CapTipper is a Python tool used to analyze and discover malicious HTTP traffic. It can also help to analyze and revive captured sessions from PCAP files. CapTipper builds a web server that works exactly as the server in the PCAP file. It also includes internal tools with a powerful interactive console for the evaluation and inspection of the hosts, objects, and conversations found. Thus, the tool equips provides access to the files and the understanding of the network flow for the security tester. It is helpful when studying exploits. CapTipper allows the security tester to analyze the behavior of the attack, even after the original server is already dead.