Skip to content

Introduction

Ogma is a desktop web security toolkit for penetration testers, application security engineers, and researchers. It combines an intercepting proxy, Replay, Automate, Workflows, scanners, utilities, plugins, and AI integration in one local project workspace.

What Ogma Is

Ogma is local-first. It captures HTTP, WebSocket, and SSE traffic on the workstation running the app, stores data in local projects, and keeps the daily testing workflow close to the traffic table.

Key Features

  • HTTPS and WebSocket proxy - captures and decrypts HTTPS and WSS traffic using a local CA; intercept, edit, forward, or drop any request or message.
  • Replay - resend any captured request with modifications; chain sessions and save templates for regression testing.
  • Automate - fuzz parameters across a request with payload lists, similar to Burp Intruder; supports sequential and concurrent modes.
  • Passive and active scanner - passive rules run against all captured traffic; active checks send targeted payloads for common vulnerability classes.
  • Content discovery - crawl paths from wordlists against in-scope hosts to find hidden endpoints.
  • Plugins - extend Ogma with JavaScript plugins; install from a folder, ZIP, or the marketplace; compatible with the Caido plugin API surface.
  • AI assistant - embedded chat panel that can read traffic, create findings, control the browser, and run tests; connects to Anthropic, OpenAI, or Google Gemini.
  • MCP integration - exposes 145 tools over the Model Context Protocol so external AI clients (Claude Code, Cursor, Codex) can query history, send requests, and update findings.

Use Ogma To

  • Capture and inspect HTTP, WebSocket, and SSE traffic.
  • Pause, edit, forward, or drop traffic with Intercept.
  • Send requests to Replay, Automate, Workflows, Scanner, Findings, or Exports.
  • Build project evidence with linked requests and responses.
  • Install plugins from folders, zip archives, or the marketplace.
  • Connect scoped project context to AI assistants through MCP.

Documentation Map

GoalPage
Install and launch OgmaGetting started
Capture your first requestFirst capture
Understand the daily workflowProxy workflow
Run passive and active checksScanning
Build or install pluginsPlugin system
Use the embedded AI assistantWorkspace AI
Connect an external MCP clientMCP setup

Main Areas

AreaStart here
ProxyHTTP History, Intercept, Replay
AnalysisSearch, Findings, Exports
UtilitiesScanner, Decoder, JWT
AutomationAutomate, Workflows, Environment
ExtensionsPlugins, Backend SDK, Frontend SDK

Released under the GNU AGPLv3 license.