - Real-time HTTP Traffic Analyzer

Bun TypeScript SvelteKit ElysiaJS C++ PcapPlusPlus MongoDB Prometheus License

A high-performance, full-stack application for capturing, processing, and visualizing low-level HTTP network traffic in real-time.

Overview

Rewind is a modern debugging and monitoring tool designed to provide deep insight into network activity. It utilizes a decoupled architecture where a high-performance C++ capture agent built on PcapPlusPlus handles raw packet capture and HTTP reassembly, while a Bun/SvelteKit stack delivers a real-time, interactive web experience.

Tech Stack

Features

Core Capture & Analysis

  • In-Browser Capture Terminal - Start/stop/restart the C++ capture agent directly from the web UI via WebSocket
  • Real-time Traffic Metrics - Live status polling every 2s for uptime, PID, and crash detection
  • PII Sanitization - Automatic anonymization of sensitive data during capture
  • Capture Filters - Regex-based host and URI pattern matching to selectively capture traffic

Query & Search

  • RQL (Rewind Query Language) - Custom query language for filtering sessions with expressions like method == "GET" AND status >= 400
  • Simple Search - Quick text-based filtering by method, URI, IP, and status
  • Advanced Filters - UI-based filtering by HTTP method and status range

Notifications & Alerts

  • Alert Rules - Custom rules based on status codes, response times, methods, URL patterns
  • Multi-Channel Notifications - Dispatch alerts to Email, Slack, and Discord simultaneously
  • Cooldown System - Configurable cooldown periods to prevent notification spam

Export & Integration

  • HAR Export - Export captures in HAR 1.2 format for Chrome DevTools and Postman
  • JSON/CSV Export - Export session data in JSON or CSV format
  • SDK & CLI - TypeScript client library and CLI tool for programmatic access
  • Request Replay - Re-send captured HTTP requests with one click

Captures Management

  • Capture Runs - Sessions grouped by capture session with duration and session counts
  • Per-Capture Export - Export all sessions from a specific capture run

Screenshots

Dashboard Overview

Metrics

In-Browser Capture Terminal

Capture Terminal

Session Viewer

Session Viewer

Alert Rules

Alert Rules

Captures List

Captures

Statistics

Statistics

Architecture

graph TD
    FE["Frontend<br/><small>SvelteKit + Svelte 5</small><br/><small>:5173</small>"]
    BE["Backend API<br/><small>Bun + Elysia</small><br/><small>:8000</small>"]
    CA["C++ Capture Agent<br/><small>PcapPlusPlus</small>"]
    DB["MongoDB<br/><small>Sessions, Alerts, Notifications</small>"]
    NOTIFY["Notification Channels"]
    EMAIL["Email<br/><small>SMTP</small>"]
    SLACK["Slack<br/><small>Webhook</small>"]
    DISCORD["Discord<br/><small>Webhook</small>"]

    FE <-->|"HTTP / WebSocket"| BE
    BE <-->|"Process I/O"| CA
    BE <--> DB
    BE --> NOTIFY
    NOTIFY --> EMAIL
    NOTIFY --> SLACK
    NOTIFY --> DISCORD

    style FE fill:#ff3e00,color:#fff
    style BE fill:#5e165d,color:#fff
    style CA fill:#00599c,color:#fff
    style DB fill:#47a248,color:#fff
Loading
Component Stack Port
Frontend SvelteKit + Svelte 5 5173
Backend API Bun + Elysia 8000
Capture Agent C++ + PcapPlusPlus N/A
Metrics Prometheus 9090

Quick Start

Prerequisites

  • Bun 1.0+
  • MongoDB 7.x
  • C++ Build Tools (for capture agent)
  • Administrator/sudo access (for packet capture)

Setup

git clone https://github.com/sreekarnv/rewind.git
cd rewind
bun install

Build the capture agent:

cd services/capture-agent
build.bat    # Windows
make         # Linux/macOS

Run

Terminal 1 (Backend - needs admin for capture):

cd services/backend-api
sudo bun run dev

Terminal 2 (Frontend):

cd services/frontend
bun run dev

Open http://localhost:5173

API Reference

Capture Control

Endpoint Method Description
/api/v1/capture/status GET Capture state
/api/v1/capture/start POST Start agent
/api/v1/capture/stop POST Stop agent
/api/v1/capture/restart POST Restart agent
/api/v1/capture/stream WebSocket Terminal I/O
/api/v1/capture/config GET Read config
/api/v1/capture/config PUT Update config
/api/v1/capture/config/apply POST Apply config and restart

Sessions

Endpoint Method Description
/api/v1/sessions GET List sessions
/api/v1/sessions/:id GET Session details
/api/v1/sessions/:id DELETE Delete session
/api/v1/sessions/clear DELETE Clear all
/api/v1/sessions/filter POST Filter sessions

Captures

Endpoint Method Description
/api/v1/captures GET List capture runs
/api/v1/captures/:id/sessions GET Sessions for a capture run

Alerts

Endpoint Method Description
/api/v1/alerts GET List alert rules
/api/v1/alerts POST Create alert rule
/api/v1/alerts/:id GET/PUT/DELETE Manage alert rule
/api/v1/alerts/:id/toggle PATCH Enable/disable

Notifications

Endpoint Method Description
/api/v1/notifications GET List notifications
/api/v1/notifications/:id/read PATCH Mark as read
/api/v1/notifications/:id/dismiss PATCH Dismiss
/api/v1/notifications/read-all PATCH Mark all read

Real-time

Endpoint Type Description
/api/v1/realtime WebSocket Live session updates

RQL (Rewind Query Language)

Query sessions with expressive filters in the frontend search bar (RQL mode) or via the CLI/SDK.

method == "GET" AND status >= 400
uri contains "/api" AND ip.src == "192.168.1.0/24"
status == 5xx OR response_time > 2000
NOT method == "OPTIONS"
host startswith "api."
port.dst == 443

Fields: method, status, uri, host, ip.src, ip.dst, port.src, port.dst, timestamp

Operators: ==, !=, >, <, >=, <=, contains, matches, startswith

Logical: AND, OR, NOT

Special values: Status ranges (2xx, 5xx), CIDR notation (192.168.1.0/24), durations

SDK & CLI

The @rewind/sdk package provides a TypeScript client library and CLI for interacting with a running Rewind backend.

CLI Usage

cd packages/sdk

bun run src/cli.ts sessions list                    # list captured sessions
bun run src/cli.ts sessions list --limit 50         # with pagination
bun run src/cli.ts sessions get <session-id>        # session details
bun run src/cli.ts sessions export -o out.json      # export to file
bun run src/cli.ts sessions export -q 'status>=400' # export filtered
bun run src/cli.ts sessions clear                   # clear all sessions

bun run src/cli.ts query 'method == "POST"'         # RQL query
bun run src/cli.ts query 'status == 5xx' -f json    # output as JSON

bun run src/cli.ts capture status                   # agent status
bun run src/cli.ts capture start                    # start agent
bun run src/cli.ts capture stop                     # stop agent
bun run src/cli.ts capture restart                  # restart agent

bun run src/cli.ts alerts list                      # list alert rules
bun run src/cli.ts alerts toggle <id>               # enable/disable rule
bun run src/cli.ts alerts delete <id>               # delete rule

bun run src/cli.ts stats                            # traffic statistics
bun run src/cli.ts health                           # backend health check

bun run src/cli.ts config show                      # show CLI config
bun run src/cli.ts config set url http://host:8000  # change backend URL

TypeScript Client

import { RewindClient } from '@rewind/sdk';

const client = new RewindClient({ baseUrl: 'http://localhost:8000' });

const { sessions, total } = await client.sessions.list({ limit: 50 });
const { sessions: filtered } = await client.sessions.query('status >= 400');
const status = await client.capture.status();
const { rules } = await client.alerts.list();
const stats = await client.stats();

Configuration

Environment Variables

Create .env in services/backend-api/:

PORT=8000
MONGODB_URI=mongodb://localhost:27017/rewind
DATA_DIR=../capture-agent/output

# Email (optional)
EMAIL_ENABLED=true
EMAIL_SMTP_HOST=smtp.gmail.com
EMAIL_SMTP_PORT=587
EMAIL_SMTP_USER=your-email@gmail.com
EMAIL_SMTP_PASS=your-app-password
EMAIL_RECIPIENT=admin@example.com

# Slack (optional)
SLACK_WEBHOOK_URL=https://hooks.slack.com/services/...

# Discord (optional)
DISCORD_WEBHOOK_URL=https://discord.com/api/webhooks/...

FRONTEND_URL=http://localhost:5173

Capture Filters

Configure in services/capture-agent/config/config.yaml:

filters:
  host_patterns:
    - "api\\.example\\.com"
    - ".*\\.internal\\.net"
  uri_patterns:
    - "/api/.*"
    - "/health"

Documentation

Run docs locally:

cd docs && bun install && bun run dev

License

MIT - see LICENSE

About

A capture-first HTTP traffic analyzer that uses a C++ (PcapPlusPlus) agent for packet capture and a Bun + SvelteKit stack to visualize HTTP sessions and metrics in real time.

sreekarnv.github.io/rewind/

Topics

c-plus-plus typescript prometheus packet-capture bun pcapplusplus sveltekit elysiajs

Resources

Readme

License

MIT license
Activity

Stars

2 stars

Watchers

0 watching

Forks

0 forks
Report repository

Languages