hetty

Hetty is an open source HTTP toolkit built for security researchers and people doing bug bounty work. Its goal is to provide a free alternative to commercial tools like Burp Suite Pro that are commonly used in web application security testing.

The central feature is a machine-in-the-middle (MITM) proxy. When you configure your browser or test device to send traffic through Hetty, it intercepts all HTTP and HTTPS requests and responses, logging them so you can review what data an application is sending and receiving. You can pause specific requests or responses mid-flight, inspect and edit them, then decide whether to forward or cancel them. This is useful for understanding how a web application works or for testing whether it validates input properly.

Beyond passive logging, Hetty includes an HTTP client for composing and sending custom requests, as well as the ability to replay any previously captured request. A scoping system lets you focus logging on specific domains or paths so you are not flooded with traffic from unrelated sources. All captured data is stored in a local project database, so you can organize separate testing sessions and come back to them later.

The admin interface is web-based, which means you access it through a browser after starting the Hetty server. Installation is available through Homebrew on macOS, Snap on Linux, Scoop on Windows, or as a Docker container. It can also be downloaded as a standalone binary.

Hetty was still under active development as of the README, with a public backlog listing upcoming features.