HTTP Hacker

HTTP Hacker is a unique Burp extension designed for advanced interaction and control over HTTP servers and proxies using persistent TCP/TLS connections. It offers complete visibility of HTTP messages without any automatic parsing and provides direct access to request and response queues. To simplify the modeling of intricate proxy behavior and network interactions, a visual drag and drop interface and built-in testing framework are also included.

Features

• Organize your work into sessions, with each session representing a network target used to model and test its behavior over persistent HTTP connections
• An unobstructed view of HTTP messages, enabling you to interact with target domains like servers or proxies via independent TCP/TLS connections
• A network tab to visually model network structure
• Create persistent connections to a domain or IP address for interaction with HTTP servers or proxies through TCP or TLS sockets
• Built-in connection bar to display connection status
• Viewing and manage traffic at different stages of connection

Usage

To configure aspects of a connection, you can define the Host (target domain or IP address), Port (the port to connect to on the target server), and enable TLS for a secure connection.

The Stream tab allows you the freedom to interact with a specific connection. Here, you can use various controls to:

• Start a new connection and send data from the Client request editor
• Send data from the Client request editor if youre already connected
• End the current connection
• Reset the connection every time new data is sent

The extension also features multiple HTTP editors for the manipulation of traffic at different stages of the connection. This includes panels such as:

• Client Request: Here you can add bytes that will be sent through the socket. This panel is similar to the Repeater request editor, and has options to show non-printable characters, hide headers, and view in Pretty/Raw/Hex views.
• Request Queue: This panel allows you to view all requests sent through the current connection, as if on a server or proxy's HTTP request queue. This enables you to review all sent requests in full byte sequence on the stream.
• Response Queue: Here, you can view all response bytes received over the current connection, giving an unprocessed, continuous view of server responses as they are received by the socket. This panel doesnt apply any parsing or decoding to responses, unlike the response view in Repeater.
• Proxy Editors: These are only shown when you send proxies from the Network tab to the stream. They enable you to test how the proxy parses request data when connected to your target domain.

You can quickly view and edit features of the request using the interactive features in the Stream tools side panel. This functionality allows you to take full control over HTTP connections and tailor them to your specific needs.

Copyright © 2025 PortSwigger Ltd.