hetty
hetty copied to clipboard
dstotijn
An HTTP toolkit for security research.
Bumps [terser](https://github.com/terser/terser) from 5.12.1 to 5.14.2. Changelog Sourced from terser's changelog. v5.14.2 Security fix for RegExps that should not be evaluated (regexp DDOS) Source maps improvements (#1211) Performance improvements in...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
**Describe the bug** Hetty is vulnerable to DNS rebinding attacks because it does not validate the Host header. A malicious remote server could exploit this to: * trigger arbitrary HTTP...
**Is your feature request related to a problem? Please describe.** The docker image made available on docker hub is only compatible with the "linux/arm64/v8" architecture. **Describe the solution you'd like**...
With this change, DNS rebinding attacks on the admin routes should no longer be possible, and result in a `502 Bad Gateway` response. To test: ```sh curl -X POST http://localhost:8080/api/graphql/...
Bumps [dset](https://github.com/lukeed/dset) from 3.1.1 to 3.1.2. Release notes Sourced from dset's releases. v3.1.2 Patches (dset/merge): Prevent possible prototype pollution (#34): 2d156c7 Thank you @n1ru4l~! Chores (dset/merge): Add tests for "proto"...
- Allow changing request before it's sent. - Allow changing response before it's written to client.
This PR closes #52. This is a bare minimum but it solves the issue. The behavior that users might not expect is opening a new project if there's no such...
**Describe the bug** The CA was set up as the doc,then still get the error [ERROR] Securing client connection failed: handshake error: EOF **Expected behavior** https support **Screenshots**  **Desktop...
It's a bit hard to use this tool after the burpsuite as the proxy tabs look uncomfortable to me. It would be cool to have a possibility to resize these...
I am able to capture request like this: ~~~ curl -x localhost:8080 example.com ~~~ but I would like to capture TLS handshake (client hello) if possible. The reason is, certain...
