Marasi
An open source application security testing proxy
Built on top of the Marasi Library
Open Source MIT Licensed.
What is Marasi?
Marasi (مراسي) is Arabic for dockyards — places where ships are received, maintained, and dispatched. Like a dockyard for HTTP traffic, Marasi lets you intercept, inspect, modify, and extend requests as they flow through your applications.
Open Source
Marasi is MIT licensed and both the GUI and the library are available on GitHub
No Proprietary Formats
Marasi is using SQLite under the hood, these files are yours, forever, and can be processed separately without the Marasi application
Extendable
Marasi can be easily extended, either with Go, Lua or SQL
Features
Ledger
All of your requests, organized centrally
- speedKeyboard Driven
- filter_listEasily search and filter requests
- edit_noteHighlight, and take notes on important requests
Compass
Define and test your project scope
- blockDrop or Ignore requests
- codeDefine your scope in Lua
- labsEasily test your rules in the GUI
- arrow_splitPropagated to all your extensions
Checkpoint
Intercept and modify your requests
- disabled_by_defaultEasily forward or drop the intercepted item
- codeDefine your checkpoint rules in Lua
- notificationsGet alerted on all interceptions
- flareIntercepted items are highlighted in the
Ledger
Launchpad
Replay and modify your requests
- account_treeGroup multiple requests under one launchpad
- toggle_onEasily toggle between HTTP and HTTPS
- flareRepeated requests are highlighted in the
Ledger
Workshop
Scratchpad to easily extend and script your project
- component_exchangeProcess each request and response
- targetUtilize your
Compassdefined scope - factoryUtilize the built in request builder
- accessibilityExtend the
MarasiGUI (Coming Soon)