Get
Hugin.
One binary: proxy, scanner, GUI. No dependencies, no JVM, no account. Community is free.
curl -fsSL https://hugin.nu/install | shall builds + checksums on the releases page
Three
steps.
From download to intercepting traffic in under a minute.
start the proxy
Run hugin — the MITM proxy comes up on 127.0.0.1:8080 and the desktop GUI opens.
trust the CA
Point your browser at 127.0.0.1:8080 and install the CA cert from http://hugin.local/cert (generated on first run).
browse & test
All traffic flows through Hugin. Drive the scanner, repeater and intruder.
MCP
setup.
Drive Hugin from any MCP client — opencode, Cursor, Codex — one JSON block.
{
"mcpServers": {
"hugin": { "command": "hugin", "args": ["mcp"] }
}
}add it to opencode.json or .mcp.json.
Want it warm from the first message? Point your agent at https://hugin.nu/llms.txt or read the skill →. Your local MCP server also serves it as hugin://skill.
Verify,
don't trust.
Every release binary is Ed25519-signed.
hugin verify hugin-cli-linux-x86_64.tar.gzPrefer not to trust the binary? Manual verification →