35 个仓库
Tools for inspecting, modifying, and analyzing HTTP/HTTPS traffic.
Explore 35 awesome GitHub repositories matching part of an awesome list · HTTP Traffic Analysis. Refine with filters or upvote what's useful.
Goreplay is an HTTP traffic mirroring tool designed to capture live network traffic from production environments and replay it into test systems for validation. It includes a specialized Kubernetes traffic capturer that operates as a daemonset to mirror traffic from specific pods using label selectors and namespace filters, alongside a TCP traffic recorder for intercepting raw network packets. The project features a Kafka traffic pipeline for streaming captured payloads to topics or ingesting messages for playback, and an HTTP request transformer to mask sensitive data or rewrite headers and
Selects a percentage of traffic for replay based on a hash of HTTP headers to reduce volume.
React Native Debugger is a standalone developer application for inspecting and debugging JavaScript runtimes in mobile applications built with React Native. It provides a dedicated interface to monitor the runtime state, network requests, and console logs of a remote mobile environment. The tool integrates specialized inspectors for Redux state management and GraphQL client debugging, allowing for time-traveling state transitions and the analysis of queries, mutations, and local cache. It also features a component hierarchy viewer for visualizing and modifying UI properties in real time. Bro
Monitors and analyzes HTTP requests and responses using integrated browser-based developer tools.
ModSecurity is an open-source web application firewall and security engine. It functions as an HTTP traffic inspector and intrusion detection system that filters incoming web requests and responses against a set of security rules to block threats and prevent attacks on web servers. The project provides a modular framework for implementing restrictive security policies and custom filtering logic. It identifies and blocks common injection attacks, such as cross-site scripting and SQL injection, while hardening web applications to reduce their overall attack surface. Its broader capabilities in
Captures detailed HTTP transaction records for forensic analysis and vulnerability identification without blocking requests.
AnyProxy is an HTTP/HTTPS proxy framework built on Node.js that intercepts and modifies traffic through a plugin system. It functions as a configurable proxy server where user-defined plugins inspect or alter requests and responses as they pass through the proxy. The framework distinguishes itself through a middleware stack that processes requests sequentially, enabling modular traffic transformation and logging. It handles HTTPS interception by dynamically generating and installing root certificates for transparent decryption, and routes traffic based on configurable rules matching request p
Captures and inspects HTTP and HTTPS requests and responses passing through a proxy for analysis or modification.
spy-debugger is an HTTP proxy debugging tool designed for intercepting and analyzing network traffic from mobile devices, WebViews, and mobile browsers. It functions as a network packet capture tool and a remote browser inspector, allowing users to monitor HTTP and HTTPS requests wirelessly without the need for USB cables. The project distinguishes itself by using script injection to enable remote debugging. It injects JavaScript into HTTP response bodies, providing the ability to inspect HTML and CSS elements and perform live page content editing directly on the mobile screen. Additionally,
Intercepts and analyzes HTTP and HTTPS network requests from mobile devices to debug API calls.
Proxyman is a cross-platform HTTP debugging proxy that captures, inspects, and modifies HTTP, HTTPS, and WebSocket traffic. It functions as a man-in-the-middle proxy, decrypting SSL/TLS traffic to allow real-time inspection and modification of encrypted requests and responses. The tool is designed for debugging web and mobile applications, with capabilities for API mocking and simulation, scriptable traffic modification, and team collaboration on network logs. What distinguishes Proxyman is its deep integration with mobile and cross-platform development workflows. It provides automated certif
Captures all HTTP/HTTPS traffic from iOS devices via VPN and MITM proxy for inspection.
Symfony Translation is a PHP library and framework component for internationalizing applications. It provides a complete system for managing message catalogs, handling locale-aware string translation, and formatting messages using ICU MessageFormat syntax to support pluralization, gender, and conditional selection. The component organizes translatable strings into named domains, supports key-based lookup that decouples source text from localized versions, and offers deferred rendering through translatable objects that store parameters and render only when output is needed. The library disting
Ships a base URI merging mechanism for HTTP clients to avoid repeating common URL prefixes.
Captures and inspects HTTP traffic from browsers and desktop apps for debugging and analysis.
Suricata is an open-source network intrusion detection and prevention engine that analyzes live network traffic in real-time to identify and alert on malicious activity. It operates as a rule-based threat detection system, matching traffic against user-defined signatures to detect known attack patterns and policy violations, and can be placed inline to actively block malicious packets before they reach their target. The engine inspects a wide range of application-layer protocols including HTTP, DNS, TLS, SMB, and MQTT, and supports high-performance packet capture through specialized hardware a
Matches individual parts of the HTTP URI, such as path, query string, or hostname, for threat detection.
Reqable is a cross-platform network debugging tool that functions as an HTTP/HTTPS debugging proxy, a REST API client, and a traffic replay tool. It captures, inspects, and modifies live traffic using a local MITM proxy engine, supports VPN tunnel capture for mobile devices, and provides a Python scripting sandbox for custom traffic processing. The application is available on Windows, macOS, Linux, iOS, and Android. The tool distinguishes itself by combining traffic interception with breakpoint-based request modification, allowing users to pause live HTTP traffic for manual inspection and alt
Inspects and modifies live HTTP/HTTPS traffic with breakpoints, rewrites, and Python scripting.
PonyDebugger 是一套 iOS 专用调试工具,提供用于网络检查、数据浏览、日志流式传输和视图层级分析的 Web 界面。它支持通过浏览器远程检查正在运行的 iOS 应用程序。 该项目与 Chrome DevTools 协议集成,为原生 iOS 应用程序带来网络流量检查和代理功能。它还提供了一个只读的 Web 界面,用于浏览设备上存储的托管对象和本地数据实体。 其他功能包括用于流式传输文本和对象转储而无需使用断点的远程日志控制台,以及用于实时检查和修改视觉元素树的视图层级检查器。这些功能由在移动设备和开发者浏览器之间建立通信的网关服务器支持。
Acts as a gateway server to capture and display HTTP requests from iOS applications for analysis.
w3af is a web penetration testing suite and security audit framework designed to identify and exploit vulnerabilities in web applications. It functions as a vulnerability scanner that crawls targets to find injection points and a fuzzer used to discover hidden endpoints and test input validation. The project distinguishes itself by providing an intercepting HTTP proxy for capturing and modifying traffic, combined with a knowledge-base driven exploitation system. It enables the execution of security exploits to gain remote shell access and supports post-exploitation activities, such as routing
Inspects and compares HTTP requests and responses and allows manual requests to test server behavior.
Bagel 是一个原生的网络调试和检查系统,旨在捕获和监控来自 iOS 模拟器和物理硬件的 HTTP 流量。它作为一个 HTTP 流量检查器和基于设备的监控器,按项目和设备组织捕获的网络请求。 该工具支持直接在操作系统内拦截网络请求,无需手动配置代理或安装自定义安全证书。 它提供了移动流量分析和网络调试功能,包括将拦截的请求分组到逻辑项目桶中,并按唯一设备标识符对日志进行分段的能力。
Captures HTTP/HTTPS traffic from iOS apps without requiring proxy configuration or certificate installation.
这是一个 HTML 和 XML DOM 解析器,旨在加载和导航 Web 文档结构以提取特定数据点。它作为一个 Web 抓取实用程序,提供了一个使用 CSS 和 XPath 选择器引擎定位精确元素的系统。 该库包含一个 URI 解析器,可使用基础 URI 将文档中发现的相对链接转换为绝对地址。它提供了一套用于从解析内容中检索文本、属性和媒体源的工具。 该工具集涵盖文档层次结构遍历、基于选择器的过滤以及带有空白规范化的文本提取。它支持 XML 结构的程序化处理以及 Web 页面中元素存在的验证。
Calculates absolute addresses by merging relative link attributes with a provided base URI.
htrace.sh is a command-line diagnostic suite designed for profiling web traffic, auditing security configurations, and analyzing network connectivity for remote endpoints. It functions as a shell-based orchestration tool that wraps standard system utilities to perform modular diagnostic tasks and infrastructure analysis. The tool distinguishes itself by providing a unified interface for both HTTP request debugging and automated security scanning. Users can customize request parameters, including headers, methods, and proxy settings, to simulate specific client behaviors. It further automates
Examines response headers, body content, and connection parameters to troubleshoot web traffic.
BloodHound is an identity risk management platform and graph-based attack path analyzer used to map identity relationships and permissions in Active Directory. It functions as a security tool for auditing directory services, uncovering unintended privilege relationships, and visualizing sequences of permissions that can lead to domain compromise. The project differentiates itself as a comprehensive adversary emulation framework that coordinates remote agents and executes post-exploitation commands. It includes a reverse proxy for bypassing multi-factor authentication via real-time session hij
Inspects web communication over the QUIC protocol to identify and prevent attacks.
Turbo Intruder is a Burp Suite extension for sending large numbers of HTTP requests and analyzing the results.
High-speed request sender for large-scale analysis.
This Burp Suite extension automatically detects and exploits HTTP Request Smuggling vulnerabilities using advanced desynchronization techniques developed by PortSwigger researcher James Kettle. It supports comprehensive scanning for HTTP/1.1 and HTTP/2-downgrade desync vulnerabilities,…
Tool for launching HTTP Request Smuggling attacks.
Automated HTTP Request Repeating With Burp Suite
Automates HTTP request repeating based on defined rules.
API快速索引 :
Handles basic processing of HTTP requests and responses.