HTTPView is the most advanced HTTP traffic auditing and replay tool on the market today. It works like a proxy but unlike traditional proxies, it has swappable backends, which gives you a greater flexibility and control. With the help of the SecApps Extension, you can even intercept browser traffic without the need to install additional tools or fiddle with your system proxy settings. Everything is done from your own browser.
- Intercept request and responses without a proxy with the SecApps Extension
- HTTP and HTTPS (SSL) interception out of the box
- Co-pilot - automatic passive and active vulnerability scanning
- Request filters
- Request and response syntax highlighters
- Code generators - export any request to your favorite programming language
- 3rd-party integrations (TCP packets to HTTP request reconstruction tooling)
- Ability to connect to multiple backends and intercept traffic from many endpoints
HTTPView is useful in situations when you need to observe all of the HTTP requests and responses that go in and out from the target application. It works even when the communication is encrypted (HTTPS) and you do not have to accept any certificate warnings for that. HTTPView provides contextual help by automatically highlighting relevant information and will present HTML, JSON, XML and even binary data in a convenient way ready for your inspection.
You can use HTTPView as a web application security scanner. The tool can be configured to perform a number of security tests on all incoming and outgoing connections. This feature helps identifying security vulnerabilities quickly.
HTTPView also comes with a number of auxilary features, such as a built-in code generator, syntax highlighter, filters, hex viewer for unknown binary payloads and built-in support for all audio, video and image media formats. You can also use HTTPView to save and restore your work. HTTPView files are easy to parse, move and share.
HTTPView integrates with 3rd-party tools, such as Pown.js and Node Inseptor. These integrations make HTTPView a very powerful and versatile tool. The following list of articles show some interesting use-cases:
- Intercept Traffic from Node Application
- Open-source CLI Proxy with Rich UI support
- iOS Packet Sniffing with HTTPView and Pown.js
- The Awesome HTTPView - Hacking without Proxies
- HTTPView Feeds - Next Gen HTTP Pentesting
Even More Awesome Features
This tool includes many more awesome features you may not about.
- Bin View - Go Seamlessly Between Binary and Text
- Co-pilot - Guided Vulnerability Scanning
- Code Builder - Make HTTP Requests in your Programming Language of Choice
- Feeds - Intercept Traffic from different Sources
- Fiddles - SecApps' Social Element
- Fork - Take Your Work in Another Direction
- Form Extractor - From Testing the Waters to Attack in Seconds
- Help - For When You Need a Little Push
- HTML Preview - Proper HTML rendering for HTTP responses
- Link Extractor - Find All Those External Endpoints
- Passive Analyzer - Helps you find security issues automatically
- Pown Apps - The Beauty of SecApps combined with the Power of Pown
- Projects - Saving Your Progress
- Readme - Note to Self
- Themes - Make SecApps Truely Yours