JunKangWorld
HomeLab & Self-Hosting

The Ultimate Hetty (dstotijn) Setup Guide for 2025

Ready to master web traffic analysis? Our ultimate 2025 guide shows you how to set up Hetty (dstotijn) using Docker, configure certificates, and level up your skills.

A

Alex Ivanov

A cybersecurity analyst and HomeLab enthusiast passionate about open-source security tools.

7 min read22 views

In the ever-expanding universe of self-hosting and personal cybersecurity, there's a certain thrill in peeling back the layers of the web. We want to know what our smart devices are phoning home about, how our web applications really behave, and what data is being sent across the wire. For years, this meant firing up complex, resource-heavy desktop applications. But what if you could have a powerful, web-based HTTP toolkit running right in your HomeLab? Enter Hetty.

Hetty is an open-source HTTP toolkit for security research, and it has quietly become an indispensable tool for tinkerers, developers, and security enthusiasts. It’s your personal, self-hosted alternative to giants like Burp Suite or OWASP ZAP, designed with simplicity and accessibility in mind. If you’ve ever wanted to inspect and manipulate web traffic without the fuss, you’re in the right place. This is your ultimate guide to getting a rock-solid Hetty setup running for 2025.

What is Hetty and Why Do You Need It?

At its core, Hetty is a man-in-the-middle (MitM) proxy. You point your devices or browsers at it, and it sits between you and the internet, dutifully logging every single HTTP and HTTPS request. This allows you to:

  • Analyze Traffic: See exactly what endpoints your applications are calling, what headers are being sent, and what cookies are being set.
  • Debug Your Own Apps: Troubleshoot API calls from your frontend or mobile app in a clean, organized interface.
  • Learn About Web Security: Intercept requests, modify parameters on the fly, and resend them to understand vulnerabilities like IDORs or injection flaws.
  • Monitor IoT Devices: Discover what your smart toaster is really talking to on the internet.

Unlike some of its counterparts, Hetty is built to be a web application itself. This means you can access its powerful interface from any browser on your network, making it a perfect fit for a modern, containerized HomeLab.

The Core Setup: Docker is Your Best Friend

Forget complex installation scripts. The most robust and repeatable way to run Hetty in 2025 is with Docker. It keeps your dependencies clean, makes updates a breeze, and gets you running in minutes. Here’s the only docker-compose.yml file you’ll need.


version: "3.7"

services:
  hetty:
    image: dstotijn/hetty:latest
    container_name: hetty
    restart: unless-stopped
    ports:
      # Exposes the Hetty web UI and proxy on port 8080
      - "8080:8080"
    volumes:
      # Persists the database and logs
      - ./hetty/db:/db
      # Persists the generated Certificate Authority
      - ./hetty/certs:/certs
    environment:
      - TZ=America/New_York # Set your local timezone

Let's break this down:

  • image: dstotijn/hetty:latest: This pulls the latest official Hetty image. Simple.
  • ports: - "8080:8080": This maps port 8080 on your host machine to port 8080 inside the container. Both the Hetty admin UI and the proxy itself run on this single port. If 8080 is already in use on your server, you can change it (e.g., "8081:8080").
  • volumes:: This is the secret to a professional setup. By mapping /db and /certs to folders on your host, your request logs and, most importantly, your CA certificate will persist even if you update or restart the container.

To get started, create a folder, save the content above as docker-compose.yml, and run:

docker-compose up -d

That's it! Hetty is now running. You can access the web interface by navigating to http://<your-server-ip>:8080.

The Crucial Step: Generating and Trusting the CA Certificate

To inspect HTTPS traffic, Hetty needs to decrypt it. To do this without your browser throwing a massive security tantrum, you must tell your devices to trust Hetty's unique Certificate Authority (CA). This is the most common hurdle, but it's easy when you know how.

First, navigate to your Hetty UI. In the left-hand menu, you'll see a link for the Certificate Authority. Click it and download the PEM file, which is usually named hetty-ca.pem. Now, you need to install this certificate on any device you want to proxy through Hetty.

Advertisement

Installing the Cert on Windows

  1. Double-click the hetty-ca.pem file.
  2. Click "Install Certificate...".
  3. Choose "Local Machine" and click Next.
  4. Select "Place all certificates in the following store" and click "Browse".
  5. Choose the "Trusted Root Certification Authorities" store. Click OK, then Next, then Finish.
  6. You'll likely get a security warning; accept it. You're now trusting your own local CA.

Installing the Cert on macOS

  1. Double-click the hetty-ca.pem file. This will open the Keychain Access app.
  2. The certificate will be added to the "login" keychain. Find the "Hetty CA" certificate in the list (you can search for "Hetty").
  3. Double-click the certificate to open its details.
  4. Expand the "Trust" section.
  5. For "When using this certificate:", select "Always Trust".
  6. Close the window. You'll be prompted for your password to save the changes.

Installing the Cert on Linux (Debian/Ubuntu)

  1. First, convert the .pem file to a .crt file, which is the format Debian-based systems expect.
  2. sudo cp hetty-ca.pem /usr/local/share/ca-certificates/hetty-ca.crt
  3. Now, update the system's certificate store:
  4. sudo update-ca-certificates
  5. You should see output indicating that 1 certificate was added.

Note for Firefox users: Firefox maintains its own certificate store. You'll need to go to Settings > Privacy & Security > Certificates > View Certificates > Authorities > Import and select the hetty-ca.pem file, trusting it to identify websites.

Configuring Your Proxy

With the certificate trusted, the final step is to tell your browser or OS to actually use Hetty as its proxy. The proxy address is your Hetty server's IP and the port you configured (e.g., 192.168.1.100:8080).

While you can set this in your operating system's network settings, it forces all your traffic through the proxy, which can be noisy. A much more elegant solution is to use a browser extension.

We highly recommend Proxy SwitchyOmega (available for Chrome and Firefox). It lets you easily toggle the proxy on and off or automatically switch for specific sites.

Here’s a quick setup for SwitchyOmega:

  1. Install the extension and go to its Options.
  2. Create a new "Proxy Profile". Name it "Hetty".
  3. Ensure the protocol is set to HTTP.
  4. In the "Server" field, enter your Hetty server's IP address (e.g., 192.168.1.100).
  5. In the "Port" field, enter 8080.
  6. Click "Apply changes".

Now, you can just click the SwitchyOmega icon in your toolbar and select your "Hetty" profile to start routing traffic. You'll immediately see requests pouring into the Hetty web UI. Success!

Level Up Your Hetty Game: Tips for 2025

You've got the basics down. Now let's make your workflow truly powerful.

Master the Scope

By default, Hetty logs everything. To focus on a specific application, use the Projects feature. Create a new project and define a scope. For example, you can set the scope to only include URLs containing api.myapp.com. This keeps your log clean and focused on what matters.

Know When to Bypass

Some domains and applications use certificate pinning and will break when proxied. Common culprits include Google services, telemetry endpoints, and some desktop apps. In Hetty, you can go to the Bypass menu and add URL patterns to ignore. A good starting point is to add patterns for *.google.com and *.googleapis.com to keep your browsing experience smooth.

Use the Sender Module

See a request in your log that you want to tinker with? Right-click it and "Send to Sender". This opens a new view where you can modify any part of the request—the URL, headers, or body—and resend it. This is your playground for security testing and API debugging.

Your Window Into the Web

And there you have it. With a simple Docker container and a few configuration steps, you've deployed a powerful, modern HTTP toolkit into your HomeLab. You're no longer in the dark about what your applications are doing. You have a full-fledged analysis suite, accessible from any browser on your network, ready to dissect, debug, and discover.

This setup isn't just a tool; it's a platform for learning and a massive upgrade to any developer's or security researcher's arsenal. What's the first thing you're going to analyze with your new Hetty setup? Let us know!

Tags

#Hetty#Docker#Self-Hosting#Web Security#HomeLab

You May Also Like