This is a draft of something wanted. If you are curious, take a look at docs/ROADMAP.md and docs/RESOURCES.md
Fart is the name for the project that collects a series of tools to accomplish what the monolithic (and more importantly closed source) Burp Suite from Portswigger does.
This repository contains the core parts, that are written in golang. The architecture is described in docs/ARCHITECTURE.md
With Fart, one should be able to spawn an intercept proxy that should be able to intercept http/https and websocket messages, allowing the user to inspect and modify both the outgoing request and the incoming response between a client (i.e. a browser) and a server, in an interactive fashon.
To easen the burden of manual inspecting the request/response, one should be
able to configure Fart to selectively intercept and hold for
inspection/modification, based on some chosen rule such as the host, the
extension of the resource, it's Content-Type, some regular expression on the
URI and so on.
The core should also be able to persist the intercepted request in some organized (and possibly querable) form for later inspection and to export the requests in some format that allows reproduction (i.e. curl shell command).
The core should also expose the possibility to:
- repeat a selected request (and easily show diffs between responses)
- fuzz a parametrized request
- (nice to have) being expandable by means of some form of scripting
Burp Suite is great, but it's closed source and we love open source.
The application in this repository is a cli, called fart, with the following
verbs:
-
fart serve: spin up a server instance -
fart tui: start an interactive user interface
This subcommand starts the instance of a server and binds two sockets:
- a proxy socket, where it behaves as an HTTP proxy
- a websocket to expose the captured data to a client
- a control socket, to control the internal state of the server from another program (likely the cli)
You can open an issue here, or drop an email at blallo -|AT|- autistici[.]org