Tired of paying for Burpsuite so I started SNORPY

Kinetikus — Sun, 28 Jun 2026 20:40:52 +0000

Disclaimer: Snorpy is for authorized security testing only. Use it on systems you own or have explicit permission to test.

Why I started building this

Burp Suite is excellent. I’ve used it, I respect it, and for serious engagements it’s still the benchmark.

But between licensing costs and a stack I couldn’t easily extend, I kept thinking: what if there was an open-source alternative built with the tools I already use every day — React, TypeScript, Electron?

That’s why I started Snorpy: a desktop MITM proxy with Proxy, Repeater, and Intruder. It’s early, it’s Apache 2.0, and it’s open for contributors — not a Burp clone yet, but a project I wish existed when I started pentesting.

Important honesty up front: Snorpy is not a full Burp replacement yet. Proxy, Repeater, and Intruder work today. Spider, Decoder, Comparer, and more are on the roadmap. I'm sharing this now because I'd rather build it with feedback than polish in private forever.

What Snorpy does today

✅ Working now

Tool	What it does
Proxy	HTTP(S) intercept on port `8080`, target scoping, request hold/modify/forward
Repeater	Edit headers/body and resend requests manually
Intruder	Fuzz with `§placeholder§` markers, wordlists, configurable concurrency

🚧 Coming soon

The sidebar already sketches the roadmap: Spider, Decoder, Comparer, Buster, AI Analyzer, log export, and project settings. These are great places to contribute if you're looking for a first PR.

Architecture: why Electron + mockttp?