About Bandsalat

A literal Bandsalat (tape salad)

A literal Bandsalat (a German word, literally "tape salad") representing modern software & web architecture. Bandsalat (the software) metaphorically helps you untangle this mess.
Photo by Dan Cristian Pădureț on Unsplash

Who is behind

I'm Alexander Prinzhorn (HackerOne, GitHub, Twitter), the creator of Bandsalat.

Motivation

After using available intercepting proxies (both open-source and commercial) I got frustrated with multiple things (spoiler: UI and UX):

  1. I didn't find the user interfaces pleasant to look at. If I use a software all day it should be somewhat nice to look at and be fun to work with. While design is largely subjective, I have a condition that makes me unable to look at Swing's SystemLookAndFeel for prolonged periods of time (usually more than a couple of milliseconds).
  2. The usability was...sub-par. This can be small examples such as unconventional keyboard shortcuts (bUt yOU caN CHanGe ThEM iN seTtIngS). Or having icon-only buttons and UI (do you really expect me to hover over every single button?). Or bigger issues such as displaying hierarchical data in a flat list. Or only being able to select "4xx" as a status code filter when I didn't care about 404. Or searching the whole HTTP message when I only cared about headers. Or using regular expressions in places where they don't make sense. You get the point. I think all of these can be summarized as functional vs non-functional requirements. I deeply care about the latter and use a top-down approach to get a feeling of how things should work for the user before making them actually work. Instead of implementing new features straight away, I think about how they can interact or be combined with existing features. My goal is always to make features as general purpose and flexible as possible. I always try to see the bigger picture.

But my biggest pain point was that there is so much data inside these proxies but no way to make sense of it. I had a particular question I wanted to get answered and my only option was to export the data and write my own script. So initially I worked on a concept for what is now known as the Treasure Hunter module (run SQL on everything). But I figured I might as well create the intercepting proxy that I want to use while I'm at it.

I like to do things differently and question the status quo. Bandsalat is the perfect software for me. It fits my workflow and the way my brain works. I hope others can benefit from it as well!

What Bandsalat is not

Bandsalat is not a vulnerability scanner and does currently not try to be one. Why don't you become a vulnerability scanner using Bandsalat? Mind blown.

Obligatory meme

A Gru meme about how I spend four years to generalize a solution to avoid 20 minutes of writing a script for a problem I had

I'm sorry if this made you laugh