anotherhadi/spilltea

GitHub: anotherhadi/spilltea

Stars: 3 | Forks: 1

# Spilltea ![GitHub Stars](https://www.shieldcn.dev/github/stars/anotherhadi/spilltea.svg?variant=outline&theme=violet) ![Release](https://www.shieldcn.dev/github/release/anotherhadi/spilltea.svg?variant=outline&theme=violet) ![CI](https://www.shieldcn.dev/github/ci/anotherhadi/spilltea.svg?variant=outline&theme=violet) [![Ko-fi](https://www.shieldcn.dev/badge/Ko--fi-sponsor-FF5E5B.svg?logo=kofi&variant=secondary&theme=violet)](https://ko-fi.com/anotherhadi) - [What is Spilltea?](#what-is-spilltea) - [Legal Disclaimer](#legal-disclaimer) - [Features](#features) - [Installation](#installation) - [Project Management](#project-management) - [Configuration](#configuration) - [Per-project configuration](#per-project-configuration) - [CLI Flags](#cli-flags) - [Plugin System](#plugin-system) - [Vim / Neovim Integration](#vim--neovim-integration) - [Deployment](#deployment) - [Tech Stack](#tech-stack) ## What is Spilltea? Spilltea is a **terminal-native HTTP(S) interception proxy**. It sits between your browser and the internet, letting you inspect, modify, and replay traffic without ever leaving your terminal. It is intentionally minimal. No Electron, no browser, no bloat. Just a fast, keyboard-driven tool that gets out of your way. demo

## Legal Disclaimer **This tool is provided for educational purposes and authorized security testing only.** Use Spilltea only on systems and networks you own or have explicit written permission to test. Intercepting network traffic without authorization may violate local laws (such as the Computer Fraud and Abuse Act, GDPR, or equivalent legislation in your jurisdiction). ## Features - **Intercept**: Pause requests and responses in-flight. Inspect and modify them (even with your favorite editor) before forwarding. - **HTTP History**: Every request that passes through the proxy is stored. Browse, search and filter your full session history. - **Replay**: Pick any request from the history, modify it if needed, and send it again. Useful for manual testing and quick iteration - **HTTPS Support** (using go-mitmproxy under the hood) - **Vim-like Navigation**: The entire interface is keyboard-driven with Vim-inspired shortcuts. Use `h/j/k/l` to move, `gg`/`G` to jump to the top/bottom, `/` to search, `q` to close panels, and more. All keybindings are fully customizable via the config file. - Built-in Integrations: - **FFuf Export**: Generate a ffuf command or configuration directly from a request to start fuzzing instantly. - **cURL / HTTPie**: Copy any request as a curl or httpie command to your clipboard. - **Markdown Export**: Export any request and its response as a clean Markdown snippet, ready to drop into a report. ## Installation

Go install

go install github.com/anotherhadi/spilltea/cmd/spilltea@latest Requires Go 1.22+. The binary will be placed in `$GOPATH/bin` (or `~/go/bin`).

Nix (temporary run, no install)

nix run github:anotherhadi/spilltea

NixOS (flake)

Add spilltea to your flake inputs: inputs.spilltea.url = "github:anotherhadi/spilltea"; Then add the package to your system or home-manager packages: environment.systemPackages = [ inputs.spilltea.packages.${pkgs.system}.default ];

## Project Management Spilltea organizes work into **projects**. Each project maps to a SQLite database file that stores all intercepted traffic for that session & a log files. On startup, you choose: - **New project**: enter a name, stored in `~/.local/share/spilltea//` by default - **Existing project**: pick from a list of previous projects - **Temporary**: no name needed, stored in `/tmp/spilltea//` and will be deleted on your next reboot! ## Configuration Spilltea is fully configured via a YAML file at `~/.config/spilltea/config.yaml`. Check the default configuration with all the options [here](./internal/config/default_config.yaml) Colors and styles can be customized using [ilovetui](https://github.com/anotherhadi/ilovetui), which applies theme changes across all compatible TUI applications at once. ### Per-project configuration You can override any config value on a per-project basis by placing a `config.yaml` file inside the project directory (e.g. `~/.local/share/spilltea/projects/my-project/config.yaml`). Only the keys present in that file are overridden; everything else falls back to the global config. The priority order is: 1. Global config (`~/.config/spilltea/config.yaml`) 2. Project config (`/config.yaml`) 3. CLI flags (always win) ## CLI Flags A minimal, terminal-based HTTP(S) proxy for pentesters and CTF players. Usage: spilltea [flags] Flags: --add-default-config copy the default config file to the config path and exit --add-default-plugins copy built-in example plugins into the plugins dir and exit -c, --config string path to config file -h, --help help for spilltea --host string proxy host (overrides config) --plugins-dir string path to plugins dir (overrides config) -p, --port int proxy port (overrides config) -P, --project string project name to open directly, or "tmp" for a temporary session --ssl-insecure skip TLS certificate verification (overrides config) --upstream-proxy string upstream proxy URL, e.g. http://user:pass@host:8888 (overrides config) -v, --version version for spilltea ## Plugin System Spilltea supports plugins written in **Lua**. Plugins are loaded from `~/.config/spilltea/plugins/` by default and do not require recompilation or access to the source code. For a full reference and examples, see the [plugin documentation](./docs/plugins.md) or [plugin examples](./plugins/). ## Vim / Neovim Integration Spilltea pairs naturally with Neovim. If you live in your editor, these plugins let you inspect and transform captured traffic without switching context: - **[sttr.nvim](https://github.com/anotherhadi/sttr.nvim)**: Run string transformations (base64, URL encode/decode, hex, hashing, and more) on any selected text directly from Neovim. Handy for decoding values spotted in the proxy history. - **[jwt-tui.nvim](https://github.com/anotherhadi/jwt-tui.nvim)**: Decode and inspect JWT tokens in a floating TUI window. Great for quickly reading tokens intercepted through the proxy. Both plugins are built to feel native in a terminal workflow, just like Spilltea. ## Deployment spilltea runs **locally** on the machine used for pentesting or CTF. There is no separate server component. If you need to run spilltea on a remote machine (e.g., a VPS or pivot host), use SSH port forwarding: ssh -L 8080:127.0.0.1:8080 user@remote-host Then point your browser at `127.0.0.1:8080` as usual. ## Tech Stack | Component | Library | | ------------------ | --------------------------------------------------------- | | TUI | [bubbletea](https://github.com/charmbracelet/bubbletea) | | Styles | [lipgloss](https://github.com/charmbracelet/lipgloss) | | Proxy / MITM / TLS | [go-mitmproxy](https://github.com/lqqyt2423/go-mitmproxy) | | Storage | [modernc.org/sqlite](https://gitlab.com/cznic/sqlite) | | Config | [viper](https://github.com/spf13/viper) | | Plugins | [gopher-lua](https://github.com/yuin/gopher-lua) |

github | gitlab (mirror) | gitea (mirror)

标签：EVTX分析