Hetty v0.7 releases: HTTP toolkit for security research

hetty

Hetty is an HTTP toolkit for security research. It aims to become an open source alternative to commercial software like Burp Suite Pro, with powerful features tailored to the needs of the infosec and bug bounty community.

Features

• Man-in-the-middle (MITM) HTTP/1.1 proxy with logs
• Project-based database storage (SQLite)
• Scope support
• Headless management API using GraphQL
• Embedded web interface (Next.js)

Changelog v0.7

This release adds a new Intercept module! 🎉 Check out the new guide in the docs, and please reach out via discussions or Discord if you have any feedback.

• f60202e Add Snapcraft and Scoop config
• bdd6673 Add Snapcraft notice
• d3246b0 Add intercept feature to README
• 02408b5 Add intercept module
• d34258d Add links to intercept filter docs
• 0e9fb0a Add tests for search.Expression interface implementations
• 87b8b18 Fix README badges
• 6ffc55c Fix Snapcraft plugs config to allow network binding
• 3f5277e Fix light/dark mode logo in README
• edab744 Remove old docs
• 61fd3fc Update admin dependencies

Usage

Hetty is packaged as a single binary, with the web interface resources embedded. When the program is run, it listens by default on :8080 and is accessible via http://localhost:8080. Depending on incoming HTTP requests, it either acts as a MITM proxy, or it serves the GraphQL API and web interface (Next.js).

$ hetty -h

Usage of ./hetty:

  -addr string

        TCP address to listen on, in the form "host:port" (default ":8080")

  -adminPath string

        File path to admin build

  -cert string

        CA certificate filepath. Creates a new CA certificate is file doesn't exist (default "~/.hetty/hetty_cert.pem")

  -key string

        CA private key filepath. Creates a new CA private key if file doesn't exist (default "~/.hetty/hetty_key.pem")

  -projects string

        Projects directory path (default "~/.hetty/projects")

Download

Copyright (c) 2020 David Stotijn