Disclaimer: Snorpy is for authorized security testing only. Use it on systems you own or have explicit permission to test.
Why I started building this
Burp Suite is excellent. I’ve used it, I respect it, and for serious engagements it’s still the benchmark.
But between licensing costs and a stack I couldn’t easily extend, I kept thinking: what if there was an open-source alternative built with the tools I already use every day — React, TypeScript, Electron?
That’s why I started Snorpy: a desktop MITM proxy with Proxy, Repeater, and Intruder. It’s early, it’s Apache 2.0, and it’s open for contributors — not a Burp clone yet, but a project I wish existed when I started pentesting.
Important honesty up front: Snorpy is not a full Burp replacement yet. Proxy, Repeater, and Intruder work today. Spider, Decoder, Comparer, and more are on the roadmap. I'm sharing this now because I'd rather build it with feedback than polish in private forever.
What Snorpy does today
✅ Working now
| Tool | What it does |
|---|---|
| Proxy | HTTP(S) intercept on port 8080, target scoping, request hold/modify/forward |
| Repeater | Edit headers/body and resend requests manually |
| Intruder | Fuzz with §placeholder§ markers, wordlists, configurable concurrency |
🚧 Coming soon
The sidebar already sketches the roadmap: Spider, Decoder, Comparer, Buster, AI Analyzer, log export, and project settings. These are great places to contribute if you're looking for a first PR.
Architecture: why Electron + mockttp?
Snorpy splits cleanly into two worlds:
Top comments (0)