Lightweight, fast, open-source web proxy for macOS
A modern alternative to heavy proxy platforms — built in Rust, designed for security testing.
Sniper is an open-source desktop web security proxy for macOS. It intercepts, inspects, and modifies HTTP/HTTPS traffic between your browser and the internet — the core workflow for web application security testing, bug bounty hunting, and API debugging.
If you've used Burp Suite, OWASP ZAP, or Caido, you'll feel right at home — but without the Java overhead, subscription fees, or bloated feature set. Sniper is a native macOS app written in Rust that starts in under a second and stays under 100 MB of RAM.
Who it's for: penetration testers, bug bounty hunters, security researchers, and developers who need to see what's happening on the wire.
Download the latest .dmg from Releases, open it, and drag Sniper to your Applications folder.
Or build from source:
cargo run --bin sniper-desktop| Category | What you get |
|---|---|
| Proxy | HTTP forwarding, HTTPS MITM, persistent root CA, https://sniper cert portal |
| Capture | HTTP history, WebSocket sessions, intercept queue, match & replace rules |
| Findings | Passive vulnerability scanner — sensitive data, CORS, missing headers, JWT issues |
| Replay | Modify and resend any captured request |
| Fuzzer | Payload-based request testing with markers |
| Tools | Decode, encode, hash, JWT inspector, data transformations |
| Sessions | Isolated workspaces — each with its own records, scope, and state |
| Scope | Domain/path filtering with site map visualization |
| Themes | 12 themes — 7 dark + 5 light, gold-accent design language |
| CLI | sniper-cli — JSON-first automation for scripting |
| AI Skills | Built-in Claude & Codex skill templates using sniper-cli |
| Sniper | Burp Suite | OWASP ZAP | Caido | |
|---|---|---|---|---|
| Runtime | Native (Rust) | JVM | JVM | Rust + Electron |
| Startup | < 1 sec | 10+ sec | 10+ sec | ~3 sec |
| Memory | ~80 MB | 500+ MB | 400+ MB | ~200 MB |
| Price | Free | $449/yr Pro | Free | Freemium |
| CLI automation | JSON-first | Limited | Limited | API |
| AI integration | Built-in | No | No | No |
- Download and open Sniper
- Point your browser proxy to
127.0.0.1:8080 - Visit
https://sniperto download and trust the root CA - Start capturing
Default listeners:
- Proxy:
127.0.0.1:8080 - UI:
127.0.0.1:23001(headless mode)
Session → Scope → Capture → Replay → Fuzz
│
┌─────────┼─────────┐
Intercept HTTP WebSocket
│
Findings (passive scan)
- Session — isolated workspaces with their own records and state
- Scope — define target domains/paths, auto-filter traffic
- Capture — inspect HTTP, intercept & modify, WebSocket frames, auto-replace
- Findings — passive scanner detects sensitive data leaks, CORS misconfig, missing security headers, JWT weaknesses
- Replay — resend with modifications, override host/port
- Fuzzer — insert markers, run payload lists
- Tools — decode/encode/hash/JWT in one place
sniper-cli session list
sniper-cli --output compact capture http list --limit 10
sniper-cli capture http replay --id <id> --dry-run
sniper-cli capture http replay --id <id> --yes
sniper-cli scope set-scope --pattern '*.example.com' --dry-run
sniper-cli scope set-scope --pattern '*.example.com' --yes
sniper-cli fuzzer run --dry-run
sniper-cli fuzzer run --yesLegacy subcommands keep their original raw JSON success output for compatibility. call success output is wrapped in an automation envelope; use --output compact for one-line JSON and read call results from data.
AI/automation callers can invoke manifest operations directly:
sniper-cli --output compact call capture.http.list --input '{"limit":20,"page":true}'
sniper-cli --output compact call replay.send --input '{"tab_id":"<tab-id>"}' --dry-run
sniper-cli --output compact call replay.send --input '{"tab_id":"<tab-id>"}' --yesAll side-effecting commands with side_effect: "write" in sniper-cli manifest require --dry-run or --yes.
sniper-cli manifest
sniper-cli schema input replay.send
sniper-cli examples capture.http.list
printf "%s" "$OAST_TOKEN" | sniper-cli capture oast configure --provider custom --url https://oast.example --token-stdin --yessniper-cli skills install --all --dry-run
sniper-cli skills install --all --yesAI agents can drive the full workflow through CLI — capture, scope, replay, fuzz — no UI scraping needed.
| Layer | Technology |
|---|---|
| Core | Rust — proxy, MITM, TLS, session management |
| HTTP | hyper + tokio async runtime |
| TLS | rustls + rcgen for on-the-fly certificate generation |
| UI server | axum serving embedded SPA |
| Frontend | Vanilla JS + CSS — zero framework, zero build step |
| Desktop shell | Native WebView (wry) |
| Packaging | macOS .app + .dmg with code signing & notarization |
cargo run --bin sniper-desktop # Desktop app
cargo run --bin sniper # Headless proxy + UI server
cargo run --bin sniper-cli # CLI
cargo test # Tests
./packaging/macos/release-macos.sh # macOS .app + .dmgsrc/
├── proxy.rs # Proxy core, HTTPS MITM, replay
├── api.rs # UI/API server (axum)
├── scanner.rs # Passive vulnerability scanner
├── session.rs # Session registry & snapshots
├── certificate.rs # Root CA generation & export
├── store.rs # HTTP transaction store
├── model.rs # Normalized data models
├── intercept.rs # Request intercept queue
├── match_replace.rs # Auto match & replace rules
├── fuzzer.rs # Payload fuzzer engine
├── websocket.rs # WebSocket capture
├── bin/
│ ├── sniper-desktop.rs # Native desktop shell (wry)
│ └── sniper-cli.rs # JSON-first CLI
web/ # Frontend SPA (vanilla JS/CSS)
packaging/
├── macos/ # .app & .dmg packaging scripts
└── skills/ # Claude & Codex skill templates

