httap

httap

An MCP server that enables AI agents to intercept, inspect, and modify HTTP traffic, with tools for searching, filtering, and managing captured requests and interceptors.

Category
Visit Server

README

httap

npm version CI License: MIT

httap is a powerful HTTP proxy for your terminal. Intercept, inspect & rewrite HTTP traffic — from your shell or your AI agent.

httap demo

Feature Highlights

  • Project-scoped — each project gets its own .httap/ directory with isolated daemon, database, CA cert and interceptors. No cross-project bleed.
  • Multiple surfaces — powerful CLI for scripting, a lazygit-style TUI for browsing traffic, an MCP server for AI agents, and a Node.js API for programmatic access.
  • Interceptors — mock, modify or observe traffic by writing TypeScript. Your AI agent can write these for you, so you can express complex scenarios in natural language.

Quick Start

npm install -g @mtford/httap

# Configure environment e.g. HTTP_PROXY
eval "$(httap on)"

# Send a request
curl https://api.example.com/users

# Open UI
httap tui

# Add MCP server to your AI tool
claude mcp add httap -- httap mcp

Browser Interception

Launch any browser pre-configured to route through httap — no manual proxy setup, no certificate warnings:

# Auto-detect and launch your default browser
httap browser

# Open a specific URL
httap browser https://example.com

# Choose a specific browser
httap browser --browser firefox
httap browser --browser brave

Each browser session gets its own isolated profile and is automatically attributed in the TUI (e.g. source: chrome). Close the browser or press Ctrl+C to stop — the temp profile is cleaned up automatically.

Supported browsers:

Engine Browsers
Chromium Chrome, Brave, Edge, Vivaldi, Arc, Chromium
Firefox Firefox, Zen Browser, LibreWolf

Project Scoping

httap doesn't use a global system proxy. Each project gets its own .httap/ directory in the project root (detected by .git or an existing .httap/):

your-project/
├── .httap/
│   ├── interceptors/   # TypeScript interceptor files
│   ├── config.json     # Optional project config
│   ├── proxy.port      # Proxy TCP port
│   ├── control.sock    # IPC socket
│   ├── requests.db     # Captured traffic
│   ├── ca.pem          # CA certificate
│   └── daemon.pid      # Process ID
└── src/...

Separate daemon, database, certificates etc. You can run httap in multiple projects at the same time without them interfering with each other.

For non-project contexts or custom setups, use --config to point directly at a data directory (no .httap appended):

httap --config /tmp/my-httap-data on

See CLI Reference for the full resolution order (--config > --dir > auto-detect).

MCP Integration

httap has a built-in MCP server that gives AI agents full access to your captured traffic and interceptor system.

Setup

Claude Code:

claude mcp add httap -- httap mcp

Codex:

codex mcp add httap -- httap mcp

Cursor — add to .cursor/mcp.json:

{
  "mcpServers": {
    "httap": {
      "command": "httap",
      "args": ["mcp"]
    }
  }
}

Other MCP clients (Windsurf, etc.) — add to your client's MCP config:

{
  "mcpServers": {
    "httap": {
      "command": "httap",
      "args": ["mcp"]
    }
  }
}

The proxy must be running (eval "$(httap on)") — the MCP server connects to the same daemon as the TUI.

Available Tools

Tool Description
httap_get_status Daemon status, proxy port, request count
httap_list_requests Search and filter captured requests
httap_get_request Full request details by ID (headers, bodies, timing)
httap_search_bodies Full-text search through body content
httap_query_json Extract values from JSON bodies via JSONPath
httap_count_requests Count matching requests
httap_clear_requests Delete all captured requests
httap_list_sessions List active proxy sessions
httap_list_interceptors List loaded interceptors with status and errors
httap_reload_interceptors Reload interceptors from disk

See full MCP documentation for filtering, output formats, and examples.

Interceptors

TypeScript files in .httap/interceptors/ that intercept HTTP traffic as it passes through the proxy. They can return mock responses, modify upstream responses, or just observe.

import type { Interceptor } from "@mtford/httap/interceptors";

export default {
  name: "mock-users",
  match: (req) => req.path === "/api/users",
  handler: async () => ({
    status: 200,
    headers: { "content-type": "application/json" },
    body: JSON.stringify([{ id: 1, name: "Alice" }]),
  }),
} satisfies Interceptor;

See full interceptors documentation for modify, observe, querying past traffic, handler context, and how they work.

How It Works

┌─────────────────────────────────────────────────────────────┐
│  Your Shell                                                 │
│  ┌─────────────────────────────────────────────────────┐   │
│  │  curl, wget, node, python...                        │   │
│  │          │                                          │   │
│  │          ▼                                          │   │
│  │  HTTP_PROXY=localhost:54321                         │   │
│  └─────────────────────────────────────────────────────┘   │
│                          │                                  │
└──────────────────────────┼──────────────────────────────────┘
                           ▼
┌─────────────────────────────────────────────────────────────┐
│  httap daemon                                                │
│  ┌─────────────┐    ┌─────────────┐    ┌─────────────┐     │
│  │ MITM Proxy  │───▶│   SQLite    │◀───│ Control API │     │
│  │  (mockttp)  │    │  requests   │    │ (unix sock) │     │
│  └─────────────┘    └─────────────┘    └─────────────┘     │
└─────────────────────────────────────────────────────────────┘
                           ▲
                           │
┌──────────────────────────┼──────────────────────────────────┐
│  httap tui                │                                  │
│  ┌───────────────────────┴─────────────────────────────┐   │
│  │ ● POST /api/users   │ POST https://api.example.com  │   │
│  │   GET  /health      │ Status: 200 │ Duration: 45ms  │   │
│  │   POST /login       │                               │   │
│  │                     │ Request Headers:              │   │
│  │                     │   Content-Type: application/  │   │
│  └─────────────────────┴───────────────────────────────┘   │
└─────────────────────────────────────────────────────────────┘

eval "$(httap on)" starts a daemon, sets HTTP_PROXY/HTTPS_PROXY in your shell, and captures everything that flows through. eval "$(httap off)" unsets them. The TUI connects to the daemon via Unix socket.

Environment Variables

eval "$(httap on)" sets these in your shell (eval "$(httap off)" unsets them):

Variable Purpose
HTTP_PROXY Proxy URL for HTTP clients
HTTPS_PROXY Proxy URL for HTTPS clients
SSL_CERT_FILE CA cert path (curl, OpenSSL)
REQUESTS_CA_BUNDLE CA cert path (Python requests)
CURL_CA_BUNDLE CA cert path (curl/Python fallback)
NODE_EXTRA_CA_CERTS CA cert path (Node.js)
DENO_CERT CA cert path (Deno)
CARGO_HTTP_CAINFO CA cert path (Rust Cargo)
GIT_SSL_CAINFO CA cert path (Git)
AWS_CA_BUNDLE CA cert path (AWS CLI)
CGI_HTTP_PROXY Proxy URL (PHP CGI, HTTPoxy-safe)
HTTAP_SESSION_ID UUID identifying the current session
HTTAP_LABEL Session label (when -l flag used)

Additionally, httap on sets PYTHONPATH, RUBYOPT, and PHP_INI_SCAN_DIR to load runtime-specific override scripts that ensure edge-case HTTP clients trust the proxy CA.

Configuration

Create .httap/config.json to override defaults:

{
  "maxStoredRequests": 5000,
  "maxBodySize": 10485760,
  "maxLogSize": 10485760,
  "pollInterval": 2000
}

See full configuration documentation for details on each setting.

Supported HTTP Clients

Anything that respects HTTP_PROXY works. httap sets the right CA cert env vars for each runtime automatically.

Works automatically (env vars only):

Client Support
curl Automatic
wget Automatic
Go (net/http) Automatic
Rust (reqwest) Automatic
.NET (HttpClient) Automatic
Deno Automatic (DENO_CERT)
Bun Automatic (SSL_CERT_FILE)
Git Automatic (GIT_SSL_CAINFO)
AWS CLI Automatic (AWS_CA_BUNDLE)
Cargo Automatic (CARGO_HTTP_CAINFO)

Works with httap overrides (injection scripts):

Client Mechanism
Node.js (fetch, axios, etc.) NODE_OPTIONS --require preload script
Python (requests, httplib2) PYTHONPATH sitecustomize.py
Ruby (Net::HTTP, gems) RUBYOPT -r OpenSSL CA patch
PHP (curl, streams) PHP_INI_SCAN_DIR custom INI

Not currently supported (needs system-level config):

Runtime Reason
Java/JVM Needs -javaagent or JVM trust store config
Swift Uses macOS Keychain only
Dart/Flutter Requires code changes for proxy
Elixir/Erlang Requires code changes for proxy

TUI

j/k to navigate, Tab to switch panels, / to filter, e to export, Enter to inspect bodies, q to quit. Mouse support included.

See full TUI documentation for all keybindings and export features.

Documentation

Development

git clone https://github.com/mtford90/httap.git
cd httap
npm install

npm run build        # Compile TypeScript
npm test             # Run all tests
npm run typecheck    # Type checking only
npm run lint         # ESLint
npm run dev          # Watch mode

Troubleshooting

Certificate errors

httap sets common CA environment variables automatically, but some tools need manual configuration:

cat .httap/ca.pem

Daemon won't start

Check if something else is using the socket:

httap status
httap daemon stop
eval "$(httap on)"

Requests not appearing

Your HTTP client needs to respect proxy environment variables.

There are workarounds implemented for node - e.g. fetch override. Other libraries in different environments may need a similar treatment.

Acknowledgements

httap is built on top of MockTTP by Tim Perry, the same MITM proxy engine that powers HTTP Toolkit.

Licence

MIT

Recommended Servers

playwright-mcp

playwright-mcp

A Model Context Protocol server that enables LLMs to interact with web pages through structured accessibility snapshots without requiring vision models or screenshots.

Official
Featured
TypeScript
Magic Component Platform (MCP)

Magic Component Platform (MCP)

An AI-powered tool that generates modern UI components from natural language descriptions, integrating with popular IDEs to streamline UI development workflow.

Official
Featured
Local
TypeScript
Audiense Insights MCP Server

Audiense Insights MCP Server

Enables interaction with Audiense Insights accounts via the Model Context Protocol, facilitating the extraction and analysis of marketing insights and audience data including demographics, behavior, and influencer engagement.

Official
Featured
Local
TypeScript
VeyraX MCP

VeyraX MCP

Single MCP tool to connect all your favorite tools: Gmail, Calendar and 40 more.

Official
Featured
Local
graphlit-mcp-server

graphlit-mcp-server

The Model Context Protocol (MCP) Server enables integration between MCP clients and the Graphlit service. Ingest anything from Slack to Gmail to podcast feeds, in addition to web crawling, into a Graphlit project - and then retrieve relevant contents from the MCP client.

Official
Featured
TypeScript
Kagi MCP Server

Kagi MCP Server

An MCP server that integrates Kagi search capabilities with Claude AI, enabling Claude to perform real-time web searches when answering questions that require up-to-date information.

Official
Featured
Python
E2B

E2B

Using MCP to run code via e2b.

Official
Featured
Neon Database

Neon Database

MCP server for interacting with Neon Management API and databases

Official
Featured
Exa Search

Exa Search

A Model Context Protocol (MCP) server lets AI assistants like Claude use the Exa AI Search API for web searches. This setup allows AI models to get real-time web information in a safe and controlled way.

Official
Featured
Qdrant Server

Qdrant Server

This repository is an example of how to create a MCP server for Qdrant, a vector search engine.

Official
Featured