interceptor

module
v0.27.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 3, 2026 License: MIT

README

Interceptor

CI Release Go

A lightweight intercepting HTTP/HTTPS proxy and security-testing toolkit — a leaner, native alternative to Burp Suite, in a single static Go binary. It runs a MITM proxy plus a local web UI, with performance as a first-class constraint: a compiled core, request/response bodies streamed to disk (never held whole in memory), and passive analysis kept off the hot path.

Built for the AI-assisted penetration tester. The human drives a fast web UI; their AI assistant drives the same engine through a real MCP server and a REST/SSE API — listing and reading flows, replaying and mutating requests, fuzzing, scanning, and toggling intercept, all under the tester's direction and entirely on the local machine.

⚖️ Responsible use. Interceptor is intended for testing systems you own or are explicitly authorized to test. Intercepting other people's traffic or attacking systems without permission is illegal in most jurisdictions. You alone are responsible for how you use it.


Contents

Features · Install · Quick start · Intercepting HTTPS · Configuration · Security model · Drive it with AI (MCP) · Control API · Architecture · Development · Roadmap · License

Features

  • Intercepting proxy for HTTP and HTTPS, with on-the-fly TLS interception via a local CA (per-host leaf certs minted on demand).
  • Live history — every flow captured (metadata in SQLite, bodies content-addressed on disk), filterable/searchable, with a raw/pretty request & response inspector and right-click filters.
  • Intercept workflow — hold / forward (with edits) / drop requests and responses, plus ordered match-&-replace rules.
  • Repeater — multi-tab; re-send any request, edit it freely, inspect the response, per-tab history.
  • Intruder — Sniper / Pitchfork (one payload list per § marker) / Race (no-payload concurrent resends for race conditions), with thread + delay controls, payload processing (url/base64/…), grep-match/extract, anomaly flagging, attack tabs and run history.
  • Authorization testing — replay a request as each saved identity (role) and diff for broken access control (IDOR). OOB interaction catcher for blind SSRF/XXE/SQLi/RCE (off by default — remote targets cannot reach localhost; enable in Settings → Scanner when you have a tunnel or public URL).
  • Content discovery — scope-aware forced-browse (dirbuster/ffuf-style): wordlist + extensions, per-directory soft-404 calibration, recursion, threads/delay; found endpoints feed History & the Map.
  • AI assist — BYO-key LLM explains requests, suggests payloads (with Repeater/Intruder routing), and summarizes findings; streamed, rendered as Markdown.
  • Scanner — 12 passive checks (missing CSP/HSTS/nosniff/clickjacking headers, wildcard CORS, reflected parameters, secrets in bodies, insecure cookies, Basic-auth & version disclosure, …), exportable as a Markdown findings report.
  • Custom checks — extend the scanner with your own passive checks in sandboxed Starlark (drop a .star file in ~/.interceptor/checks/). See the check-authoring guide and examples/checks/.
  • Target scope — include/exclude rules that focus history, the intercept gate, and the scanner.
  • WebSocket capture (ws:///wss:// per-frame) and replay (a WebSocket Repeater).
  • Session / auth injection — auto-apply an Authorization/Cookie to every Repeater & Intruder send, plus a token macro (CSRF/re-auth: fetch a value from a refresh request, inject per send) and a login macro (record a login flow, refresh session headers, auto re-auth on 401).
  • Import / export — HAR in and out, plus portable project bundles (flows + rules + scope + settings).
  • BYO-key AI assist — explain a request, suggest payloads, or summarize findings via your own Anthropic or OpenRouter key (off until you set one; the exchange is sent only on request).
  • API & MCP — a REST control API + SSE event stream and a full Model Context Protocol server (49 tools, stdio and Streamable-HTTP) so an agent or script drives the same core as the UI.

Install

Interceptor is a single static binary — no cgo, no Node, no runtime dependencies.

Requires Go 1.25+:

# latest release:
go install github.com/Veyal/interceptor/cmd/interceptor@latest
# …or pin a specific release:
go install github.com/Veyal/interceptor/cmd/interceptor@v0.1.0

interceptor        # if $(go env GOPATH)/bin is on your PATH

Or update in place (no go install to remember):

interceptor update              # latest release
interceptor update --check      # is a newer version out?
interceptor update --version 0.6.0

interceptor update downloads a prebuilt binary from GitHub Releases when one is attached for your OS/arch (and verifies checksums.txt when present). If the release has no binary yet, it falls back to go install automatically.

Every tagged version is listed on the Releases page with its changelog; @latest resolves to the newest tag, @vX.Y.Z pins one.

From source
git clone https://github.com/Veyal/interceptor.git
cd interceptor
CGO_ENABLED=0 go build -o interceptor ./cmd/interceptor
./interceptor
Prebuilt binaries

Each tagged release attaches static binaries for linux / macOS / windows (amd64 & arm64) plus a checksums.txt on the Releases page (built by the release workflow when a v* tag is pushed) — download, verify the checksum, chmod +x, and run. (go install above is equivalent and always tracks the latest release.)

Quick start

  1. Run it. interceptor starts the proxy on 127.0.0.1:8080 and the UI on 127.0.0.1:9966. Open that URL in your browser — or start with --open to launch it automatically.
  2. Send traffic through it. Point your browser/HTTP client (or the OS proxy via Settings → System proxy on macOS) at 127.0.0.1:8080.
  3. For HTTPS, trust the CA (see below) — then HTTPS flows are decrypted and editable.
  4. Work the loop. Watch flows land in Proxy, send one to Repeater or Intruder, run the Scanner, set Scope, or flip on Intercept to hold/edit requests and responses.

Runtime data lives under ~/.interceptor/ (interceptor.db, bodies/, ca/). Delete that directory to reset.

Intercepting HTTPS

  1. Point your client at the proxy (127.0.0.1:8080).
  2. Download the CA from the Settings tab (or http://127.0.0.1:9966/api/ca.crt) and install/trust it in your OS/browser trust store.
  3. HTTPS flows are now decrypted, captured, and editable. Per-host leaf certs are minted on demand and cached.

Configuration

Environment variable Effect
INTERCEPTOR_OPEN_BROWSER Auto-open the UI on start (same as --open). The default is not to open it.
INTERCEPTOR_ALLOW_EXTERNAL_BIND Lock down to loopback-only binds when set to 0/false. External bind (e.g. 0.0.0.0 for LAN capture) is allowed by default — see Security model.
INTERCEPTOR_CONTROL_URL For interceptor mcp: the control API to drive (default http://127.0.0.1:9966).
ANTHROPIC_API_KEY / OPENROUTER_API_KEY Optional fallback key for AI assist when none is set in Settings → AI.

The proxy bind address is also runtime-configurable in Settings (and persisted).

Security model

Both listeners bind loopback by default. The control plane additionally rejects any request with a non-loopback Host header or a non-loopback Origin — so a web page you happen to visit can't quietly drive the API (CSRF) or read your captured traffic via DNS-rebinding. Rebinding the proxy or control UI to a non-loopback address (e.g. 0.0.0.0 for LAN device capture) is allowed from Settings; set INTERCEPTOR_ALLOW_EXTERNAL_BIND=0 to refuse non-loopback binds. Captured traffic and any AI key never leave your machine except on an explicit AI-assist request to your chosen provider.

Drive it with AI (MCP)

Interceptor ships a Model Context Protocol server so an AI assistant can operate the proxy with the same capabilities as the UI. Run the app, then connect your MCP client one of two ways:

stdio (Claude Desktop / Claude Code) — point your client at the mcp subcommand:

{
  "mcpServers": {
    "interceptor": { "command": "interceptor", "args": ["mcp"] }
  }
}

Streamable-HTTP (hosted/remote agents) — POST JSON-RPC to http://127.0.0.1:9966/mcp (stateless; no subprocess needed).

Both expose the same 49 tools — reading flows (list_flows, get_flow, analyze_flow, flow_as_curl), replaying/fuzzing (send_request, start_intruder, ws_send), scanning (run_scanner, scan_report), intercept/rules/scope control, and set_session — with bounded results so large bodies don't blow the agent's context. The UI's API → MCP tab shows a copy-paste config and the live tool list.

Control API

The full REST surface is documented at runtime: GET /api/reference (or the API → REST tab). Live updates stream over Server-Sent Events at GET /api/events. Highlights: /api/flows, /api/repeater/send, /api/intruder/start, /api/scanner/run, /api/scope, /api/session, /api/ws/send, /api/export/{har,project}, /api/settings.

Architecture

One Go binary, two localhost listeners. Each internal/* package has a single responsibility and is independently tested.

Package Responsibility
internal/store SQLite metadata (flows, rules, settings, issues, ws frames, scope, views, keys) + content-addressed body files
internal/capture Stream bodies to the store via io.TeeReader (never buffered whole)
internal/tlsca Local CA: load/generate, mint + cache per-host leaf certificates
internal/intercept Hold queue (forward/edit/drop) for requests and responses + match-&-replace
internal/proxy Forward proxy, CONNECT + TLS MITM, WebSocket frame relay, flow capture, upstream proxy
internal/scope Target-scope include/exclude matcher (host wildcards + path prefixes)
internal/sender One-off direct request sender (+ session headers, CSRF/re-auth token macro, authz replays) — backs Repeater & Intruder
internal/intruder Sniper / Pitchfork / Race attack engine (threads, delay, grep-match/extract, payload processing)
internal/scanner Passive security checks over captured flows
internal/discovery Scope-aware content-discovery (forced-browse) engine: wordlist brute-force, soft-404 calibration, recursion, worker pool
internal/oob Out-of-band interaction catcher (blind SSRF/XXE/SQLi/RCE callbacks)
internal/checkscript Runs user-authored Starlark scanner checks (sandboxed, bounded)
internal/curlgen · internal/report Render a flow as curl; render findings as Markdown
internal/wsrepeater WebSocket Repeater (RFC 6455 handshake + masked frames, no deps)
internal/harx HAR 1.2 import/export
internal/sysproxy Opt-in macOS system-proxy toggle
internal/aiassist BYO-key LLM bridge (Anthropic + OpenRouter)
internal/mcp MCP server (stdio + Streamable-HTTP) over the control API
internal/control REST + SSE API, security guard, serves the embedded web UI
cmd/interceptor Config, wiring, lifecycle (both listeners, runtime rebind, graceful shutdown)

The web UI lives in internal/control/ui/ (embedded via //go:embed): an index.html shell, app.css, and native ES modules under js/core.js (shared foundation) plus one module per feature, wired together by app.js. No build step or bundler; the binary stays single and static. Design notes and per-slice specs/plans live under docs/.

Development

go test ./...          # all tests
go test -race ./...    # race detector (must be clean)
go vet ./...           # static checks (must be clean)

Please read CONTRIBUTING.md before sending changes — TDD, no cgo, Conventional Commits, and a CHANGELOG.md entry per change are expected.

Roadmap

Why this exists, who it's for, and what's next live under docs/product/: strategy · roadmap · metrics · MCP cookbook · flagship PRD. Performance numbers (≈20 MB idle, ≈1 s cold start) are in docs/benchmarks.md. Larger bets ahead: login-macro/401 re-auth session handling, HTTP/2, an extension API, and automated release binaries for every platform.

License

MIT © 2026 veyal.

Directories

Path Synopsis
cmd
interceptor command
Command interceptor runs the Interceptor intercepting proxy: an HTTP/HTTPS forward proxy plus a localhost control plane that serves the web UI.
Command interceptor runs the Interceptor intercepting proxy: an HTTP/HTTPS forward proxy plus a localhost control plane that serves the web UI.
internal
activescan
Package activescan is the deterministic active-scan engine: it enumerates the injection points of a request, fires per-class payloads at them through a caller-supplied sender, and confirms vulnerabilities with detectors.
Package activescan is the deterministic active-scan engine: it enumerates the injection points of a request, fires per-class payloads at them through a caller-supplied sender, and confirms vulnerabilities with detectors.
activescript
Package activescript runs user-authored ACTIVE scanner checks written in Starlark — the active twin of internal/checkscript.
Package activescript runs user-authored ACTIVE scanner checks written in Starlark — the active twin of internal/checkscript.
aiassist
Package aiassist is an optional, bring-your-own-key bridge to an LLM that explains requests, suggests payloads, and summarizes findings.
Package aiassist is an optional, bring-your-own-key bridge to an LLM that explains requests, suggests payloads, and summarizes findings.
android
Package android configures a USB-connected Android device for HTTPS interception via adb.
Package android configures a USB-connected Android device for HTTPS interception via adb.
auth/jwtextract
Package jwtextract pulls JWT-shaped tokens from HTTP flows (Bearer header, JSON fields, URL path/query, cookies) for cross-host replay and SSO testing.
Package jwtextract pulls JWT-shaped tokens from HTTP flows (Bearer header, JSON fields, URL path/query, cookies) for cross-host replay and SSO testing.
bind
Package bind holds listen-address policy shared by the CLI and control plane.
Package bind holds listen-address policy shared by the CLI and control plane.
capture
Package capture streams HTTP bodies into the store as they pass through, without buffering them in memory.
Package capture streams HTTP bodies into the store as they pass through, without buffering them in memory.
checkscript
Package checkscript runs user-authored passive scanner checks written in Starlark — a small, Python-like, deterministic language.
Package checkscript runs user-authored passive scanner checks written in Starlark — a small, Python-like, deterministic language.
codec
Package codec — body.go: HTTP response-body decompression helpers shared by control (display decoding) and intruder (grep decoding).
Package codec — body.go: HTTP response-body decompression helpers shared by control (display decoding) and intruder (grep decoding).
control
Package control serves the Interceptor UI and the REST + SSE control API on the fixed localhost control port.
Package control serves the Interceptor UI and the REST + SSE control API on the fixed localhost control port.
curlgen
Package curlgen renders a captured request as a runnable curl command, so a tester (or the AI) can reproduce and iterate on it in a terminal.
Package curlgen renders a captured request as a runnable curl command, so a tester (or the AI) can reproduce and iterate on it in a terminal.
discovery
Package discovery is a scope-aware content-discovery (forced-browse) engine: it brute-forces paths from a wordlist against a base URL, calibrates a per-directory soft-404 signature so it doesn't drown in false hits, optionally recurses into discovered directories, and streams results as it goes.
Package discovery is a scope-aware content-discovery (forced-browse) engine: it brute-forces paths from a wordlist against a base URL, calibrates a per-directory soft-404 signature so it doesn't drown in false hits, optionally recurses into discovered directories, and streams results as it goes.
harx
Package harx converts captured flows to and from the HAR 1.2 (HTTP Archive) format for interop with browsers, Postman, and other tooling.
Package harx converts captured flows to and from the HAR 1.2 (HTTP Archive) format for interop with browsers, Postman, and other tooling.
hostpattern
Package hostpattern matches host strings against simple scope-style patterns (exact, *.wildcard).
Package hostpattern matches host strings against simple scope-style patterns (exact, *.wildcard).
httplines
Package httplines normalizes HTTP header input from APIs and MCP tools.
Package httplines normalizes HTTP header input from APIs and MCP tools.
intercept
Package intercept implements the request hold queue (Burp-style intercept) and the request-side match-&-replace engine.
Package intercept implements the request hold queue (Burp-style intercept) and the request-side match-&-replace engine.
intruder
Package intruder runs payload-driven attacks (Sniper, Pitchfork) against a request template whose fuzz points are wrapped in §…§ markers.
Package intruder runs payload-driven attacks (Sniper, Pitchfork) against a request template whose fuzz points are wrapped in §…§ markers.
ios
Package ios configures iOS simulators and devices for HTTPS interception.
Package ios configures iOS simulators and devices for HTTPS interception.
mcp
Package mcp implements a Model Context Protocol server over stdio so an AI agent can operate Interceptor as a set of tools.
Package mcp implements a Model Context Protocol server over stdio so an AI agent can operate Interceptor as a set of tools.
netutil
Package netutil provides helpers for enumerating local network addresses.
Package netutil provides helpers for enumerating local network addresses.
oob
Package oob is an out-of-band interaction catcher for blind-vulnerability testing (blind SSRF / XXE / SQLi / RCE).
Package oob is an out-of-band interaction catcher for blind-vulnerability testing (blind SSRF / XXE / SQLi / RCE).
proc
Package proc discovers and stops running Interceptor processes by image name.
Package proc discovers and stops running Interceptor processes by image name.
proxy
Package proxy implements an intercepting HTTP/HTTPS forward proxy that captures every flow.
Package proxy implements an intercepting HTTP/HTTPS forward proxy that captures every flow.
report
Package report renders scanner findings as a human-readable Markdown report, ready to paste into a pentest writeup.
Package report renders scanner findings as a human-readable Markdown report, ready to paste into a pentest writeup.
scanner
Package scanner runs passive security checks over captured flows.
Package scanner runs passive security checks over captured flows.
scope
Package scope evaluates target-scope rules: which flows are "in scope" for an engagement.
Package scope evaluates target-scope rules: which flows are "in scope" for an engagement.
sender
Package sender issues one-off HTTP/HTTPS requests directly to a target (bypassing the proxy listener) and records each as a flow.
Package sender issues one-off HTTP/HTTPS requests directly to a target (bypassing the proxy listener) and records each as a flow.
store
Package store persists flow metadata in SQLite and bodies on disk.
Package store persists flow metadata in SQLite and bodies on disk.
sysproxy
Package sysproxy points the operating system's HTTP/HTTPS proxy at Interceptor (and turns it back off).
Package sysproxy points the operating system's HTTP/HTTPS proxy at Interceptor (and turns it back off).
tlsca
Package tlsca manages a local certificate authority for TLS interception: it loads or generates a CA, then mints and caches short-lived per-host leaf certificates signed by that CA so the proxy can terminate client TLS.
Package tlsca manages a local certificate authority for TLS interception: it loads or generates a CA, then mints and caches short-lived per-host leaf certificates signed by that CA so the proxy can terminate client TLS.
version
Package version is the single source of truth for the build version and a best-effort "is a newer release out?" check against the GitHub tags.
Package version is the single source of truth for the build version and a best-effort "is a newer release out?" check against the GitHub tags.
wsrepeater
Package wsrepeater opens a fresh WebSocket connection to a target, sends one message, and captures the frames the server returns — a "Repeater" for WebSockets.
Package wsrepeater opens a fresh WebSocket connection to a target, sends one message, and captures the frames the server returns — a "Repeater" for WebSockets.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL