Hetty: An Open-Source HTTP Toolkit for Security Research

By /

Listen to this Post

Hetty is an open-source HTTP toolkit designed for security research, offering features that rival Burp Suite. It provides powerful tools for infosec professionals and bug bounty hunters, including MITM proxy capabilities, HTTP client functionality, and a web-based interface for efficient workflow management.

🔗 Official Website: https://hetty.xyz

✅ Key Features:

  • MITM HTTP Proxy: Capture and inspect traffic with logging.
  • HTTP Client: Edit and replay requests for testing.
  • Request/Response Interception: Modify or resend traffic.
  • Web-Based Interface: Intuitive UI for streamlined security research.

You Should Know:

1. Setting Up Hetty Proxy for Traffic Inspection

To use Hetty as a MITM proxy, follow these steps:

On Linux:

 Clone Hetty repository 
git clone https://github.com/dstotijn/hetty 
cd hetty

Build and run 
go build 
./hetty -addr :8080

Configure Browser/System Proxy:

  • Set proxy to `127.0.0.1:8080` in browser or system settings.
  • Intercept and analyze HTTP/HTTPS traffic.

2. Replaying and Modifying Requests

Use Hetty’s HTTP client to replay modified requests:

 Example: Send a modified GET request 
curl -X GET http://target.com/api/data --proxy http://127.0.0.1:8080

Intercepting & Editing Requests:

1. Enable interception in Hetty’s web UI.

2. Modify headers or payloads before forwarding.

3. Automating Security Tests with Hetty

Combine Hetty with tools like `sqlmap` or `nikto`:

 Use Hetty as a proxy for sqlmap 
sqlmap -u "http://target.com/vuln_page" --proxy=http://127.0.0.1:8080

4. Logging Traffic for Analysis

Enable logging in Hetty to store HTTP interactions:

./hetty -addr :8080 -log-dir ./traffic_logs

What Undercode Say:

Hetty is a promising alternative to Burp Suite, especially for open-source enthusiasts. Its MITM proxy, request manipulation, and logging features make it ideal for penetration testers. However, always ensure proper authorization before testing.

Expected Output:

[+] Proxy running on :8080 
[+] Captured 15 requests 
[+] Saved logs to ./traffic_logs

For more details, visit: https://hetty.xyz

References:

Reported By: Pethu Cybersecurity – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅

Join Our Cyber World:

💬 Whatsapp | 💬 TelegramFeatured Image

Related Posts: