HTTP Toolkit is a beautiful & open-source tool
for debugging, testing and building with HTTP(S)
on Windows, Linux & Mac.
- Open a terminal or browser via HTTP Toolkit
- Start Node.js (or Deno, or Bun) from the terminal, or open a web page in the browser
- Instantly see, debug & rewrite all your HTTP traffic
- Node.js's Http & Https modules
- Fetch & Node-Fetch
- Spawned subprocesses
(and anything else that supports HTTP(S) proxies)
Join 399,000 happy developers:
Pro tip: If you want to debug @trpcio remote procedure calls in @reactjs server components, HTTP Toolkit is your best friend
Acabo de descubrir HTTP Toolkit y me flipa: httptoolkit.com. Una herramienta para interceptar, depurar, testear y simular con HTTP. Y además es de código abierto.
I love @pimterry's HTTP Toolkit so damn much, it's the only thing that let me intercept Android apps' requests, and did it with just two clicks.
I'm just stunned, fantastic work.
Great tool for debugging and mocking HTTP requests httptoolkit.com #debugging #softwaredevelopment
I've been using this for the past year and it is amazing!
HTTP toolkit is a must-have for every single developer tool box.
HTTP Toolkit is a powerful tool for examining HTTP traffic...
It's a versatile tool ideal for monitoring traffic and prototyping new endpoints or services.
When it comes to flutter app penetration testing it's a nightmare for me. But today I found an awesome tool HTTP Toolkit which helps to inspect flutter app traffic with a seamless connection. Thank you HTTP Toolkit
@pimterry knows what he is doing. Great code in HTTP toolkit.
If you ever want to easily look at what api calls your non-browser process is making, then httptoolkit.com is really effective and trivial to setup. Saved me a lot of time, a very neat tool.
what an awesome tool!!
Dude your tool is #@!%*€& amazing thank you so much!
HTTP Toolkit is a nice looking and intuitive tool to intercept, view, and debug HTTP(S) endpoints...
During the preparation of this article, HTTP Toolkit has been the tool working best out of the box — no configuration was necessary.
HTTP Toolkit is one of the most useful debugging tools EVER! You can intercept all HTTPS requests AND responses and MOCK responses! So FUDGING valuable!
So excited to see this tool develop and just submitted a software request to my company!
Working with @erkang to get past an unexpected API response uploading #jupiterone security policies to #confluence for our customers. Bumped into httptoolkit.com amazed how it just worked to trace HTTP from any Terminal.app sub-process!
Just tested it. Works like a charm! Thank you so much!
Man I have no idea how I built web apps before HTTP Toolkit. If you haven't gotten it yet get it now! Being able to intercept ALL outgoing requests (including pre-flight OPTIONS for CORS reqs!!) is v v handy
Awesome tool! Really makes your life easier than having to intercept with Charles.
HTTP Toolkit provides automatically targeted interception for specific clients, including HTTPS setup, rather than intercepting everything from your entire computer, and so avoids capturing irrelevant traffic or disrupting other applications.
HTTP Toolkit is a must-have for developers and security enthusiasts! With its user-friendly interface, it lets you intercept, inspect, and manipulate HTTP(S) traffic effortlessly.
OK, confirmed by HTTP Toolkit (which is ace BTW!), Chrome (stable) is not making HTTP requests to my endpoint...
Wow. I switched from AdvancedRestCient and mitmproxy to HTTP Toolkit and my life has just changed. I'm noticing additional traffic from my printer I didn't notice with mitmproxy. The configuration is also much more easier to achieve. I've never been a fan of Postman or Insomnia.
I'm always impressed at the thought that went into it when I fire up HTTP Toolkit
I just tried HTTP Toolkit after used charles.
Wow! Less than 5 minutes to make my Ubuntu intercept https traffic from my smartphone. Fast and simple!
And it's open source !
Amazing tool! Super simple to setup, and just works.
This overview of HTTP Toolkit barely scratches the surface of what it can do for you...
If you're a tester or developer who has to check these kinds of applications or services, HTTP Toolkit is a valuable tool to have around.
Stumbled upon a nice find - it's an open source alternative software to the likes of Burp Suite etc. Very handy and neatly done, have a look: httptoolkit.com
Tried out HTTP Toolkit to custom map some requests on Android. Very impressed with it, good UI and the automatic certificate setup with emulator is great
Excellent open-source HTTP debugging! httptoolkit.com
I like HTTP Toolkit's integration with @OpenApiSpec! Nifty little feature that overlays OpenAPI documentation over a Postman like experience.
Your tool is way better than Charles
Editing requests on the go without doing any extra work is just amazing.
Where I had trouble getting Fiddler to recognize calls made from my terminal, HTTP Toolkit just worked immediately.
Thank you for your quick response! I really like your tool and will recommend it to anyone inspecting the privacy issues of websites :)
I use HTTP Toolkit, it's really nice.
Oh that's really nice, love how you can intercept an individual browser window. So long mitmproxy!
Recently I came across this amazing tool named HTTP Toolkit for reverse engineering one of my Android App. This tool helps you to intercept and view all your https by connecting with ADB and by providing a user friendly GUI.
...I highly recommend HTTP Toolkit - they have most of the setup automated and really nice docs
...super helpful for debugging, testing, and quick API prototyping
Wow httptoolkit.com is one of the best development tools I've seen in a while.
If you need to inspect HTTP traffic from (say) Node.js app, try HTTP Toolkit. No need to mess with proxy settings or self-signed certificates, just start a "Fresh Terminal" and start your app. Works like a charm
You made my day with httptoolkit.com
HTTP Toolkit's Github is so delightful, it explain each of the component clearly and they open source all of the codes. Can't wait to test it!
Must have tool for android pentest!!
I've had really good experience with Http Toolkit as a proxy. Very user friendly. QA loves it for Android
Even better than having multiple options to collect HTTP traffic is how dead-simple it is to begin accumulating valuable data from your applications and services.
Capture HTTP(S) with zero setup
Automatic setup for targeted interception of HTTP & HTTPS from most clients, including:
- Desktop browsers like Chrome, Edge, Brave & Firefox
- Android applications and browsers
- Backend & scripting languages, like Node.js, Python, Java & Ruby
- Docker containers, and almost all terminal or Electron-based applications
- More coming soon, all powered by your feedback
For platforms without automatic setup, HTTP Toolkit can be used as an HTTP(S) proxy, compatible with HTTP requests from any language or tool.
Explore, search & examine HTTP
Skim through traffic with highlighting by content type, status & source, or use powerful filtering tools to precisely match the messages that matter to you.
Examine the URL, status, headers & body of each request or response, with inline explanations & docs from MDN.
Dig into message bodies with highlighting & autoformatting for JSON, HTML, JS, hex and others, all using the power of Monaco, the editor from Visual Studio Code.
Pause & edit live HTTP traffic
Precisely match requests, jump to them when they appear, and edit anything: the target URL, method, headers or body.
Manually respond directly to requests as they arrive, or pass them upstream, and pause & edit the real response on the way back.
Step through HTTP traffic request by request, or manually mock endpoints and errors.
Test with fully automated mock responses Pro
Create rules to match requests and respond with your own content, to quickly prototype against new endpoints or services.
Define new endpoints, override existing ones, or replace external services, to reproduce tricky edge cases and test your error handling.
Import & export your mock rulesets, to build complex setups and share them with your team.
Inject request timeouts, simulate connection failures, and silently redirect requests from one server to another.Pro
Precise matching lets you target the requests you care about. Match any requests sent anywhere by using HTTP Toolkit as a proxy, send requests directly to use it as a mock server.
And there's more to come too!
Future plans include security analysis & metrics, session-wide performance graphs & analysis, HTTP client tooling, scripting integrations & more...
Sound good? ,
or download now below.