Show HN: Zxc – Rust TLS proxy with tmux and Vim as UI, BurpSuite alternative

98 points by darkseid_is a day ago

Ditch Burp Suite’s bloat for zxc, a Rust-built, terminal-based proxy that uses tmux and Vim to intercept HTTP/S and WebSocket traffic. It captures requests for debugging, security testing, or tweaking—fast and lean.

# Key Features - Disk Wizardry: Stashes massive datasets on disk-100k+ entries without breaking a sweat.

- Addons: Boost your workflow with default support for ffuf and sqlmap, or craft your own addons for extra fun.

- Buffer Tweaks: Edit variables in a popup (e.g., b:host, b:scheme) in Interceptor/Repeater to twist requests.

- Config Control: TOML files for global ($HOME/.config/zxc/config.toml) or per-session tweaks.

- Content Filtering: Skip requests based on the request Content-Type header.

- Domain Filtering: selectively include or exclude specific domains, offering granular control over which traffic is proxied or relayed, with support for wildcards like *.example.com

- Edit Config on the Fly: Tweak session settings live from History in a popup-changes hit instantly or refresh manually if edited outside.

- Encoding Tricks: Base64 or URL encode/decode in Visual mode-sneaky.

- Extended Attributes: Supercharge your workflow with `.req` files automatically tagged with critical metadata (e.g., user.host, user.http) - break free from the sandbox and unlock powerful integration with external tools like scripts or analyzers.

- Extension Filtering: Skip requests based on the requested contents extension `.mp3`, `.mp4` etc.

- History Display Filters: Tweak History logs by host, URI, or status code with Vim regex flair.

- History Window: View and filter all traffic in real-time.

- Interception Queue: Manage pending requests and responses in real-time—view the queue with scheme and host details, then forward, drop, or tweak them as they pile up in the Interceptor window.

- Malformed Requests: Custom HTTP/1.1 parser for sending quirky, security-testing requests.

- Repeater Window: Resend and tweak HTTP or WebSocket requests with ease

- Request Sharing: Share requests freely between windows for seamless tweaking and testing.

- Search Superpowers: Search requests or responses and add to Vim’s quickfix/location lists.

- Session Management: Create named sessions and attach to older sessions to resume work seamlessly.

- Traffic Interception: Edit requests and responses live in Vim.

- WebSocket History: A clear, organized history view of all WebSocket traffic with `.whis` files for a full overview, or dive into single-session details with `.wsess` files.

- WebSocket: Proxy and replay WebSocket traffic.

For complete list of features and screenshots refer the repo, https://github.com/hail-hydrant/zxc .