HTTP Toolkit

@httptoolkit
160 Followers
4 Following
366 Posts
Beautiful & open-source tools to debug, test and develop with HTTP(S).
Find out more:https://httptoolkit.com
Built by:https://toot.cafe/@pimterry
Open source:https://github.com/httptoolkit
HTTP ToolkitMay 14

HTTP Toolkit can now automatically detect, parse & expose the EXIF metadata within intercepted images.

Quickly inspect the secret metadata in images to understand when, where, and how they were captured, and plenty more; EXIF can hide a surprising amount! https://en.wikipedia.org/wiki/Exif

HTTP ToolkitMay 7

Need a second opinion understanding your HTTP, or a quick first pass to find the good bits?

HTTP Toolkit now has MCP support!

Copy-paste setup for Claude Code and plenty more, so it just takes seconds to get your LLMs intercepting & inspecting HTTP all by themselves ✨

HTTP ToolkitApr 29
Tim PerryApr 29

I've been thinking about https://simonomi.dev/blog/color-code-your-bytes/.

Whipped up a quick prototype for HTTP Toolkit's hex view - what do you think? Interesting and more useful than monochrome, or just visually noisy?

See if you can guess what each file type is here - answers in the alt text 😀

Show threadHTTP ToolkitMar 31
What's perfect mirroring? Before, WebSockets were negotiated separately up & down stream. The data was the same but some handshake params could differ. We now take full low-level control of negotiation and link the two directly instead, to perfectly clone the full socket 👯
HTTP ToolkitMar 31

The proxy inside HTTP Toolkit (https://github.com/httptoolkit/mockttp) was just updated: 30%+ more throughput, lower latency, and perfect mirroring for WebSockets too.

Live now in Mockttp for custom proxies, coming to an HTTP Toolkit near you later this week!

GitHub - httptoolkit/mockttp: Powerful friendly HTTP mock server & proxy library

Powerful friendly HTTP mock server & proxy library - httptoolkit/mockttp

GitHub
HTTP ToolkitFeb 23

Wouldn't it be nice if HTTP compression suddenly got 90% better for a whole bunch of common web scenarios?

Dictionary Compression is here to save the day: https://httptoolkit.com/blog/dictionary-compression-performance-zstd-brotli/
https://httptoolkit.com/blog/dictionary-compression-performance-zstd-brotli/

Dictionary Compression is finally here, and it's ridiculously good

Dictionary compression could completely change how applications send data over the web. It's recently gained broad support, and offers absurd real-world...

HTTP ToolkitFeb 9

Vitor Daniel reverse engineered & probed his university's mobile app API with HTTP Toolkit, discovered a vulnerable endpoint leaking private data, and successfully worked with them to patch the issue and secure the service.

Great to see reverse engineering improving security like this, take a look at his write-up for the full story: https://vitordaniel.is-a.dev/blog/como-eu-encontrei-uma-vulnerabilidade-no-sistema-da-minha-universidade
https://vitordaniel.is-a.dev/blog/como-eu-encontrei-uma-vulnerabilidade-no-sistema-da-minha-universidade

Hackeei minha universidade e obtive acesso aos dados de todos os alunos

Um relato pessoal sobre como descobri e reportei uma vulnerabilidade crítica de segurança no sistema da UFRN

Vitor Daniel
Show threadHTTP ToolkitFeb 3
It'd be easy to add more one-click filters to this menu - any suggestions for what you'd like to be able to quickly add?
HTTP ToolkitFeb 3

It's hard to find the needle in the haystack sometimes...

You can now right-click any request in HTTP Toolkit to use its hostname as a filter, to quickly hide any host or show it exclusively, in one click right from the traffic itself 🪡

HTTP ToolkitJan 19
Interested in how rate limiting can work to throttle HTTP clients effectively? @fanf has written some fascinating thoughts about the (relatively) new HTTP standard Rate Limit Header: https://dotat.at/@/2026-01-13-http-ratelimit.html
https://dotat.at/@/2026-01-13-http-ratelimit.html
HTTP RateLimit headers – Tony Finch