Lightnews — Scholar-powered news

HTTP Toolkit @httptoolkit.com · 9d

That means you can use HTTP Toolkit to easily capture, read & modify HTTP at the application level, and simultaneously examine the underlying packets at the same time, with automatic decryption so you can see everything (like which TLS handshake is which 403 response).

HTTP Toolkit @httptoolkit.com · 9d

Want to dig into traffic byte-by-byte, to read your TLS handshakes and TCP packets directly?

With the new support for keylog files in the Pro settings, you can now integrate HTTP Toolkit into tools like Wireshark 🦈

Reposted by HTTP Toolkit

Ayuda Efectiva @ayudaefectiva.bsky.social · 18d

¡Enhorabuena a @httptoolkit.com por obtener el Sello Ayuda Efectiva como empresa de alto impacto!

La empresa ha donado al menos un 0,7% de sus ingresos a los programas benéficos más efectivos.

🏅 Página de certificación e impacto:
ayudaefectiva.org/empresa/http...

1 1

HTTP Toolkit @httptoolkit.com · Aug 21

Redirecting traffic? HTTP Toolkit transform rules just gained a long list of new options, including arbitrary regex match & replace logic, precisely targeted for every URL component - fully combinable with all the other existing request & response transforms.

Reposted by HTTP Toolkit

Tim Perry @pimterry.fyi · Jul 24

I've been doing some ridiculously neat reverse engineering recently.

Check this out: github.com/httptoolkit/...

That code is modifying functions inside Flutter apps, without debug info, by *fingerprinting known chunks of assembly* for each CPU architecture, and then scanning memory to find them 🤯

Release v4.0.0 · httptoolkit/mockttp

1 1 1

HTTP Toolkit @httptoolkit.com · Jun 17

Check out the full Mockttp v4.0.0 release notes here: github.com/httptoolkit/...

import * as mockttp from 'mockttp'; const https = await mockttp.generateCACertificate(); const server = getLocal({ https }); server.forPost() .forHostname("example.com") .delay(500) .thenRe...

GitHub - httptoolkit/mockttp: Powerful friendly HTTP mock server & proxy library

HTTP Toolkit @httptoolkit.com · Jun 17

Want to script your own MitM proxy? You can use HTTP Toolkit's internals standalone via Mockttp, a JS library to build HTTP, WebSocket & TLS intercepting proxies: github.com/httptoolkit/...

v4 just went live: advanced URL regex rewriting, delay mixins, and non-HTTP proxying too 🚀

Powerful friendly HTTP mock server & proxy library - httptoolkit/mockttp

Intercept, debug & build with HTTP

1 2

Reposted by HTTP Toolkit

wraptile @wraptile.fosstodon.org.ap.brid.gy · May 21

Having a rooted android device with man-in-the-middle http capture using #httptoolkit is so much fun. It's crazy how much evil shit the apps are up to 🤯

https://httptoolkit.com/

ALWAYS use the website instead of the app if possible.

#android #infosec

Beautiful, cross-platform & open-source tools for debugging, testing and building with HTTP(S), on Windows, Linux & Mac.

This specification defines a new HTTP method, QUERY, as a safe, idempotent request method that can carry request content.

3 2

Reposted by HTTP Toolkit

James Snell @jasnell.me · May 22

It's been a long time coming but the http QUERY method spec is nearly done www.ietf.org/archive/id/d...

The HTTP QUERY Method

www.ietf.org

2 11 32

HTTP Toolkit @httptoolkit.com · Apr 11

Some major performance updates have gone live this week 🚀

With a big internal redesign, memory usage just dropped 40%, and processing input got up to 50x (!) faster. A nice drop in CPU while intercepting, but a huge boost when you load a HAR of 100s of thousands of requests.

2

HTTP Toolkit @httptoolkit.com · Mar 31

I can see a blip in the CDN logs, which seems to have just affected some specific regions, but only briefly. I've manually flushed all CDN caches to reset it just in case, but I can't see any issues elsewhere now. If it's still not working for you it's most likely local caching of some sort.

HTTP/3 is everywhere but nowhere

HTTP Toolkit @httptoolkit.com · Mar 31

Hmm, seems to be working for me, and my uptime monitoring hasn't reported any issues. If you restart the app, does it work now?

2

HTTP Toolkit @httptoolkit.com · Mar 12

What's going on with HTTP/3, where are the problems, and what comes next?

HTTP/3 has been in development since at least 2016, while QUIC (the protocol beneath it) was first introduced by Google way back in 2013. Both are now...

Release v1.20.0 · httptoolkit/httptoolkit-desktop

1 2 2

HTTP Toolkit @httptoolkit.com · Mar 11

Widespread HTTP compression dictionary support is slowly coming to the web...

IntentToShip @intenttoship.dev · Mar 11

Gecko: Intent to prototype: IETF HTTP Compression Dictionaries

groups.google.com

HTTP Toolkit @httptoolkit.com · Mar 3

These are now working nicely & officially available. Architecture picker on the website coming soon, in the meantime you can download them manually from the latest official release here: github.com/httptoolkit/...

Defining a new HTTP method: HTTP QUERY

HTTP Toolkit @httptoolkit.com · Feb 25

There's an updated version of the exciting new HTTP QUERY method spec released today: https://www.ietf.org/archive/id/draft-ietf-httpbis-safe-method-w-body-08.html. Great to see progress here.

If you're unaware of it, there's more background on the HTTP Toolkit blog:

Nothing is ever finished or perfect, and HTTP is no exception. HTTP QUERY is a new HTTP method, for safe requests that include a request body. It's still...

Test out building linux arm64 too · httptoolkit/httptoolkit-server@21bb1cf

HTTP Toolkit @httptoolkit.com · Feb 24

HTTP Toolkit arm64 builds landing imminently! Linux & Mac for now, Windows once GitHub CI support is fully available.

If you want to test it, you can download the latest server distributable from github.com/httptoolkit/... to run this locally today (see github.com/httptoolkit/... for instructions).

The backend of HTTP Toolkit. Contribute to httptoolkit/httptoolkit-server development by creating an account on GitHub.

Sponsor @frida on GitHub Sponsors

HTTP Toolkit @httptoolkit.com · Dec 12

You can now sponsor https://frida.re on GitHub to help fund development of Frida, which forms the backbone of plenty of reverse engineering techniques & tools.

HTTP Toolkit just signed up as the first sponsor! You can help support them too here:

Support frida's open source work

RFC 35140: The Do-Not-Stab flag in the HTTP Header

HTTP Toolkit @httptoolkit.com · Nov 27

Very much looking forward to the exciting new "Do-Not-Stab" HTTP header, glad to see somebody finally proposing serious solutions for this important issue:

Date: March 7, 2111 Abstract This document defines the syntax and semantics of the Do-Not-Stab header, a proposed HTTP header that allows users to indicate to a website their preferences about being…

www.5snb.club

HTTP Toolkit @httptoolkit.com · Nov 25

Enjoy! To get started, just click 'Get Pro' in the HTTP Toolkit desktop app, or purchase on the web here: https://httptoolkit.com/get-pro/

Intercept, debug & build with HTTP

Beautiful, cross-platform & open-source tools for debugging, testing and building with HTTP(S), on Windows, Linux & Mac.

HTTP Toolkit @httptoolkit.com · Nov 25

By popular request, there's a new HTTP Toolkit Black Friday deal!

Get 🎉 30% off 🎉 all HTTP Toolkit Pro annual subscriptions with coupon BLACKFRIDAY24 from now until next Tuesday (and that discount is recurring too, so it continues as long as your subscription does).

Rufim has 23 repositories available. Follow their code on GitHub.

Reposted by HTTP Toolkit

David Buchanan @retr0.id · Nov 12

I wonder what percentage of all internet traffic is taken up by CORS preflight requests

37 28 950

HTTP Toolkit @httptoolkit.com · Nov 20

A lot of credit here goes to the very helpful https://github.com/Rufim who suggested the changes required and built the base of this work! So many thanks to all the open source contributors who help test & widen support for HTTP Toolkit across more platforms 🙏

Rufim - Overview