Desktop v4 Guide
The desktop app as the main operator surface for projects, replay, AuthZ diffing, race testing, and evidence review.
Desktop v4 Guide
WSHawk Desktop is the main operator surface in v4. It wraps the local Python sidecar in an Electron shell and keeps traffic, identities, notes, findings, and exports inside one project-backed workflow.
Main Areas
- overview and scanner views
- advanced tools for replay, interceptor, payload work, and evidence
- web pentest workspace for HTTP discovery and attack tooling
Typical Workflow
- create a project
- connect or import target context
- pair the browser companion if needed
- capture traffic
- replay or compare actions
- run race tests where state changes matter
- review findings and notes in the same project
- export an evidence bundle
What the Desktop Is Best At
- stateful WebSocket operations
- mixed HTTP plus WebSocket targets
- cross-identity comparison
- browser-authenticated workflows
- evidence review before handoff
Browser Companion
The browser companion is for scoped handshake capture and browser-authenticated flows. In the current release it uses pairing and scoped capture rather than a long-lived extension bridge token.
Smoke Check
cd desktop
npm run smoke