Check out the full Mockttp v4.0.0 release notes here: https://github.com/httptoolkit/mockttp/releases/tag/v4.0.0

Want to script your own MitM proxy? You can use HTTP Toolkit's internals standalone via Mockttp, a JS library to build HTTP, WebSocket & TLS intercepting proxies: https://github.com/httptoolkit/mockttp/

v4 just went live: advanced URL regex rewriting, delay mixins, and non-HTTP proxying too 🚀

Some major performance updates have gone live this week 🚀

With a big internal redesign, memory usage just dropped 40%, and processing input got up to 50x (!) faster. A nice drop in CPU while intercepting, but a huge boost when you load a HAR of 100s of thousands of requests.

@polx Thanks!

Yes, just a configuration change for incoming support now, but it's still marked as "experimental, caveat emptor applies" at the top of https://nginx.org/en/docs/quic.html and disabled by default, so I assume it's not really intended for widespread production usage yet.

And that's for downstream QUIC only - as far as I can tell, nginx doesn't support upstream QUIC at all.

What's going on with HTTP/3, where are the problems, and what comes next?

https://httptoolkit.com/blog/http3-quic-open-source-support-nowhere/

Gecko: Intent to prototype: IETF HTTP Compression Dictionaries

Gecko: Intent to prototype: I...

These are now working nicely & officially available. Architecture picker on the website coming soon, in the meantime you can download them manually from the latest official release here: https://github.com/httptoolkit/httptoolkit-desktop/releases/v1.20.0

There's an updated version of the exciting new HTTP QUERY method spec released today: https://www.ietf.org/archive/id/draft-ietf-httpbis-safe-method-w-body-08.html. Great to see progress here.

If you're unaware of it, there's more background on the HTTP Toolkit blog: https://httptoolkit.com/blog/http-search-method/

HTTP Toolkit arm64 builds landing imminently! Linux & Mac for now, Windows once GitHub CI support is fully available.

If you want to test it, you can download the latest server distributable from https://github.com/httptoolkit/httptoolkit-server/actions/runs/13397081590 to run this locally today (see https://github.com/httptoolkit/httptoolkit-server/#readme for local dev instructions).

You can now sponsor https://frida.re on GitHub to help fund development of Frida, which forms the backbone of plenty of reverse engineering techniques & tools, HTTP Toolkit included.

HTTP Toolkit just signed up as the first sponsor! You can help support them too here: https://github.com/sponsors/frida

Very much looking forward to the exciting new "Do-Not-Stab" HTTP header, glad to see somebody finally proposing serious solutions for this important issue: https://www.5snb.club/posts/2023/do-not-stab/

By popular request, there's a new HTTP Toolkit Black Friday deal!

Get 🎉 30% off 🎉 all HTTP Toolkit Pro annual subscriptions with coupon BLACKFRIDAY24 from now until next Tuesday (and that discount is recurring too, so it continues as long as your subscription does).

Enjoy! To get started, just click 'Get Pro' in the HTTP Toolkit desktop app, or purchase on the web here: https://httptoolkit.com/get-pro/

A lot of credit here goes to the very helpful https://github.com/Rufim who suggested the changes required and built the base of this work! So many thanks to all the open source contributors who help test & widen support for HTTP Toolkit across more platforms 🙏

This was semi-possible before but with a lot of caveats, broken icons, certificate setup issues etc.

There will be cases where cert installation still isn't possible (Android TV limits this) but this update now allows manual workarounds there (i.e. directly trusting certs in the config of the app).

HTTP Toolkit now has built-in support for Android TV interception! 📺

Awesome to see HTTP Toolkit in Times Square for yesterday's launch of the Open Source Pledge!

Amazing work from the whole OSS Pledge team (https://opensourcepledge.com), and it's great to be part of this first wave of incredible companies committing to supporting open source devs.

More info on the blog at https://httptoolkit.com/blog/open-source-funding-pledge/

#opensource #opensourcepledge #paythemaintainers

HTTP Toolkit has a new website 🚀

Along with a new logo to match, and general redesign throughout the entire tool.

Lots of exciting details here, but most notably: both the website & product now have proper dark mode built-in! Much better.

Check it out: https://httptoolkit.com

HTTP Toolkit powers all sorts of awesome security & privacy research.

Check out the latest: a superb investigation presented at BlackHat last week by the team from DistriNet (https://distrinet.cs.kuleuven.be/) intercepting HTTP to explore privacy risks & identity theft in dating apps: https://lepoch.at/files/dating-apps-usesec24.pdf

Two new types of rule just landed!

Define precise transforms on intercepted JSON requests & responses, with a list of JSON patch operations (https://jsonpatch.com)

Or modify text bodies directly, matching & replacing arbitrary message content with the full power of regex:

Intercept & view all your HTTP(S) Mock endpoints or entire servers: @httptoolkit

Should be useful to develop and debug. Alternative to fiddler and charles. Open source tool

download here: https://httptoolkit.com/
source: https://github.com/httptoolkit/httptoolkit-ui

(cool to find an AP handle for a developer tool kit ;-) )

#devnote #tools