git404hub

what is hetty fr?

dstotijn/hetty — explained in plain English

Analysis updated 2026-06-24

10,203GoAudience · developerComplexity · 2/5Setup · easy

tl;dr

A free open source HTTP proxy and security testing toolkit that intercepts, logs, edits, and replays web traffic, a no-cost alternative to Burp Suite Pro for bug bounty hunters and penetration testers.

vibe map

mindmap
  root((repo))
    What it does
      MITM proxy
      Traffic interception
      Request replay
    Features
      Edit requests in flight
      Domain scoping
      Project databases
      HTTP client tool
    Install Options
      Homebrew macOS
      Snap Linux
      Docker
      Binary download
    Audience
      Security researchers
      Bug bounty hunters
      Pentesters

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

what do people make with this?

VIBE 1

Intercept and inspect HTTP and HTTPS traffic from a web app to understand what data it sends to the server.

VIBE 2

Edit a captured request mid-flight to test whether a web application properly validates user input.

VIBE 3

Replay previously captured requests to reproduce bugs or test API behavior during a security engagement.

VIBE 4

Organize separate bug bounty testing sessions in local project databases and revisit them later.

what's the stack?

Go

how it stacks up fr

dstotijn/hettykedacore/kedameshery/meshery
Stars10,20310,18110,229
LanguageGoGoGo
Setup difficultyeasymoderatehard
Complexity2/54/54/5
Audiencedeveloperops devopsops devops

Figures from each repo's GitHub metadata at analysis time.

how do i run it?

Difficulty · easy time til it works · 30min

You need to install Hetty's root certificate in your browser to intercept and inspect HTTPS traffic.

in plain english

Hetty is an open source HTTP toolkit built for security researchers and people doing bug bounty work. Its goal is to provide a free alternative to commercial tools like Burp Suite Pro that are commonly used in web application security testing. The central feature is a machine-in-the-middle (MITM) proxy. When you configure your browser or test device to send traffic through Hetty, it intercepts all HTTP and HTTPS requests and responses, logging them so you can review what data an application is sending and receiving. You can pause specific requests or responses mid-flight, inspect and edit them, then decide whether to forward or cancel them. This is useful for understanding how a web application works or for testing whether it validates input properly. Beyond passive logging, Hetty includes an HTTP client for composing and sending custom requests, as well as the ability to replay any previously captured request. A scoping system lets you focus logging on specific domains or paths so you are not flooded with traffic from unrelated sources. All captured data is stored in a local project database, so you can organize separate testing sessions and come back to them later. The admin interface is web-based, which means you access it through a browser after starting the Hetty server. Installation is available through Homebrew on macOS, Snap on Linux, Scoop on Windows, or as a Docker container. It can also be downloaded as a standalone binary. Hetty was still under active development as of the README, with a public backlog listing upcoming features.

prompts (copy fr)

prompt 1
Set up Hetty as a MITM proxy on macOS using Homebrew, configure my browser to route traffic through it, and intercept HTTPS requests from a test web app.
prompt 2
Using Hetty, capture a login request, modify the username field, and replay it to test for an authentication bypass vulnerability.
prompt 3
How do I configure Hetty's scoping feature to only log traffic from one specific domain during a bug bounty engagement?
prompt 4
Run Hetty in a Docker container and set it up to intercept traffic from a mobile app during a security assessment.
prompt 5
Using Hetty, how do I intercept and modify a JSON API response before it reaches my browser?

Frequently asked questions

what is hetty fr?

A free open source HTTP proxy and security testing toolkit that intercepts, logs, edits, and replays web traffic, a no-cost alternative to Burp Suite Pro for bug bounty hunters and penetration testers.

What language is hetty written in?

Mainly Go. The stack also includes Go.

How hard is hetty to set up?

Setup difficulty is rated easy, with roughly 30min to a first successful run.

Who is hetty for?

Mainly developer.

peek the repo → explain another one

This repo across BitVibe Labs

double-check against the repo, no cap.