Disclaimer: Snorpy is for authorized security testing only. Use it on systems you own or have explicit permission to test.
Why I started building this
Burp Suite is excellent. I’ve used it, I respect it, and for serious engagements it’s still the benchmark.
But between licensing costs and a stack I couldn’t easily extend, I kept thinking: what if there was an open-source alternative built with the tools I already use every day — React, TypeScript, Electron?
That’s why I started Snorpy: a desktop MITM proxy with Proxy, Repeater, and Intruder. It’s early, it’s Apache 2.0, and it’s open for contributors — not a Burp clone yet, but a project I wish existed when I started pentesting.
Important honesty up front: Snorpy is not a full Burp replacement yet. Proxy, Repeater, and Intruder work today. Spider, Decoder, Comparer, and more are on the roadmap. I'm sharing this now because I'd rather build it with feedback than polish in private forever.
What Snorpy does today
✅ Working now
| Tool | What it does |
|---|---|
| Proxy | HTTP(S) intercept on port 8080, target scoping, request hold/modify/forward |
| Repeater | Edit headers/body and resend requests manually |
| Intruder | Fuzz with §placeholder§ markers, wordlists, configurable concurrency |
🚧 Coming soon
The sidebar already sketches the roadmap: Spider, Decoder, Comparer, Buster, AI Analyzer, log export, and project settings. These are great places to contribute if you're looking for a first PR.
Architecture: why Electron + mockttp?
Snorpy splits cleanly into two worlds:
United States
NORTH AMERICA
Related News
Secret Claude Tracker Shocks Users After Anthropic's Anti-Surveillance Stance
12h ago
EV Batteries Defy Expectations, Last Hundreds of Thousands of Miles
1d ago
GBase 8a Performance Anomaly Case Study: How a Single Parameter Change Sparked a Chain Reaction
1d ago
Who Else Has Inherited a Codebase With Zero Comments and a Prayer?
1d ago
完美的平庸
4h ago