The primary purpose of the Hatkit Proxy is to create a minimal, lightweight proxy which stores traffic into an offline storage where further analysis can be performed, i.e. all kinds of analysis which is currently implemented by the proxies themselves (WebScarab/Burp/Paros etc).
Also, since the http traffic is stored in a MongoDB, the traffic is stored at an object-level, retaining the structure of the parsed traffic.
- Swing-based UI,
- Interception capabilities with manual edit, both for TCP and HTTP traffic,
- Syntax highlightning (html/form-data/http) based on JFlex,
- Storage of http traffic into MongoDB database,
- Possibilities to intercept in Fully Qualified mode (like all other http-proxies) OR Non-fully qualified mode. The latter means that interception is performed *after* the host has been parsed, thereby enabling the user to submit non-valid http content.
- A set of filters to either ignore or process traffic which is routed to the proxy. The ‘ignored’ traffic will be streamed to the endpoint with minimal impact on performance.
- HTTP-intercept: Some button/checkboxes in the interception window does not work
- TCP-intercept: The statistics counters are incorrect.
You can download OWASP Hatkit Proxy here:
Or read more here.