An web-application debugging and security auditing tool


While developing on RESTful and Oauth protected APIs I had often the need to make raw http requests to an server. Because there was no application -as far as I know- wich was capable of making raw http requests wich can be easily modified I started this project. The first commit was on 2010-06-16 under the project name "oat". After using this tool for ca. 1 year I decided to change the name to aletheia and start an open-source project because it is maybe useful for other users.

You can use this application for debugging and finding security issues in web applications. Because it is possible to modify every bit of the request it is easy to exploit web applications. That means you can set i.e. costum cookies user agents or send file uploads to the server. It uses the apache http core components library to send http requests.

What does aletheia mean?

Aletheia is the greek word for "disclosure" and means the state of not being hidden; the state of being evident. I found it fitting because aletheia (the application) shows you the raw response from an http request without hiding any informations. More informations at wikipedia.