Are there any HTTP/HTTPS interception tools other than Fiddler, Charles, Poster, and Achilles?

security http testing https
51,180

Solution 1

Achilles does work on HTTPS traffic, but they note on their site that it is not the best tool any more.

Their suggestions are Burp Suite and WebScarab both of which I highly recommend.

Solution 2

OWASP ZAP - its free, open source and cross platform.

Its also the most active open source web security tool and came first and second in the last 2 'Top Security Tools' surveys run by Toolswatch.org (2013, 2014)

It was originally forked from Paros, which is no longer maintained, but it now has loads more functionality.

Its an OWASP Flagship project having replaced WebScarab, which is also essentially no longer maintained.

Simon (ZAP Project Lead)

Solution 3

Wireshark is amazing. It captures everything on the network so you'll need to filter down to http/https: http://wiki.wireshark.org/CaptureFilters.

Solution 4

There are a few programs that I would suggest.

Paros Proxy and Ratproxy have already been noted.

scapy is a powerful packet manipulation tool, and has all of the sniffing and monitoring capabilities as well. dsniff is a suite of tools that allows manipulation, injection, and all sorts of interception and modification options.

There is also a plugin for IE called Tamper IE that has a simple GUI based packet editor.

All of these are free.

Solution 5

Doing more research I came across Paros Proxy. Seems to be a good alternative to the others.

Share:
51,180
IaCoder
Author by

IaCoder

Updated on December 18, 2020

Comments

  • IaCoder
    IaCoder over 3 years

    I'm in the process of testing my application with respect to security.

    Aside from Fiddler, Charles and Poster (Firefox plug in). Are there any other free to use https interception (and editing) applications out there? Especially ones which can be installed w/o admin privileges.

    Achilles comes to mind, but I don't think it can handle https traffic.

  • Lotus
    Lotus over 10 years
    +1 for scapy. An awesome low-level packet inspection library for Python.
  • Lotus
    Lotus over 10 years
    +1 for burp suite. Highly effective, intuitive, and free.
  • David Mulder
    David Mulder over 9 years
    Just for feature readers coming across this page: 'modern user interace' means a ribbon clone in this case (ala Microsoft Office)...
  • Khachatur
    Khachatur over 9 years
    not only :) It comes with a 'report control' that allows group, filter and sort http sessions and get some quic statistics for selected sessions (size by domains, by content types, gzip statistics, etc). Did you ever run it before posting your comment about ribbon?
  • Ajeeb.K.P
    Ajeeb.K.P over 7 years
    Instead of WebScarab should use ZAProxy. See first link for info.
  • mins
    mins over 3 years
    As-is Wireshark isn't able to display https traffic (you need to provide the SSL/TLS key apart)

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

window.opener.document.getElementById("parentId1").value = myvalue not working
Why do I get browser warnings on my new lets encrypt ssl setup?
Is there a security concern exposing NTLM authentication over http or should it only be https?
Is HTTP header Referer sent when going to a http page from a https page?
WS on HTTP vs WSS on HTTPS
Why am I suddenly getting a "Blocked loading mixed active content" issue in Firefox?
How to redirect all HTTP requests to HTTPS
Difference between http and https
handshakeexception handshake error in client (os error wrong_version_number tls_record cc 242) Flutter app/Node server
Flutter web integration test CORS XMLHttpRequest error