HTTP Toolkit Server

The backend of HTTP Toolkit

 Build Status Version

This repo contains the backend for HTTP Toolkit, a beautiful, cross-platform & open-source HTTP(S) debugging proxy, analyzer & client.

Looking to file bugs, request features or send feedback? File an issue or vote on existing ones at

What is this?

HTTP Toolkit runs everything possible within the web UI, written as a standard single-page web application. There's a couple of necessary things you can't do in a web application though, especially:

  • Start a locally running proxy server (here using Mockttp)
  • Launch local applications preconfigured for interception

This server exposes an API that is used by the web UI, exposing these actions and some other related information. The API itself is GraphQL, see src/api-server.ts for the full details.

This server is runnable standalone as a CLI using oclif, or can be imported into other modules to be run programmatically. The available interceptors are defined in src/interceptors, and some of these also use other services in here, e.g. src/cert-check-server.ts automatically checks if a certificate is trusted by a browser client, and downloads or installs (depending on the client) the certificate if not.

Note that the set of interceptors available in HTTP Toolkit depends on both the interceptors available on your server and the interceptors defined in the UI - new interceptors will need to be added to both.

This server is typically used by users via httptoolkit-desktop, which builds the server and web UI into an electron application, and starts & stops the server in the background whenever that app is run. Each time the desktop app is built, a new electron app is created containing the latest release from this repo.

Once the server has installed it automatically updates in the background periodically, pulling new releases from the github releases of this repo.

To get started:

  • Clone this repo.
  • npm install
  • npm start
  • A Mockttp standalone server will start on port 45456, and a graphql management server on 45457.
  • Either make requests to the servers by hand, use the production UI by opening in a Chromium-based browser, or start and use a local UI by:
    • Setting up the web UI locally (see httptoolkit/httptoolkit-ui#contributing).
    • Running npm run start:web there to start the UI without its own server.
    • Opening in a Chromium-based browser

A few tips:

  • Running the server with ENABLE_PLAYGROUND set to true at the top of src/api-server.ts will give you a GraphQL playground on http://localhost:45457/.
  • New interceptors need to be added to src/interceptors/index.ts. They will also need to be added to the UI.
  • The tests assume that the required applications are installed and some docker images are already pulled. See ci.yml and the build-base image for an example of how to set this up (or just run the tests, look at the errors, and install whatever's missing).




HTTP Toolkit is a beautiful & open-source tool for debugging, testing and building with HTTP(S) on Windows, Linux & Mac.

HTTP Toolkit

Follow @httptoolkit on Twitter GitHub Org's stars Desktop downloads counter Open feature suggestions 100% open-source

HTTP Toolkit is an open-source tool for debugging, testing and building with HTTP(S) on Windows, Linux & Mac.

You can use it to intercept, inspect & rewrite HTTP(S) traffic, from everything to anywhere. Explore Android app traffic, mock requests between your microservices, and x-ray your browser traffic to debug, understand and test anything.

➡️ Find out more and try it out now at ⬅️

Want to give feedback, report bugs, or get help? File an issue.

Want to contribute to HTTP Toolkit's development yourself? Dive in.


With HTTP Toolkit, you can:

  • Instantly intercept browsers, most backend & scripting languages (from Node.js to PHP), Android devices, Electron apps and more with one-click setup.
  • Collect interesting traffic without intercepting everything on your whole machine, so there's no extra noise and no side-effects - just the traffic you care about.
  • Inspect the full headers & body for every request & response from every client, to immediately see what's really being sent & received on the wire.
  • Easily understand collected HTTP traffic, with inline documentation for all standard headers & responses statuses, plus body decoding, highlighting, folding, and other niceties, powered by the same internals as Visual Studio Code.
  • Quickly find the data you care about, with exchanges highlighted by client and tagged by category (images, JSON responses, errors), and free-text & structured filtering across all request & response data.
  • Breakpoint live requests or responses, to rewrite HTTP traffic on the fly.
  • Mock endpoints or servers, with a flexible rule configurations to match and handle requests automatically, to send responses, inject failures & timeouts, or transparently redirect requests elsewhere.
  • Intercept any HTTP traffic: HTTP Toolkit is a transparent HTTP proxy, and can intercept plain HTTP, encrypted HTTPS, WebSockets, HTTP/2, proxy requests, direct requests, manually redirected packets, you name it, all on one port.

Where to start

This github organization contains the entire project.

Yes, even the account management servers, even the paid features, everything. All of that is open source, licensed as a mixture of copyleft AGPL (for the HTTP Toolkit-specific components, ensuring all direct derivative projects are open-source too) and permissive Apache-2/MIT licenses (for all the general-purpose reusable libraries).

The main repos you might be interested in are:

  • HTTP Toolkit Website - the source for the website, including the marketing pages, the blog, and the docs.
  • HTTP Toolkit UI - the core of the product, a TypeScript + React app that powers most of the functionality you use, except for things that can't be done in a web page (i.e. starting a proxy, and setting up client interception).
  • HTTP Toolkit Server - the backend of the product, a TypeScript + node.js server that does the things the UI can't do: starting a proxy, and setting up client interception.
  • Mockttp - the HTTP(S) proxy itself, and all low-level logic around that, as a standalone TypeScript library. Used in HTTP Toolkit for traffic interception, but also usable standalone as a testing tool, or as a programmatically controllable intercepting HTTP(S) proxy.
  • HTTP Toolkit for Android - the Android app, a native Kotlin + Java app that manages certificate trust & enforces HTTP interception on Android devices.
  • HTTP Toolkit Desktop - a TypeScript + Electron wrapper, which combines the UI & the server and builds convenient per-platform installers.

Each repo has its own readme explaining how to get set up and outlining how the component works. Check out the issues in this repo for ideas, feel free to ask questions, and dive in!



开源的 HTTP(S) 调试工具-HTTP Toolkit

HTTP Toolkit是一款开源的 HTTP(S) 调试、测试与构建工具,遵守AGPL开源协议。支持 Windows、Mac、Linux 等多平台操作系统。支持自动配置代理,可进行数据包的监听、拦截与修改。支持的桌面浏览器包括Chrome,Edge和Firefox等,同时也有Android浏览器版。 可通过使用Visual Studio Code的编辑器Monaco的功能,对JSON,HTML,JS,hex和其他内容进行突出显示和自动格式化,从而挖掘和分析消息正文。