35 repository-uri
Tools for inspecting, modifying, and analyzing HTTP/HTTPS traffic.
Explore 35 awesome GitHub repositories matching part of an awesome list · HTTP Traffic Analysis. Refine with filters or upvote what's useful.
Goreplay is an HTTP traffic mirroring tool designed to capture live network traffic from production environments and replay it into test systems for validation. It includes a specialized Kubernetes traffic capturer that operates as a daemonset to mirror traffic from specific pods using label selectors and namespace filters, alongside a TCP traffic recorder for intercepting raw network packets. The project features a Kafka traffic pipeline for streaming captured payloads to topics or ingesting messages for playback, and an HTTP request transformer to mask sensitive data or rewrite headers and
Selects a percentage of traffic for replay based on a hash of HTTP headers to reduce volume.
React Native Debugger is a standalone developer application for inspecting and debugging JavaScript runtimes in mobile applications built with React Native. It provides a dedicated interface to monitor the runtime state, network requests, and console logs of a remote mobile environment. The tool integrates specialized inspectors for Redux state management and GraphQL client debugging, allowing for time-traveling state transitions and the analysis of queries, mutations, and local cache. It also features a component hierarchy viewer for visualizing and modifying UI properties in real time. Bro
Monitors and analyzes HTTP requests and responses using integrated browser-based developer tools.
ModSecurity is an open-source web application firewall and security engine. It functions as an HTTP traffic inspector and intrusion detection system that filters incoming web requests and responses against a set of security rules to block threats and prevent attacks on web servers. The project provides a modular framework for implementing restrictive security policies and custom filtering logic. It identifies and blocks common injection attacks, such as cross-site scripting and SQL injection, while hardening web applications to reduce their overall attack surface. Its broader capabilities in
Captures detailed HTTP transaction records for forensic analysis and vulnerability identification without blocking requests.
AnyProxy is an HTTP/HTTPS proxy framework built on Node.js that intercepts and modifies traffic through a plugin system. It functions as a configurable proxy server where user-defined plugins inspect or alter requests and responses as they pass through the proxy. The framework distinguishes itself through a middleware stack that processes requests sequentially, enabling modular traffic transformation and logging. It handles HTTPS interception by dynamically generating and installing root certificates for transparent decryption, and routes traffic based on configurable rules matching request p
Captures and inspects HTTP and HTTPS requests and responses passing through a proxy for analysis or modification.
spy-debugger is an HTTP proxy debugging tool designed for intercepting and analyzing network traffic from mobile devices, WebViews, and mobile browsers. It functions as a network packet capture tool and a remote browser inspector, allowing users to monitor HTTP and HTTPS requests wirelessly without the need for USB cables. The project distinguishes itself by using script injection to enable remote debugging. It injects JavaScript into HTTP response bodies, providing the ability to inspect HTML and CSS elements and perform live page content editing directly on the mobile screen. Additionally,
Intercepts and analyzes HTTP and HTTPS network requests from mobile devices to debug API calls.
Proxyman is a cross-platform HTTP debugging proxy that captures, inspects, and modifies HTTP, HTTPS, and WebSocket traffic. It functions as a man-in-the-middle proxy, decrypting SSL/TLS traffic to allow real-time inspection and modification of encrypted requests and responses. The tool is designed for debugging web and mobile applications, with capabilities for API mocking and simulation, scriptable traffic modification, and team collaboration on network logs. What distinguishes Proxyman is its deep integration with mobile and cross-platform development workflows. It provides automated certif
Captures all HTTP/HTTPS traffic from iOS devices via VPN and MITM proxy for inspection.
Symfony Translation is a PHP library and framework component for internationalizing applications. It provides a complete system for managing message catalogs, handling locale-aware string translation, and formatting messages using ICU MessageFormat syntax to support pluralization, gender, and conditional selection. The component organizes translatable strings into named domains, supports key-based lookup that decouples source text from localized versions, and offers deferred rendering through translatable objects that store parameters and render only when output is needed. The library disting
Ships a base URI merging mechanism for HTTP clients to avoid repeating common URL prefixes.
Captures and inspects HTTP traffic from browsers and desktop apps for debugging and analysis.
Suricata is an open-source network intrusion detection and prevention engine that analyzes live network traffic in real-time to identify and alert on malicious activity. It operates as a rule-based threat detection system, matching traffic against user-defined signatures to detect known attack patterns and policy violations, and can be placed inline to actively block malicious packets before they reach their target. The engine inspects a wide range of application-layer protocols including HTTP, DNS, TLS, SMB, and MQTT, and supports high-performance packet capture through specialized hardware a
Matches individual parts of the HTTP URI, such as path, query string, or hostname, for threat detection.
Reqable is a cross-platform network debugging tool that functions as an HTTP/HTTPS debugging proxy, a REST API client, and a traffic replay tool. It captures, inspects, and modifies live traffic using a local MITM proxy engine, supports VPN tunnel capture for mobile devices, and provides a Python scripting sandbox for custom traffic processing. The application is available on Windows, macOS, Linux, iOS, and Android. The tool distinguishes itself by combining traffic interception with breakpoint-based request modification, allowing users to pause live HTTP traffic for manual inspection and alt
Inspects and modifies live HTTP/HTTPS traffic with breakpoints, rewrites, and Python scripting.
PonyDebugger este o suită de instrumente de debugging specifice iOS care oferă interfețe web pentru inspecția rețelei, navigarea datelor, streaming-ul de log-uri și analiza ierarhiei de view-uri. Permite examinarea de la distanță a unei aplicații iOS care rulează, printr-un browser. Proiectul se integrează cu protocolul Chrome DevTools pentru a aduce capabilități de inspecție și proxying a traficului de rețea în aplicațiile iOS native. De asemenea, oferă o interfață web read-only pentru navigarea obiectelor gestionate și a entităților de date locale stocate pe dispozitiv. Capabilitățile suplimentare includ o consolă de logging la distanță pentru streaming-ul de text și dump-uri de obiecte fără a utiliza breakpoint-uri, precum și un inspector de ierarhie de view-uri pentru examinarea și modificarea arborelui de elemente vizuale în timp real. Aceste funcții sunt susținute de un server gateway care stabilește comunicarea între dispozitivul mobil și browser-ul dezvoltatorului.
Acts as a gateway server to capture and display HTTP requests from iOS applications for analysis.
w3af is a web penetration testing suite and security audit framework designed to identify and exploit vulnerabilities in web applications. It functions as a vulnerability scanner that crawls targets to find injection points and a fuzzer used to discover hidden endpoints and test input validation. The project distinguishes itself by providing an intercepting HTTP proxy for capturing and modifying traffic, combined with a knowledge-base driven exploitation system. It enables the execution of security exploits to gain remote shell access and supports post-exploitation activities, such as routing
Inspects and compares HTTP requests and responses and allows manual requests to test server behavior.
Bagel este un sistem nativ de debugging și inspecție a rețelei conceput pentru a captura și monitoriza traficul HTTP din simulatoarele iOS și hardware-ul fizic. Funcționează ca un inspector de trafic HTTP și monitor bazat pe dispozitiv care organizează cererile de rețea capturate pe proiect și dispozitiv. Instrumentul permite interceptarea cererilor de rețea direct în sistemul de operare, eliminând necesitatea configurațiilor manuale de proxy sau instalarea de certificate de securitate custom. Oferă capabilități pentru analiza traficului mobil și debugging-ul rețelei, inclusiv posibilitatea de a grupa cererile interceptate în bucket-uri logice de proiect și de a segmenta log-urile după identificatori unici de dispozitiv.
Captures HTTP/HTTPS traffic from iOS apps without requiring proxy configuration or certificate installation.
Acest proiect este un parser DOM HTML și XML conceput pentru încărcarea și navigarea structurii documentelor web în scopul extragerii unor puncte de date specifice. Acesta funcționează ca un utilitar de web scraping care oferă un sistem pentru localizarea elementelor precise folosind un motor de selectori CSS și XPath. Biblioteca include un resolver URI care convertește linkurile relative găsite în documente în adrese absolute folosind un URI de bază. Oferă un set de instrumente pentru preluarea textului, atributelor și surselor media din conținutul parsat. Setul de instrumente acoperă traversarea ierarhiei documentului, filtrarea bazată pe selectori și extragerea textului cu normalizarea spațiilor albe. Suportă procesarea programatică a structurilor XML și verificarea prezenței elementelor în paginile web.
Calculates absolute addresses by merging relative link attributes with a provided base URI.
htrace.sh is a command-line diagnostic suite designed for profiling web traffic, auditing security configurations, and analyzing network connectivity for remote endpoints. It functions as a shell-based orchestration tool that wraps standard system utilities to perform modular diagnostic tasks and infrastructure analysis. The tool distinguishes itself by providing a unified interface for both HTTP request debugging and automated security scanning. Users can customize request parameters, including headers, methods, and proxy settings, to simulate specific client behaviors. It further automates
Examines response headers, body content, and connection parameters to troubleshoot web traffic.
BloodHound is an identity risk management platform and graph-based attack path analyzer used to map identity relationships and permissions in Active Directory. It functions as a security tool for auditing directory services, uncovering unintended privilege relationships, and visualizing sequences of permissions that can lead to domain compromise. The project differentiates itself as a comprehensive adversary emulation framework that coordinates remote agents and executes post-exploitation commands. It includes a reverse proxy for bypassing multi-factor authentication via real-time session hij
Inspects web communication over the QUIC protocol to identify and prevent attacks.
Turbo Intruder is a Burp Suite extension for sending large numbers of HTTP requests and analyzing the results.
High-speed request sender for large-scale analysis.
This Burp Suite extension automatically detects and exploits HTTP Request Smuggling vulnerabilities using advanced desynchronization techniques developed by PortSwigger researcher James Kettle. It supports comprehensive scanning for HTTP/1.1 and HTTP/2-downgrade desync vulnerabilities,…
Tool for launching HTTP Request Smuggling attacks.
Automated HTTP Request Repeating With Burp Suite
Automates HTTP request repeating based on defined rules.
API快速索引 :
Handles basic processing of HTTP requests and responses.