HTTP Toolkit

HTTP Toolkit can now automatically detect, parse & expose the EXIF metadata within intercepted images. Quickly inspect the secret metadata in images to understand when, where, and how they were captured, and plenty more; EXIF can hide a surprising amount! en.wikipedia.org/wiki/Exif

Need a second opinion understanding your HTTP, or a quick first pass to find the good bits? HTTP Toolkit now has MCP support! Copy-paste setup for Claude Code and plenty more, so it just takes seconds to get your LLMs intercepting & inspecting HTTP all by themselves ✨

What's perfect mirroring? Before, WebSockets were negotiated separately up & down stream. The data was the same but some handshake params could differ. We now take full low-level control of negotiation and link the two directly instead, to perfectly clone the full socket 👯

The proxy inside HTTP Toolkit (github.com/httptoolkit/mo…) was just updated: 30%+ more throughput, lower latency, and perfect mirroring for WebSockets too. Live now in Mockttp for custom proxies, coming to an HTTP Toolkit near you later this week!

Wouldn't it be nice if HTTP compression suddenly got 90% better for a whole bunch of common web scenarios? Dictionary Compression is here to save the day: httptoolkit.com/blog/dictionar… httptoolkit.com/blog/dictionar…

Vitor Daniel reverse engineered & probed his university's mobile app API with HTTP Toolkit, found a vulnerable endpoint leaking private data, and successfully worked with them to patch the issue. Great write-up! vitordaniel.is-a.dev/blog/como-eu-e… vitordaniel.is-a.dev/blog/como-eu-e…

@Rokkozz_ Global search is supported - in addition to the targeted filters (hostname=, header[x]*=y), you can use contains(x) to search every single field & the body for any string you like. Is that what you're looking for? Filtering docs are here: #filtering-intercepted-traffic" target="_blank" rel="nofollow noopener">httptoolkit.com/docs/reference…

@HttpToolkit Global search would be a nice featue

It's hard to find the needle in the haystack sometimes... You can now right-click any request in HTTP Toolkit to use its hostname as a filter, to quickly hide any host or show it exclusively, in one click right from the traffic itself 🪡

It'd be easy to add more one-click filters to this menu - any suggestions for what you'd like to be able to quickly add?

Interested in how rate limiting can work to throttle HTTP clients effectively? Tony Finch has written some fascinating thoughts about the (relatively) new HTTP standard Rate Limit Header: dotat.at/@/2026-01-13-h… dotat.at/@/2026-01-13-h…

𝗛𝗧𝗧𝗣 𝗧𝗼𝗼𝗹𝗸𝗶𝘁 – API debugging on steroids • Inspect real HTTP traffic • Debug auth, headers, TLS • Better than Postman for deep issues 🔗 httptoolkit.com

The second feature I use the most in @HttpToolkit is exporting a filtered list of requests to a .har file. This way I can use an Android app while intercepting requests, generate the .har and then feed it to an LLM to generate code from its contents.

Interested in debugging terminal & Docker network traffic with HTTP Toolkit? Take a skim through this quick intro from Learn Code Camp to get started: learncodecamp.net/terminal-http-… #powerful-inspection-tools" target="_blank" rel="nofollow noopener">learncodecamp.net/terminal-http-…

As if this weren't exciting enough already, I've also just sent this out to the mailing list and written up a whole summary of what's new in HTTP Toolkit recently, and what could be coming up next! Take a look: http-toolkit.mailcoach.app/webview/campai…

It's that time of year again, and so as the prophecy foretold, there must be a new HTTP Toolkit Black Friday deal 💸 This year it's **50% off forever** on all HTTP Toolkit Pro annual subscriptions, from now till Tuesday, with code BLACKFRIDAY25. Happy Thanksgiving/shopping week!

Big milestone: HTTP Toolkit just crossed one million downloads! 🚀 Honestly I didn't think it'd ever get this far, I'm blown away. A huge thanks to all the users, contributors & supporters over the years ❤️. Onwards!

If you like turning HTTP into code, you'll be excited to hear that HTTP Toolkit can now export requests as ready-to-use code for: - Rust's Reqwest library - Ruby's Faraday library - Crystal's built-in APIs - Spring RestClient on the JVM Plus plenty of other fixes & tweaks too!

And as ever, this is all #opensource - if you want to do the same elsewhere there's a new standalone JS library just for this: github.com/httptoolkit/cu…

Want to quickly get a curl request into HTTP Toolkit's Send tool, to start tweaking & testing parameters? If you paste curl commands directly into the Send page URL bar, it'll now automatically parse it and fill out all the fields for you ✨

The best feature requests are the ones where the feature is already live 😀 github.com/httptoolkit/ht… Did you know you can breakpoint requests & responses in live traffic with HTTP Toolkit, to modify them, inject a response or simulate errors? github.com/httptoolkit/ht…