Ditch Burp Suite’s bloat for zxc, a Rust-built, terminal-based proxy that uses tmux and Vim to intercept HTTP/S and WebSocket traffic. It captures requests for debugging, security testing, or tweaking—fast and lean.

# Key Features - Disk Wizardry: Stashes massive datasets on disk-100k+ entries without breaking a sweat.

- Addons: Boost your workflow with default support for ffuf and sqlmap, or craft your own addons for extra fun.

- Buffer Tweaks: Edit variables in a popup (e.g., b:host, b:scheme) in Interceptor/Repeater to twist requests.

- Config Control: TOML files for global ($HOME/.config/zxc/config.toml) or per-session tweaks.

- Content Filtering: Skip requests based on the request Content-Type header.

- Domain Filtering: selectively include or exclude specific domains, offering granular control over which traffic is proxied or relayed, with support for wildcards like *.example.com

- Edit Config on the Fly: Tweak session settings live from History in a popup-changes hit instantly or refresh manually if edited outside.

- Encoding Tricks: Base64 or URL encode/decode in Visual mode-sneaky.

- Extended Attributes: Supercharge your workflow with `.req` files automatically tagged with critical metadata (e.g., user.host, user.http) - break free from the sandbox and unlock powerful integration with external tools like scripts or analyzers.

- Extension Filtering: Skip requests based on the requested contents extension `.mp3`, `.mp4` etc.

- History Display Filters: Tweak History logs by host, URI, or status code with Vim regex flair.

- History Window: View and filter all traffic in real-time.

- Interception Queue: Manage pending requests and responses in real-time—view the queue with scheme and host details, then forward, drop, or tweak them as they pile up in the Interceptor window.

- Malformed Requests: Custom HTTP/1.1 parser for sending quirky, security-testing requests.

- Repeater Window: Resend and tweak HTTP or WebSocket requests with ease

- Request Sharing: Share requests freely between windows for seamless tweaking and testing.

- Search Superpowers: Search requests or responses and add to Vim’s quickfix/location lists.

- Session Management: Create named sessions and attach to older sessions to resume work seamlessly.

- Traffic Interception: Edit requests and responses live in Vim.

- WebSocket History: A clear, organized history view of all WebSocket traffic with `.whis` files for a full overview, or dive into single-session details with `.wsess` files.

- WebSocket: Proxy and replay WebSocket traffic.

For complete list of features and screenshots refer the repo, https://github.com/hail-hydrant/zxc .

Caido founder here!

Lots of nice stuff, since we are also in rust I see a lot of similar pattern in our codebase. I think your oneone crate could be split, we would probably be interested to collaborate on an http/2 support. We also have our own internal forgiving parser. It is an interesting thing to build tooling that must intentionally go beyond a spec since you basically have to reimplement all the primitives.

I like the integration of the terminal with vim. I am making a site to learn vim motions called Vimgolf.ai and it’s interesting to see how your vim plugin works.

Why does it need vim and tmux?

Couldn't it use vim itself for multiplexing?

No zellij for rustiness all around?

Looks rather nice.

Looks cool. Will check it out

Looks great!

> tmux and vim as user interface

you should really drop this. I don't what MitmProxy uses, but I know that I can just download it from here

https://mitmproxy.org/downloads

and it just works - I am not gonna try another program if I have to install these other parts to get it working