This page performs a live, annotated https: request for its own source. It’s inspired by The Illustrated TLS 1.3 Connection and Julia Evans’ toy TLS 1.3.
It’s built on subtls, a pure-JS TLS 1.3 implementation that depends only on SubtleCrypto. Raw TCP traffic is carried via a WebSocket proxy.

Key Raw bytes in hexadecimal. Outgoing message annotations. Incoming message annotations.

If you are behind a firewall (today often known marketed as IPS, NGFW or UTM) which claims to protect you from malware you might want to verify these claims. HTTP Evader provides you with a way to automatically test how your firewall deals with situations where the malware hides in rare or invalid responses from the web server. Lots of highly praised firewalls fail to detect malware in this cases, which means they fail to protect you properly.

What could be simpler than returning HTTP status codes? Did the page render? Great, return 200. Does the page not exist? That’s a 404. Do I want to redirect the user to another page? 302, or maybe 301.

Perform the same request against two HTTP servers and diff the results.

Each of these commands will run an ad hoc http static server in your current (or specified) directory, available at http://localhost:8000. Use this power wisely.

When an app communicates with a server, more often than not, that communication happens over HTTP. HTTP was developed for web browsers: when you enter http://www.objc.io into your browser, the browser talks to the server named www.objc.io using HTTP.