Hetty is an HTTP toolkit for security research. It aims to become an open source alternative to commercial software like Burp Suite Pro, with powerful features tailored to the needs of the infosec and bug bounty community.


  • Man-in-the-middle (MITM) HTTP/1.1 proxy with logs
  • Project based database storage (SQLite)
  • Scope support
  • Headless management API using GraphQL
  • Embedded web interface (Next.js)

ℹ️ Hetty is in early development. Additional features are planned for a v1.0 release. Please see the backlog for details.

Read the docs.

releases page.

mattn/go-sqlite3) and needs cgo to compile. Additionally, the static resources for the admin interface (Next.js) need to be generated via Yarn and embedded in a .go file with go.rice beforehand.

Clone the repository and use the build make target to create a binary:

$ git clone [email protected]:dstotijn/hetty.git
$ cd hetty
$ make build

dstotijn/hetty. For persistent storage of CA certificates and project databases, mount a volume:

$ mkdir -p $HOME/.hetty
$ docker run -v $HOME/.hetty:/root/.hetty -p 8080:8080 dstotijn/hetty

http://localhost:8080. Depending on incoming HTTP requests, it either acts as a MITM proxy, or it serves the API and web interface.

By default, project database files and CA certificates are stored in a .hetty directory under the user’s home directory ($HOME on Linux/macOS, %USERPROFILE% on Windows).

To start, ensure hetty (downloaded from a release, or manually built) is in your $PATH and run:

$ hetty

An overview of configuration flags:

$ hetty -h
Usage of ./hetty:
  -addr string
        TCP address to listen on, in the form "host:port" (default ":8080")
  -adminPath string
        File path to admin build
  -cert string
        CA certificate filepath. Creates a new CA certificate is file doesn't exist (default "~/.hetty/hetty_cert.pem")
  -key string
        CA private key filepath. Creates a new CA private key if file doesn't exist (default "~/.hetty/hetty_key.pem")
  -projects string
        Projects directory path (default "~/.hetty/projects")

You should see:

2020/11/01 14:47:10 [INFO] Running server on :8080 ...

Then, visit http://localhost:8080 to get started.

ℹ️ Detailed documentation is under development and will be available soon.

issues for bug reports and feature requests, and discussions for questions and troubleshooting.


💬 Join the Hetty Discord server.

Contribution Guidelines for details.

MIT License

Contact — Twitter, Email