Unlocking Greater Power: In-Depth Analysis of Open Source Tools for HTTP(S) Traffic Interception and Analysis

Unlocking Greater Power: In-Depth Analysis of Open Source Tools for HTTP(S) Traffic Interception and Analysis

For every developer dealing with APIs and network requests, a reliable HTTP(S) debugging tool is indispensable. HTTP Toolkit has gained a good reputation in the developer community for its elegant UI and one-click interception feature. However, as many have experienced, its “semi-open source” model, where the free version has functional limitations, often leaves developers seeking … Read more

Guide to Setting Up a Dual Protocol Proxy Server (HTTP/HTTPS)

Guide to Setting Up a Dual Protocol Proxy Server (HTTP/HTTPS)

1. Why Do We Need Dual Protocol Support? Modern websites are like hybrid cars, featuring both standard pages (HTTP) and encrypted content (HTTPS). For instance, when scraping e-commerce websites, the product detail page might be HTTP, but the user comments interface requires HTTPS. Using a single protocol proxy can lead to two troublesome issues: either … Read more

Everyone Needs an HTTP Proxy for Debugging

Everyone Needs an HTTP Proxy for Debugging

Introduction This article discusses how front-end engineers can use HTTP proxies for debugging, going beyond the limitations of DevTools. Today’s article is shared by Front-end Morning Reading @huli. As a front-end engineer who deals with web pages daily, it is quite reasonable to be familiar with the use of DevTools. Whenever there is an issue … Read more

mitmproxy: The Powerful Python Library for HTTP Proxying!

mitmproxy: The Powerful Python Library for HTTP Proxying!

Hello everyone, today I want to introduce a particularly powerful Python library – mitmproxy! It is an intercepting proxy tool that supports HTTP/HTTPS, allowing us to easily monitor and modify network requests. Whether for web scraping or API testing, it can save us a lot of trouble. I have been using it for several years, … Read more

12 Useful Tips for Using Fiddler HTTP Sniffer

12 Useful Tips for Using Fiddler HTTP Sniffer

Songqin Software Testing Adhere to Educational Principles Both Ask About Harvest and Cultivation When it comes to packet capturing, many people think it’s just about using a tool to capture data easily. Yesterday, during an interview for an Android reverse engineering position, I was directly told, “Packet capturing has no technical content.” Here, I must … Read more

Understanding HTTP Proxies: Theory and Practice

Understanding HTTP Proxies: Theory and Practice

/ Today’s Tech News / Sam Altman, the CEO of OpenAI, known as the “father of OpenAI”, warned at a Brookings Institution discussion on artificial intelligence and geopolitics that the economic impact of AI may be greatly underestimated. Altman said, “What I am most worried about right now is what kind of changes socioeconomic changes … Read more

Implementing a Simple HTTP Proxy in Golang

Implementing a Simple HTTP Proxy in Golang

This article details the implementation of an HTTP proxy using Golang. Those who have such needs in practical business can start learning! A proxy is an important function in the network, which serves to proxy network users to obtain network information. Figuratively speaking, it is a transfer station for network information. For clients, the proxy … Read more

Why Does HTTPS Return Large Data While HTTP Returns Line by Line?

Why Does HTTPS Return Large Data While HTTP Returns Line by Line?

Background: Recently, while debugging a ChatGPT dialogue website, I encountered issues with large data responses, leading me to use stream reading. The initial HTTP calls worked without any problems, but when switching to HTTPS in production, I kept facing errors. After struggling with this issue for two days, I finally resolved it with the help … Read more

General Penetration Testing Approaches for AES+SM4 Encryption

General Penetration Testing Approaches for AES+SM4 Encryption

General Penetration Testing Approaches for AES+SM4 Encryption Article originally published on: Zgao’s blog In a recent penetration testing project, the website’s traffic utilized the AES+SM4 dual-layer encryption algorithm for secure transmission. When encountering a website with encrypted transmission, it is usually impossible to perform vulnerability scanning. Manual testing is inefficient, hence the exploration of general … Read more