mrma: Analyze trust-boundary header influence on HTTP responses.

HTTP Trust Boundary Analyzer — replay requests, mutate headers safely, and quantify response influence.

date: 2026-03-4

mrma security-tools penetration-testing python header

mrma

HTTP Trust Boundary Analyzer — replay requests, mutate headers safely, and quantify response influence (authorized testing only).

mrma helps answer: “Does this target trust proxy/host headers or behave differently based on request metadata?”
It focuses on meaningful diffs (not just status/length), plus profiles that model common trust-boundary behaviors.

Start use now: Github.

Install

pipx (recommended)

BASH

pipx install .
mrma --version

dev

BASH

python3 -m venv .venv
source .venv/bin/activate
pip install -e .
mrma --version

Note:If your system CA store is broken or you’re testing lab/self-signed certs, use --insecure.

Quick start

1) Baseline fingerprint

BASH

mrma run --url https://example.com --follow-redirects

BASH

mrma diff --url https://example.com --follow-redirects --set-header "X-Test: 1" \
  --ignore-body-regex '"nonce"\s*:\s*"[A-Za-z0-9\-_]+"' \
  --ignore-body-regex '"requestId"\s*:\s*"[A-Za-z0-9\-_]+"'

mrma: Analyze trust-boundary header influence on HTTP responses.

mrma

Install

pipx (recommended)

dev

Quick start

1) Baseline fingerprint

2) Find the biggest response deltas (safe mutations)

3) Compare baseline vs a single mutation (diff)

4) Minimal required header set (delta debugging)

5) Minimal header removals that cause a change (ddmin)

Why this is different

Curated packs

Raw request mode (exact reproduction)

Ignore rules (reduce noise)

Reporting

JSON output

Config

Safety and legal