Full feature map

68 features across the complete manual testing workflow.

Use the search field to filter proxy, TLS, replay, scanning, reporting, project workflow, and low-level diagnostic capabilities.

Category 01

Proxy & Traffic Capture

9 features

Local HTTP/HTTPS proxy listener

Run a local proxy endpoint for browser, application, and tool traffic capture.

HTTP/1.1 keep-alive client connections

Handle persistent client-side HTTP sessions during capture.

Persistent upstream connections

Reuse upstream connections where possible for realistic proxy behavior.

HTTP CONNECT pass-through

Support CONNECT tunneling when TLS interception is not enabled.

Opt-in TLS MITM

Enable HTTPS inspection explicitly instead of silently intercepting encrypted traffic.

Per-host MITM scope and bypass rules

Choose which hosts should be intercepted and which should remain pass-through.

TLS version min/max controls

Constrain TLS behavior for testing compatibility and handshake policy.

Upstream TLS verification controls

Inspect or relax upstream certificate validation only when explicitly configured.

mTLS per-host client certificates

Attach client certificates to selected upstream hosts for mutual TLS environments.

Category 02

Low-Level Network Diagnostics

7 features

Connection Inspector

Review connection-level events for proxy troubleshooting and network analysis.

TCP accept timeline

Track when a client connection is accepted and how it progresses.

DNS resolution timings and errors

Record resolution attempts, durations, and failure details.

Upstream TCP connect timings

Measure upstream connection establishment for each target.

Upstream proxy chaining visibility

See whether traffic is routed directly or through a corporate proxy chain.

TLS handshake diagnostics

Surface SNI, ALPN, negotiated version, cipher, and handshake result details.

Byte counters and close reasons

Track bytes read and written with connection shutdown causes.

Category 03

Intercept & Modification

7 features

Request intercept queue

Pause selected requests before they reach the target.

Response intercept queue

Inspect and modify selected responses before they return to the client.

Raw request editing

Edit headers and body bytes directly during intercept.

Raw response editing

Modify server responses for debugging and authorized test cases.

Forward, drop, and forward-all actions

Control each intercepted message or temporarily release the queue.

Match-and-replace rules

Apply configured request or response transformations during proxy flow.

Audit log for edits and transformations

Persist visible modification history for accountability and reporting.

Category 04

History, Storage & Search

9 features

SQLite project history

Store captured exchanges in a local project database.

Async write queue

Keep proxy capture responsive while persistence happens in the background.

Full-text search

Search requests, responses, metadata, and stored evidence quickly.

Large body spool

Store larger payloads outside the main database file when needed.

Raw and normalized body storage

Retain original bytes and decoded representations for analysis.

Truncation and observed-size metadata

Preserve payload size facts even when body storage is capped.

Annotations, highlights, and issue markers

Attach investigator context directly to captured traffic.

Retention policies

Control how long project history and body data are kept.

Project import and export

Move sessions between machines or archive assessment work.

Category 05

Manual Testing Tools

9 features

Repeater tabs

Send captured or edited requests into organized manual replay tabs.

Saved replay results

Persist response outcomes for later comparison and reporting.

Request diff timeline

Track request and response variants with status, size, duration, and findings.

Intruder and fuzzer

Exercise parameters and payload positions under explicit tester control.

Payload sets

Manage reusable inputs for manual and semi-automated tests.

Grep match and extract

Identify response markers and extract values during replay or fuzzing.

Decoder utilities

Decode, transform, and inspect common web payload encodings.

Comparer

Compare requests and responses to isolate behavioral differences.

WebSocket replay and intercept

Capture and inspect WebSocket frames alongside HTTP traffic.

Category 06

Scanning & Findings

8 features

Passive scanner

Generate findings from observed traffic without sending extra requests.

Header, cookie, CORS, cache, and TLS observations

Surface common configuration issues from captured responses.

JWT, secret, and sensitive keyword analysis

Flag tokens and exposed sensitive material in traffic.

Opt-in active scanner

Run active checks only when the tester explicitly starts them.

Scope-limited active checks

Apply active tooling only to allowed targets.

Rate and concurrency controls

Throttle active testing to match engagement constraints.

Findings lifecycle

Track status and review state for identified issues.

Authorization matrix

Organize access-control hypotheses and test results by role or account.

Category 07

Project Workflow & Reporting

10 features

Target scope rules

Define which hosts and URLs are in scope for active work.

Target sitemap

Build a navigable map of observed application paths.

Pinned workspace and testing checklist

Keep objectives, endpoints, notes, statuses, and related evidence together.

Evidence Board

Collect requests, findings, notes, and report references in one investigation board.

Report editor

Draft assessment output from findings and stored evidence.

Findings exports

Export issue data to JSON, Markdown, or HTML formats.

HAR export

Share selected traffic using the standard HTTP Archive format.

Raw request and response export

Save exact traffic artifacts for reproduction or evidence packages.

Session JSON export and import

Move structured project data between environments.

Project health dashboard

Monitor feature coverage, setup status, and workflow readiness.

Category 08

Platform, Safety & Extensibility

9 features

Local-first storage

Keep captured data and project artifacts on the tester machine.

Manual CA export, rotation, and deletion

Control certificate authority material without automatic trust installation.

Upstream proxy authentication support

Work in corporate network environments that require proxy credentials.

Client certificate rules

Attach certificates to selected hosts for mTLS testing.

Redaction rules

Reduce sensitive data exposure in persisted artifacts and UI views.

Plugin manifest loading

Register extension metadata and capabilities explicitly.

Plugin sandbox policy

Keep extension behavior constrained and inspectable.

Scriptable passive rules and transformations

Extend analysis and request handling for project-specific workflows.

Command palette

Access frequent actions quickly through a keyboard-driven UI.