Hetty is an HTTP toolkit for security research. It aims to become an open source alternative to commercial software like Burp Suite Pro, with powerful features tailored to the needs of the infosec and bug bounty community.
ℹ️ Hetty is in early development. Please see the backlog for details.
💬 Join the Hetty Discord server.
The quickest way to install and update Hetty is via a package manager:
brew install hettysoft/tap/hetty
sudo snap install hetty
scoop bucket add hettysoft https://github.com/hettysoft/scoop-bucket.git
scoop install hettysoft/hetty
Alternatively, you can download the latest release from GitHub for your OS and architecture, and move the binary to a directory in your $PATH
. If your OS is not available for one of the package managers or not listed in the GitHub releases, you can compile from source (link?) or use a Docker image (link?).
Once installed, start Hetty from the command line:
When invoked without any options, this:
~/.hetty/
~/.hetty/db/
0.0.0.0:8080
, used for proxying and serving the admin interfaceYou should see the following console output:
2022/03/01 11:09:15 INFO [main] Hetty (v0.5.1) is running on :8080 ...2022/03/01 11:09:15 INFO [main] Get started at http://localhost:8080
👉 You can now visit http://localhost:8080 to access the admin interface.
To easily use the HTTP proxy without manual setup, Hetty can invoke Chrome (if installed) on startup with the correct predefined settings, via:
Alternatively, you can trust the root CA certificate system wide.
Once you have a project created and opened, any incoming HTTP requests proxied by Hetty will be logged.
To use Hetty’s HTTP proxy, you have several options:
hetty --chrome
and use a preconfigured Chrome instance (recommended)When using a browser extension for proxying, you can use http://localhost:8080
as the proxy URL (unless you’ve specified a custom listen to address with the --addr
option).
If you’re planning to use the proxy from a machine different than the one running Hetty (e.g. another device in your LAN), you’ll need to use a non-loopback network address, e.g. the IP address assigned by your DHCP server.
👉 With one of the above options, use the proxy by visiting a website to incur some logs we’ll use in the next section.
Once you’ve generated some traffic on the HTTP proxy, there should be some requests logged. Let’s review them by opening the Proxy logs page in the admin interface, found in the vertical menu bar on the left.
Use the “copy” icon next to any log entry to copy this request to the Sender module, allowing you to edit and resend the HTTP request:
Browse to the Sender module via the vertical menu bar on the left.
At the bottom of the screen, click the request we just copied from the Proxy logs.
Now you can edit the method, URL, request headers and body of the request. Every time you click Send, a new request is sent and recorded in the history pane at the bottom of the screen.
You should now be up and running with Hetty! 🎉 Check out the guides for more detailed feature documentation.
Use issues for bug reports and feature requests, and discussions for questions and troubleshooting.
💬 Join the Hetty Discord server.
Want to contribute? Great! Please check the Contribution Guidelines for details.