Early Access — Registration is open. Billing and downloads will be available soon.
AI-native HTTP security toolkit

The HTTP toolkit
built for AI

Professional HTTP security testing via MCP. Craft, send, and analyze requests with the precision of Burp Suite and the speed of AI-assisted workflows.

Get Started Free View Pricing
AI assistant + rqwstr MCP
You: Set up a hunt for target.com and check /api/users for IDOR
Assistant (calls hunt, send, send, diff): 
Hunt created: target.com

Sent GET /api/users as user A → 200 OK | 89ms
Sent GET /api/users as user B → 200 OK | 91ms

IDOR FOUND — Both users see the same 47 user records.
The endpoint returns all users regardless of auth context.
No per-user filtering is applied.
You: Now test the promo code endpoint for race conditions
Assistant (calls race): 
Sent 20 parallel POST /api/redeem requests via H2 single-packet attack

RACE DETECTED — 3/20 succeeded within a 2ms window.
The promo code was redeemed 3 times instead of once.

Built for security professionals

17 tools covering the full HTTP testing workflow — from basic requests to advanced attack techniques.

>_

MCP Integration

Native MCP server — works with any MCP-compatible client. Describe what you want to test in natural language.

H2

Raw HTTP Control

Three HTTP backends: native Go, raw HTTP/1.1, and HTTP/2 framer. Full control over every byte on the wire.

RC

Race Conditions

H2 single-packet attack for true simultaneous delivery. Detect TOCTOU bugs with precision timing.

ID

IDOR Testing

Variable profiles let you swap user contexts instantly. Replay requests across accounts to find authorization bugs.

DB

Local-First Storage

Every hunt is a SQLite database on your machine. Full request/response history, searchable, exportable, yours.

FZ

Intruder Fuzzing

Burp-style payload positions with wordlists, encoding chains, and response filtering. Automated parameter discovery.

Up and running in 60 seconds

1

Sign up & download

Create a free account. Download the binary for your platform.

2

Run rqwstr setup

Browser auth, config auto-placed. Add to your MCP client config.

3

Start hunting

Tell your AI assistant what to test. rqwstr handles the HTTP. You find the bugs.

Simple, transparent pricing

Start free. Upgrade when you need more tools.

Free

$0 /forever

Core HTTP workflow for learners and evaluators

  • 12 core tools
  • Local SQLite storage
  • Works offline
  • MCP integration (any client)
  • Request chaining & encoding
  • Import/export (Burp, curl, HAR)
  • Community support
Get Started Free
Most popular

Pro

$19 /mo
$114/yr — 50% off launch offer

Advanced attack tools for bug bounty hunters and security teams

  • All Free tools +5 power tools
  • Burp-style intruder fuzzing
  • Race condition testing
  • H2 single-packet attacks
  • Out-of-Band detection (Interactsh)
  • HTTP/2 raw mode for smuggling
  • Priority support
Subscribe to Pro
See full tool comparison →

Ready to level up your HTTP testing?

Join security professionals using AI-powered HTTP testing. Free tier, no credit card required.

Get Started Free