heatdrop.ai

The hottest AI & LLM repositories on GitHub — measured, ranked, and explained.

← all repositories
Mouseww/anything-analyzer

Wireshark meets ChatGPT, with a side of legal disclaimers

An Electron app that captures HTTP from browsers, phones, and IoT devices, then feeds it to your LLM for automated reverse-engineering.

2.8k stars TypeScript Coding AssistantsLLMOps · Eval
View on GitHub
anything-analyzer
Velocity · 7d
+50
★ / day
Trend
steady
star history

What it does

Anything Analyzer is a desktop traffic-capture tool built in Electron. It bundles an embedded Chromium browser (via CDP), a MITM HTTPS proxy on port 8888, and a SQLite-backed session manager. Traffic from browsers, terminal commands, mobile apps, or IoT devices funnels into one place; you then hand the session to an OpenAI/Anthropic/custom LLM for analysis. The app also exposes itself as an MCP Server, so Claude Desktop or Cursor can invoke its capture and analysis tools directly.

The interesting bit

The two-phase AI pipeline is the practical hook: Phase 1 filters noise, Phase 2 does deep protocol analysis, including JS hook injection to intercept fetch, XHR, and crypto calls (CryptoJS, SM2/3/4, etc.) in the browser. It also auto-extracts encryption-related code snippets. The “fingerprint spoofing” mentioned in the repo description is less clearly documented in the README itself.

Key highlights

  • Dual capture: CDP for the built-in browser, MITM proxy (with auto-generated CA) for everything else
  • Five analysis modes: auto-detect, API reverse-engineering, security audit, performance analysis, JS crypto reverse
  • MCP bidirectional: acts as both MCP Client (calling external servers) and MCP Server (being called by agents/IDEs)
  • Cross-platform builds: Windows installer, macOS DMG (Intel + Apple Silicon), Linux AppImage
  • Read-only proxy promise: claims it does not modify requests/responses; WebSocket traffic is tunneled without decryption

Caveats

  • Body size capped at 1 MB; binary payloads are skipped automatically
  • macOS auto-update requires signed and notarized builds; the README warns that GitHub Actions releases will fail without Apple developer secrets in repo Secrets
  • No built-in AI model: you bring your own API keys; the README includes a conspicuous legal disclaimer that the tool “does not have the capability to illegally obtain computer data”

Verdict

Worth a look if you regularly reverse-engineer mobile or web APIs and want an LLM to do the tedious pattern-matching. Skip it if you need full Wireshark-level packet inspection or deep binary protocol analysis — this is HTTP/HTTPS territory only.

heatdrop uses Google Analytics to see which pages get read — nothing else. Your call. How we handle data.