Intercept & view all Java HTTP(S)
Mock endpoints or entire servers
Rewrite, redirect, or inject errors
(and anything else on the JVM)
HTTP Toolkit is a beautiful & open-source tool
for debugging, testing and building with HTTP(S)
on Windows, Linux & Mac.
Two ways to get started:
- Open a terminal via HTTP Toolkit
- Launch any JAR, Gradle/Maven task, or other JVM process from that terminal
- Instantly view, debug & rewrite all JVM HTTP(S) traffic
- Launch any local JVM process as normal
- Click 'Attach to JVM' in HTTP Toolkit, and pick your process
- Instantly view, debug & rewrite all JVM HTTP(S) traffic
- Java's HttpURLConnection
- Java 11's HttpClient
- Apache HttpClient
- Apache HttpAsyncClient
- Spring WebClient
(and anything else that supports HTTP(S) proxies)
Join 265,000 happy developers:
@pimterry You made my day with httptoolkit.tech
Wow. I switched from AdvancedRestCient and mitmproxy to @HttpToolkit and my life has just changed. I'm noticing additional traffic from my printer I didn't notice with mitmproxy. The configuration is also much more easier to achieve. I've never been a fan of Postman or Insomnia.
I just tried @HttpToolkit after used charles.
Wow! Less than 5 minutes to make my Ubuntu intercept https traffic from my smartphone. Fast and simple!
And it's open source !
I've been using this for the past year and it is amazing!
HTTP toolkit is a must-have for every single developer tool box.
@HttpToolkit Just tested it. Works like a charm! Thank you so much!
HTTP Toolkit is a nice looking and intuitive tool to intercept, view, and debug HTTP(S) endpoints...
During the preparation of this article, HTTP Toolkit has been the tool working best out of the box — no configuration was necessary.
If you ever want to easily look at what api calls your non-browser process is making, then httptoolkit.tech is really effective and trivial to setup. Saved me a lot of time, a very neat tool.
what an awesome tool!!
Dude your tool is #@!%*€& amazing thank you so much!
Working with @erkang to get past an unexpected API response uploading #jupiterone security policies to #confluence for our customers. Bumped into httptoolkit.tech amazed how it just worked to trace HTTP from any Terminal.app sub-process!
Stumbled upon a nice find - it's an open source alternative software to the likes of Burp Suite etc. Very handy and neatly done, have a look: httptoolkit.tech @HttpToolkit @pimterry
HTTP Toolkit provides automatically targeted interception for specific clients, including HTTPS setup, rather than intercepting everything from your entire computer, and so avoids capturing irrelevant traffic or disrupting other applications.
@httptoolkit is one of the most useful debugging tools EVER! You can intercept all HTTPS requests AND responses and MOCK responses! So FUDGING valuable!
So excited to see this tool develop and just submitted a software request to my company!
@forrestbrazeal I’m always impressed at the thought that went into it when I fire up @HttpToolkit
Awesome tool! Really makes your life easier than having to intercept with Charles.
@HttpToolkit Thank you for your quick response! I really like your tool and will recommend it to anyone inspecting the privacy issues of websites :)
Great tool for debugging and mocking HTTP requests httptoolkit.tech #debugging #softwaredevelopment
Where I had trouble getting Fiddler to recognize calls made from my terminal, HTTP Toolkit just worked immediately.
When it comes to flutter app penetration testing it's a nightmare for me. But today I found an awesome tool #HttpToolkit which helps to inspect flutter app traffic with a seamless connection. Thank you @HttpToolkit.
Amazing tool! Super simple to setup, and just works.
I love @pimterry's @HttpToolkit so damn much, it's the only thing that let me intercept Android apps' requests, and did it with just two clicks.
I'm just stunned, fantastic work.
Excellent open-source HTTP debugging! httptoolkit.tech @HttpToolkit
OK, confirmed by @HttpToolkit (which is ace BTW!), Chrome (stable) is not making HTTP requests to my endpoint for NEL and there's no way to debug it...unless someone knows something I don't.
Tried out @HttpToolkit to custom map some requests on Android. Very impressed with it, good UI and the automatic certificate setup with emulator is great
Your tool is way better than Charles
Editing requests on the go without doing any extra work is just amazing.
...super helpful for debugging, testing, and quick API prototyping
Capture HTTP(S) with zero setup
Automatic setup for targeted interception of HTTP & HTTPS from most clients, including:
- Desktop browsers like Chrome, Edge, Brave & Firefox
- Android applications and browsers
- Backend & scripting languages, like Node.js, Python, Java & Ruby
- Docker containers, and almost all terminal or Electron-based applications
- More coming soon, all powered by your feedback
For platforms without automatic setup, HTTP Toolkit can be used as an HTTP(S) proxy, compatible with HTTP requests from any language or tool.
Explore, search & examine HTTP
Skim through traffic with highlighting by content type, status & source, or use powerful filtering tools to precisely match the messages that matter to you.
Examine the URL, status, headers & body of each request or response, with inline explanations & docs from MDN.
Dig into message bodies with highlighting & autoformatting for JSON, HTML, JS, hex and others, all using the power of Monaco, the editor from Visual Studio Code.
Pause & edit live HTTP traffic
Precisely match requests, jump to them when they appear, and edit anything: the target URL, method, headers or body.
Manually respond directly to requests as they arrive, or pass them upstream, and pause & edit the real response on the way back.
Step through HTTP traffic request by request, or manually mock endpoints and errors.
Test with fully automated mock responses Pro
Create rules to match requests and respond with your own content, to quickly prototype against new endpoints or services.
Define new endpoints, override existing ones, or replace external services, to reproduce tricky edge cases and test your error handling.
Import & export your mock rulesets, to build complex setups and share them with your team.
Inject request timeouts, simulate connection failures, and silently redirect requests from one server to another.Pro
Precise matching lets you target the requests you care about. Match any requests sent anywhere by using HTTP Toolkit as a proxy, send requests directly to use it as a mock server.
And there's more to come too!
Future plans include security analysis & metrics, session-wide performance graphs & analysis, HTTP client tooling, scripting integrations & more...
Sound good? ,
or download now below.