Windows Burpe Suite...ish

Project Dashboard

Project = this browser instance. Data is stored locally (localStorage). No backend proxy yet.

Phase status

Current

Phase 1.2 — Target: scope + site map derived from Proxy history (plus out-of-scope filtering)

Phase 1.3 — Workflow glue + polish: sitemap node → Intercept URL, copy URL, scope badges in history rows

Later

Phase 2 — Local proxy companion (CORS bypass, richer HTTP, cookies, timings)

Later

Phase 3 — TLS CA + MITM (scoped)

Shipped in current phase:

Proxy: request builder + response viewer + history + replay + diff
Target: scope (hosts + path prefixes) + sitemap from history
Filters: in-scope only (sitemap) + hide out-of-scope (history)

Quick actions

Send request

Proxy → Intercept → Send

Save to history

Proxy → Intercept → Save as new

Define scope

Target → Scope → Add host/prefix → Enable filtering

Build sitemap

Target → Site map → Refresh (optional) + In-scope only

Hide out-of-scope traffic

Proxy → HTTP history → Toggle “Hide out-of-scope”

Replay + diff

Proxy → HTTP history → Select → Replay → Diff

Site map

Build a host/path tree from captured traffic (Proxy history).

In-scope only

—

How scope affects the map

Define scope in Target → Scope. When “In-scope only” is enabled, the site map filters to URLs that match your scope rules.

Matching rules:

If scope filtering is disabled, everything is treated in-scope.
If no scope rules exist, everything is considered in-scope.
If hosts are set, host must match.
If path prefixes are set, path must start with one of them.

Scope

Define in-scope hosts and path prefixes. Stored locally in your browser.

Enable scope filtering

—

Add host

Hosts

Path prefixes

Examples: /api, /admin, /v1

Add path prefix

Prefixes

Issue definitions

Later phase: templates; auto-flag patterns and annotate history.

Request

Method

URL

Headers

Tip: Headers are applied to Send and saved to history via Save as new.

Body

Draft (not linked to history)

Raw request preview

—

Current send is direct (browser fetch). Backend proxy comes later.

Response

—

Headers

—

Body

—

HTTP history

Hide out-of-scope

Replay

Select a saved request

—

—

WebSockets history

Later phase: capture WS upgrades + frames via the proxy layer.

Proxy settings

Pretty-print JSON responses

Trim response headers display

Lowercase header keys on send

These are client-side transforms for now. Backend proxy settings land later.

Positions

Later phase: define insertion points in a request template.

Payloads

Later phase: simple payload lists + sequential iteration.

Resource pool

Later: concurrency limits, delays, retries, throttling.

Settings

Good home for proxy notes + CA/TLS guidance docs. Implementation comes later.