├── .github
└── ISSUE_TEMPLATE
│ ├── bug.yml
│ ├── config.yml
│ └── feedback.md
├── README.md
├── SECURITY.md
└── demo.apng
/.github/ISSUE_TEMPLATE/bug.yml:
--------------------------------------------------------------------------------
1 | name: "🐛 Bug report"
2 | description: "Report a bug. Please provide enough information that we can reproduce the problem."
3 | title: "[Bug]: "
4 | labels: ["bug"]
5 | body:
6 | - type: markdown
7 | attributes:
8 | value: >
9 | Thanks for taking the time to report bugs! Your feedback is a really important part of
10 | maintaining and improving HTTP Toolkit.
11 |
12 |
13 | ---
14 | - type: checkboxes
15 | attributes:
16 | label: Has this been reported before?
17 | description: >
18 | **Please do a quick search of the existing issues first [here](https://github.com/httptoolkit/httptoolkit/issues?q=is%3Aissue)**.
19 | Somebody may have reported this bug before, and may have even shared a solution already, in which case you'll be
20 | able to fix your problem instantly.
21 | options:
22 | - label: I have checked for existing reports of this issue
23 | required: true
24 | - type: textarea
25 | attributes:
26 | label: Repro steps
27 | description: |
28 | What were you doing when this bug happened? Detailed information helps maintainers reproduce and fix bugs.
29 | placeholder: |
30 | Example bug report:
31 | 1. Open the desktop app
32 | 2. Click 'Existing Terminal' on the Intercept page
33 | 3. An error appears: "HTTP Toolkit crashed"
34 | validations:
35 | required: true
36 | - type: dropdown
37 | attributes:
38 | label: How often does this bug happen?
39 | description: |
40 | Following the repro steps above, how easily are you able to reproduce this bug?
41 | options:
42 | - Every time
43 | - Often
44 | - Sometimes
45 | - Only once
46 | validations:
47 | required: true
48 | - type: input
49 | attributes:
50 | label: The desktop OS you're using
51 | description: |
52 | The operating system type and version you're using on your computer when you hit this bug:
53 | placeholder: |
54 | e.g. Windows 10, MacOS 12, or Ubuntu 22.04
55 | validations:
56 | required: true
57 | - type: textarea
58 | attributes:
59 | label: Details of other apps/devices
60 | description: |
61 | If the issue involves another device or application, please share the details of those:
62 | placeholder: |
63 | For example:
64 | - Using an iPhone 7 with iOS 15.6
65 | - Using the Android app "My Example App"
66 | - Intercepting Java v8
67 | - Intercepting Chrome v100 visiting website https://example.com
68 | - type: textarea
69 | attributes:
70 | label: Error screenshot
71 | description: |
72 | If there are any errors shown, please attach them here:
73 | placeholder: |
74 | To attach a file to this issue, drag it onto this field, paste an image, or select this field and click the bar at the bottom.
75 | - type: textarea
76 | attributes:
77 | label: Any other info?
78 | description: |
79 | If you have any other details that might help us reproduce the issue and fix it, please add them here:
80 |
--------------------------------------------------------------------------------
/.github/ISSUE_TEMPLATE/config.yml:
--------------------------------------------------------------------------------
1 | blank_issues_enabled: false
2 | contact_links:
3 | - name: 🆘 Looking for help?
4 | url: https://stackoverflow.com/questions/ask?tags=http-toolkit
5 | about: |
6 | This issue tracker is for user feedback, like feature suggestions and bug reports.
7 |
8 | If you're looking for support using HTTP Toolkit, click here to post a question on Stack Overflow under the "http-toolkit" tag.
9 | - name: 🗳️ Vote on existing issues
10 | url: https://github.com/httptoolkit/httptoolkit/issues?q=is%3Aissue+is%3Aopen+sort%3Areactions-%2B1-desc
11 | about: |
12 | Click here to explore and vote on the existing feature suggestions, to help decide where HTTP Toolkit goes next.
--------------------------------------------------------------------------------
/.github/ISSUE_TEMPLATE/feedback.md:
--------------------------------------------------------------------------------
1 | ---
2 | name: "💡 Feature suggestion"
3 | about: Have an idea for how HTTP Toolkit could be better? Suggest it here.
4 | ---
5 |
6 | <!--
7 |
8 | Feedback is amazing! Please share your ideas for how HTTP Toolkit could improve here.
9 |
10 | That said, please do have a quick search of the existing issues first (https://github.com/httptoolkit/feedback/issues),
11 | to check if somebody else has already reported the same thing. Thanks!
12 |
13 | -->
14 |
15 |
16 |
17 |
18 |
19 |
20 | <!-- Please leave the below included in your issue -->
21 | ---
22 |
23 | _Does this affect you too? Click below and add a :+1: to vote for this and help decide where HTTP Toolkit goes next, or [go vote on the other most popular ideas so far](https://github.com/httptoolkit/feedback/issues?q=is%3Aissue+is%3Aopen+sort%3Areactions-%2B1-desc)._
24 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # HTTP Toolkit
2 | [](https://github.com/httptoolkit/) [](https://github.com/httptoolkit/httptoolkit-desktop/releases/latest) [](https://github.com/httptoolkit/) [](https://twitter.com/httptoolkit/) [](https://mastodon.social/@httptoolkit/)
3 |
4 | [](https://httptoolkit.com/get-pro/) [](https://www.ngi.eu/funded_solution/ngi-pointer-project-36) [](https://nlnet.nl/project/AppInterception/)
5 |
6 |
7 | [HTTP Toolkit](https://httptoolkit.com/) is an open-source tool for debugging, testing and building with HTTP(S) on Windows, Linux & Mac.
8 |
9 | You can use it to intercept, inspect & rewrite HTTP(S) traffic, from everything to anywhere. Explore Android app traffic, mock requests between your microservices, and x-ray your browser traffic to debug, understand and test anything.
10 |
11 | ---
12 |
13 | <p align="center">
14 | :arrow_right: <strong>Find out more and try it out now at <a href="https://httptoolkit.com">httptoolkit.com</a></strong> :arrow_left:
15 | </p>
16 |
17 | <p align="center">
18 | Want to give feedback, report bugs, or get help? <a href="https://github.com/httptoolkit/httptoolkit/issues/new/choose">File an issue</a>.
19 | </p>
20 |
21 | <p align="center">
22 | Want to contribute to HTTP Toolkit's development yourself? <a href="https://github.com/httptoolkit/httptoolkit/#contributing-directly">Dive in</a>.
23 | </p>
24 |
25 | ---
26 |
27 | ## Features
28 |
29 | With HTTP Toolkit, you can:
30 |
31 | * Instantly intercept browsers, most backend & scripting languages (from Node.js to PHP), Android devices, Electron apps and more with **one-click setup**.
32 | * Collect interesting traffic without intercepting everything on your whole machine, so there's no extra noise and no side-effects - **just the traffic you care about**.
33 | * Inspect the full headers & body for every request & response from every client, to immediately see what's really being sent & received on the wire.
34 | * **Easily understand collected HTTP traffic**, with inline documentation for all standard headers & response statuses, plus body decoding, highlighting, folding, and other niceties, powered by the same internals as Visual Studio Code.
35 | * **Send HTTP requests**, with a fully featured HTTP client to send your own custom requests, or resend (and tweak) requests intercepted from other clients
36 | * Quickly find the data you care about, with exchanges highlighted by the type of client and tagged by category (images, JSON responses, errors), and free-text & structured filtering across all request & response data.
37 | * Breakpoint live requests or responses, to **rewrite HTTP traffic on the fly**.
38 | * **Mock endpoints or servers**, with flexible rule configurations to match and handle requests automatically, to send responses, inject failures & timeouts, or transparently redirect requests elsewhere.
39 | * Intercept _any_ HTTP traffic: **HTTP Toolkit is a transparent HTTP proxy**, and can intercept plain HTTP, encrypted HTTPS, WebSockets, HTTP/2, proxy requests, direct requests, manually redirected packets, you name it, all on one port.
40 |
41 | [](https://httptoolkit.com)
42 |
43 | ---
44 |
45 | <p align="center">
46 | :arrow_right: Find out more and try it out now at <strong><a href="https://httptoolkit.com">httptoolkit.com</a></strong> :arrow_left:
47 | </p>
48 |
49 | ---
50 |
51 | ## Send your feedback
52 |
53 | HTTP Toolkit is driven by its community of users and their feedback. Have some ideas, problems or questions about HTTP Toolkit? **[Post an issue](https://github.com/httptoolkit/httptoolkit/issues/new/choose) in this repo**. If that's too public, you can also [send a message directly](https://httptoolkit.com/contact).
54 |
55 | Would you like to help design the perfect HTTP debugging tool? Take a look through [the open issues](https://github.com/httptoolkit/httptoolkit/issues?q=is%3Aissue+is%3Aopen+sort%3Areactions-%2B1-desc), and add a :+1: on topics you care about to prioritize them.
56 |
57 | ## Contributing directly
58 |
59 | Want to go further, to build & contribute the HTTP Toolkit features & fixes you're looking for yourself? HTTP Toolkit is 100% open source, so you can help shape it directly! **All contributors get free HTTP Toolkit Pro** (more background on this [over here](https://httptoolkit.com/blog/free-as-in-beer)).
60 |
61 | That includes code contributions, but documentation improvements, article & blog posts elsewhere about the project, bug & security reports, and anything else that helps drive HTTP Toolkit forwards. The goal is to reward anything that helps drive HTTP Toolkit development or bring it to new people. To claim your Pro account, [get in touch](https://httptoolkit.com/contact) once you've made your contribution, with the email you'd like associated with your account. Feel free to get in touch with any other questions about this too.
62 |
63 | ### Where to start
64 |
65 | This [github organization](https://github.com/httptoolkit) contains the entire project.
66 |
67 | Yes, even the account management servers, even the paid features, _everything_. All of that is open source, licensed as a mixture of copyleft AGPL (for the HTTP Toolkit-specific components, ensuring all direct derivative projects are open-source too) and permissive Apache-2/MIT licenses (for all the general-purpose reusable libraries).
68 |
69 | The main repos you might be interested in are:
70 |
71 | * [HTTP Toolkit Website](https://github.com/httptoolkit/httptoolkit-website) - the source for [the website](https://httptoolkit.com), including the marketing pages, the blog, and the docs.
72 | * [HTTP Toolkit UI](https://github.com/httptoolkit/httptoolkit-ui) - the core of the product, a TypeScript + React app that powers most of the functionality you use, except for things that can't be done in a web page (i.e. starting a proxy, and setting up client interception).
73 | * [HTTP Toolkit Server](https://github.com/httptoolkit/httptoolkit-server) - the backend of the product, a TypeScript + node.js server that does the things the UI can't do: starting a proxy, and setting up client interception.
74 | * [Mockttp](https://github.com/httptoolkit/mockttp) - the HTTP(S) proxy itself, and all low-level logic around that, as a standalone TypeScript library. Used in HTTP Toolkit for traffic interception, but also usable standalone as a testing tool, or as a programmatically controllable intercepting HTTP(S) proxy.
75 | * [HTTP Toolkit for Android](https://github.com/httptoolkit/httptoolkit-android) - the Android app, a native Kotlin + Java app that manages certificate trust & enforces HTTP interception on Android devices.
76 | * [HTTP Toolkit Desktop](https://github.com/httptoolkit/httptoolkit-desktop) - a TypeScript + Electron wrapper, which combines the UI & the server and builds convenient per-platform installers.
77 |
78 | Each repo has its own readme explaining how to get set up and outlining how the component works. Check out the issues in this repo for ideas, feel free to [ask questions](https://httptoolkit.com/contact), and dive in!
79 |
--------------------------------------------------------------------------------
/SECURITY.md:
--------------------------------------------------------------------------------
1 | # HTTP Toolkit Security/Incident Reporting Procedure
2 |
3 | If you find a security issue in HTTP Toolkit, please get in touch privately at security@httptoolkit.com with the details so this can be resolved. For any other non-sensitive issues, please open an issue on GitHub to discuss the problem you're facing.
4 |
5 | The below defines the formal incident reporting procedure for this, for customers whose procurement rules require HTTP Toolkit to have a detailed formalized policy:
6 |
7 | ## 1. Reporting Channels
8 |
9 | Security incidents should be reported to: security@httptoolkit.com
10 | All other incidents should be reported via GitHub issues.
11 |
12 | For provider-specific issues, additional notifications should be sent to:
13 | - Auth0 Support (authentication issues)
14 | - Paddle or PayPro Global Support (payment issues)
15 | - Scaleway or Bunny CDN Support (infrastructure/CDN issues)
16 |
17 | ## 2. Incident Classification
18 |
19 | ### Priority 0 (Critical)
20 | - Security breaches
21 | - Unauthorized access to systems
22 | - Data leak or exposure
23 | - Complete service unavailability
24 | - Target Response Time: 24 hours
25 | - Maximum Response Time: 48 hours
26 |
27 | ### Priority 1 (High)
28 | - Service degradation affecting all users
29 | - Authentication system disruption
30 | - Payment system disruption
31 | - Critical infrastructure failure
32 | - Target Response Time: 48 hours
33 | - Maximum Response Time: 72 hours
34 |
35 | ### Priority 2 (Medium)
36 | - Partial service degradation
37 | - Non-critical infrastructure issues
38 | - Performance degradation
39 | - Target Response Time: 48 hours
40 | - Maximum Response Time: 2 weeks
41 |
42 | ### Priority 3 (Low)
43 | - Minor bugs
44 | - Non-critical feature issues
45 | - UI/UX issues
46 | - Target Response Time: 1 week
47 | - Maximum Response Time: 2 weeks
48 |
49 | ## 3. Retention and Review
50 |
51 | All incident reports will be retained for a minimum of two years. The incident response procedure will be reviewed annually and updated as needed.
52 |
--------------------------------------------------------------------------------
/demo.apng:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/httptoolkit/httptoolkit/ea00e2b595e380dd1bd9c6ba0ca625d5559a9f1e/demo.apng
--------------------------------------------------------------------------------