caido
hetty
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
caido
-
Autorize – The most popular tool to discover AuthZ/AuthN flaws
Caido[1] a interception proxy written in Rust, is positioning itself as a "lightweight" alternative to Burp. It can't compete yet with Burp in terms of functionality, although it's certainly looking promising.
Perhaps one of few contenders to Burp in respect to features is ZAP[2].
[1] https://caido.io/
[2] https://www.zaproxy.org/
-
Show HN: Pākiki Proxy – An intercepting proxy for penetration pesting
Thanks for the review and kind words. This was really one of the core goal to make it super accessible.
We developed it in Rust because we wanted to create a client/server architecture that you can deploy everywhere (Caido runs even on a rapsberry pi). We worked a lot on the frontend to make it snappy too, so its a combination of both.
Yes for sure, there is a privacy concern too with us forwarding request. It is in the issues of https://github.com/caido/caido.
-
Good alternative to postman ?
I have not tried it myself, but there is a tool called Caido https://www.youtube.com/watch?v=qLVu7rg9btk
-
Public beta of Caido, a BurpSuite alternative
Yes we are planning to work on extensions, but it is a bit more complicated to do in compiled languages like Rust and we have some tech debt to repay before we can start the work on that. You can follow the issue https://github.com/caido/caido/issues/2
- Show HN: Caido, a lightweight web security auditing toolkit
hetty
- Hetty - An http toolkit for security research.
-
Mitmproxy 8
FWIW: I'm building something in Go (https://github.com/dstotijn/hetty). But it's pretty early stage and not even near the featureset that mitmproxy or Burp Suite has. Also I wouldn't dare say it's more efficient (yet!). But Go has been great so far to build it.
As mentioned elsewhere: (dev friendly) extensibility/add-ons with Go will be an interesting challenge. Haven't looked into it yet.
-
Gopher Gold #14 - Wed Oct 07 2020
dstotijn/hetty (Go): Hetty is an HTTP toolkit for security research. It aims to become an open source alternative to commercial software like Burp Suite Pro, with powerful features tailored to the needs of the infosec and bug bounty community.
What are some alternatives?
offensive-docker - Offensive Docker is an image with the more used offensive tools to create an environment easily and quickly to launch assessment to the targets.
mitmproxy - An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.
Proxyman - Modern. Native. Delightful Web Debugging Proxy for macOS, iOS, and Android ⚡️
ppmap - A scanner/exploitation tool written in GO, which leverages client-side Prototype Pollution to XSS by exploiting known gadgets.
ZAP - The ZAP core project
lakeFS - lakeFS - Data version control for your data lake | Git for data
wstg - The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
interactsh - An OOB interaction gathering server and client library
reconftw - reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
spark-operator - Kubernetes operator for managing the lifecycle of Apache Spark applications on Kubernetes.
murder - Large scale server deploys using BitTorrent and the BitTornado library
mitmpcap - export mitmproxy traffic to PCAP file