The Pappy Proxy is a project to streamline testing web applications.

Download From Github


Command Line Interface

The command line interface allows you to focus on performing the test instead of breaking your train of thought by clicking around a GUI.

New Interface, Familiar Workflow

Pappy has the standard features of Burp Suite and supports a similar workflow to Burp Suite for manual testing. Map the site, find interesting requests, send them to repeater, and poke.

Response Streaming

Pappy will stream data to the browser as it gets it instead of waiting for the full response to be downloaded first. This makes browsing through Pappy feel much faster than browsing through other proxies.

Powerful History Search

Pappy has a very powerful history search. By applying multiple filters in a row, you can continuously remove requests you don't need from view. For example, you can find POST requests without a CSRF header in only 2 commands!

Self-Contained Project Directory

Pappy keeps everything related to a project (including proxy settings) contained in one directory. This makes switching between projects a breeze.

Python Macros

When creating automated attacks, Pappy prefers Python. Pappy allows you to generate the boilerplate for attack scripts so that you only have to write a few lines to perform scripted attacks.