An intercepting HTTP/HTTPS proxy with a web UI, in the spirit of Burp Suite and mitmproxy. Route a browser through it to capture every request and response, decrypt HTTPS on the fly, inspect traffic, replay and modify requests, and hold requests for manual review before they go out.
Use it only against applications you own or are authorized to test.
- Proxy + history - forwards HTTP and HTTPS and records every flow (method, URL, status, timing, headers, bodies).
- HTTPS interception - acts as a man-in-the-middle using a locally generated CA. It mints a certificate per host on the fly, so once you trust the CA the proxy can read TLS traffic.
- Inspector - click any flow to read the full request and response.
- Repeater - send a captured request to an editable form, change anything, and replay it; the result lands back in the history.
- Intercept - toggle intercept to pause outgoing requests in a queue, edit the body, then forward or drop each one.
pip install -r requirements.txt # cryptography, for certificate generationpython proxyscope.py
# or: python -m proxyscopeIt starts two servers and prints where:
proxyscope 1.0.0
proxy 127.0.0.1:8080 (set this as your browser's HTTP/HTTPS proxy)
ui http://127.0.0.1:8081
ca cert C:\Users\you\.proxyscope\ca-cert.pem
Ports are configurable: --proxy-port, --ui-port, --host, --cert-dir.
- Point your browser (or system) HTTP/HTTPS proxy at
127.0.0.1:8080. - Download the CA certificate from the UI ("download CA cert", or the printed path) and install it as a trusted root in your browser/OS.
- Browse. HTTPS requests now appear decrypted in the history.
Without trusting the CA you will get certificate warnings on HTTPS - that is the proxy substituting its own certificate, which is exactly how this class of tool works. Only install the CA on a machine you control, and remove it when done.
proxyscope.py run without installing
proxyscope/
cli.py starts the proxy and UI servers
proxy.py forward proxy; CONNECT + per-host TLS MITM
certs.py local CA and on-the-fly leaf certificates (cryptography)
store.py thread-safe flow history and the intercept queue
ui.py web UI, JSON API, repeater, CA download
The proxy is threaded (one thread per connection). For HTTP it rewrites
absolute-form requests and relays them. For HTTPS it answers CONNECT, presents
a certificate generated for the requested host and signed by the local CA, then
speaks HTTP over the decrypted channel and forwards upstream over real TLS.
- HTTP/1.1; WebSocket and HTTP/2 frames are tunneled or unsupported, not parsed.
- In-memory history (capped); nothing is written to disk except the CA and the per-host certificate cache.
- Some clients (notably Windows
curlusing schannel) will not trust a file-based CA - install the CA in the system/browser store instead.
Python 3.9+ and cryptography (see requirements.txt).
MIT
