This repo contains the backend for HTTP Toolkit, a beautiful, cross-platform & open-source HTTP(S) debugging proxy, analyzer & client.
Looking to file bugs, request features or send feedback? File an issue or vote on existing ones at github.com/httptoolkit/httptoolkit.
HTTP Toolkit runs everything possible within the web UI, written as a standard single-page web application. There's a couple of necessary things you can't do in a web application though, especially:
This server exposes an API that is used by the web UI, exposing these actions and some other related information - see src/api/rest-api.ts
for the full API details.
This server is runnable standalone as a CLI using oclif, or can be imported into other modules to be run programmatically. The available interceptors are defined in src/interceptors
, and some of these also use other services in here, e.g. src/cert-check-server.ts
automatically checks if a certificate is trusted by a browser client, and downloads or installs (depending on the client) the certificate if not.
Note that the set of interceptors available in HTTP Toolkit depends on both the interceptors available on your server and the interceptors defined in the UI - new interceptors will need to be added to both.
This server is typically used by users via httptoolkit-desktop, which builds the server and web UI into an electron application, and starts & stops the server in the background whenever that app is run. Each time the desktop app is built, a new electron app is created containing the latest release from this repo.
Once the server has installed it automatically updates in the background periodically, pulling new releases from the github releases of this repo.
If you want to add new interceptors, change/fix existing interceptor behaviour (but not their UI) or reconfigure how the underlying proxy server is set up, then you're in the right place :+1:.
To get started:
npm install
npm start
https://app.httptoolkit.tech
in a Chromium-based browser, or start and use a local UI by:
npm run start:web
there to start the UI without its own server.http://local.httptoolkit.tech:8080
in a Chromium-based browserA few things to be aware of:
src/interceptors/index.ts
, and will also need to be added to the UI to make that available.npm test
, or npm run test:unit
/npm run test:integration
to run just the unit/integration tests.HTK_SERVER_TOKEN
env var with a random key, and pass this similarly to the UI as an authToken=<token>
URL parameter. This is useful because the API is very powerful (it can launch arbitrary applications on your machine). The API only listens on localhost and blocks CORS requests, so strictly speaking this shouldn't be necessary, but it is useful as a stronger guarantee & defense in depth. This is handled automatically in the production desktop app.