Introduction
Ogma is a desktop web security toolkit for penetration testers, application security engineers, and researchers. It combines an intercepting proxy, Replay, Automate, Workflows, scanners, utilities, plugins, and AI integration in one local project workspace.
What Ogma Is
Ogma is local-first. It captures HTTP, WebSocket, and SSE traffic on the workstation running the app, stores data in local projects, and keeps the daily testing workflow close to the traffic table.
Key Features
- HTTPS and WebSocket proxy - captures and decrypts HTTPS and WSS traffic using a local CA; intercept, edit, forward, or drop any request or message.
- Replay - resend any captured request with modifications; chain sessions and save templates for regression testing.
- Automate - fuzz parameters across a request with payload lists, similar to Burp Intruder; supports sequential and concurrent modes.
- Passive and active scanner - passive rules run against all captured traffic; active checks send targeted payloads for common vulnerability classes.
- Content discovery - crawl paths from wordlists against in-scope hosts to find hidden endpoints.
- Plugins - extend Ogma with JavaScript plugins; install from a folder, ZIP, or the marketplace; compatible with the Caido plugin API surface.
- AI assistant - embedded chat panel that can read traffic, create findings, control the browser, and run tests; connects to Anthropic, OpenAI, or Google Gemini.
- MCP integration - exposes 145 tools over the Model Context Protocol so external AI clients (Claude Code, Cursor, Codex) can query history, send requests, and update findings.
Use Ogma To
- Capture and inspect HTTP, WebSocket, and SSE traffic.
- Pause, edit, forward, or drop traffic with Intercept.
- Send requests to Replay, Automate, Workflows, Scanner, Findings, or Exports.
- Build project evidence with linked requests and responses.
- Install plugins from folders, zip archives, or the marketplace.
- Connect scoped project context to AI assistants through MCP.
Documentation Map
| Goal | Page |
|---|---|
| Install and launch Ogma | Getting started |
| Capture your first request | First capture |
| Understand the daily workflow | Proxy workflow |
| Run passive and active checks | Scanning |
| Build or install plugins | Plugin system |
| Use the embedded AI assistant | Workspace AI |
| Connect an external MCP client | MCP setup |
Main Areas
| Area | Start here |
|---|---|
| Proxy | HTTP History, Intercept, Replay |
| Analysis | Search, Findings, Exports |
| Utilities | Scanner, Decoder, JWT |
| Automation | Automate, Workflows, Environment |
| Extensions | Plugins, Backend SDK, Frontend SDK |