HTTP traffic with project memory
Requests, responses, headers, bodies, findings, endpoint metadata, and full-text indexes live in one local SQLite project.
Crusader captures web app traffic into one local project, then lets you replay, compare, search, scan, import, extend, and automate it without handing your client traffic to a hosted workspace.
Crusader is meant for the middle of an authorized web assessment: capturing browser or API traffic, organizing it into a project, and turning interesting requests into proof. The Free tier is the daily driver; Hunter Pro adds active proof workflows, mobile, identity replay, JA3 transport, hosted Beacon, and full automation.
Requests, responses, headers, bodies, findings, endpoint metadata, and full-text indexes live in one local SQLite project.
Send any exchange to Repeater, edit raw requests or structured views, replay as saved identities, and compare response deltas.
Use read-only SQL or natural-language query generation to inspect every captured exchange and pivot rows straight into testing tools.
Hot-reload JavaScript plugins, expose tools over MCP, and let agents inspect history without automatically firing network actions.
Start with a clean project, capture only the authorized target, define scope, then triage the highest-signal requests before you run active proof. This is the safe path for bug bounty, consulting, internal appsec, and product security work.
1. Capture traffic with Crusader as the local proxy
2. Define target scope and trust boundaries
3. Use Site Map, History, SQL, and passive scanner triage
4. Send promising requests to Repeater or identity replay
5. Promote evidenced bugs into findings and reports
The proxy is the base layer, but the advantage is the surrounding workflow: identity-aware replay for authorization bugs, mobile interception, browser-like JA3 transport, plugins, and agent-safe automation over the same project database.
Import Burp, Caido, HAR, and Fiddler SAZ projects so old captures become searchable Crusader workspaces.
Find common web issues from already-captured traffic before sending any active verification request.
Free uses no account, email signup, or app telemetry. Update checks and license checks are separate from project capture.
Script captures, query history, expose read-only project context to agents, and gate active/write operations by license and scope.
Use these pages to navigate the bigger Crusader feature set by the problem you are trying to solve.
Download Crusader, capture an authorized target, and keep working locally. Start the 14-day Hunter Pro trial inside the app when you want mobile, identity replay, JA3 transport, hosted Beacon, and active proof workflows.
Download Crusader →