A Windows-native HTTP/HTTPS debugging proxy with an AI-powered assistant, built with Electron.
β οΈ This is a personal/experimental project.If you need a mature, production-ready HTTP debugging proxy, go check outβ it's excellent and was the direct inspiration for this project. ProxyBoy exists because I wanted a Windows-native alternative with agentic AI capabilities baked in, and I wanted to learn by building one.[Proxyman]
ProxyBoy is a man-in-the-middle (MITM) HTTP/HTTPS proxy that captures, inspects, and modifies network traffic β similar to Charles Proxy, Fiddler, or Proxyman. What makes it different is the embedded AI assistant powered by the GitHub Copilot SDK, which can analyze traffic, create rules, and help debug network issues conversationally.
Traffic Captureβ Intercept HTTP and HTTPS traffic with automatic SSL certificate generation** Request/Response Inspector**β View headers, bodies (JSON, HTML, XML, images), timing, and metadata** GraphQL Awareness**β Detect GraphQL operations, show operation names, and filter traffic by operation** Protobuf / gRPC Decoding**β Decode protobuf payloads in the detail view with.proto
files and fall back to raw field inspection when schemas are missingNo Cache Toggleβ Strip cache validators and returnCache-Control: no-store
to force fresh responsesNetwork Throttlingβ Simulate slower links with preset or custom upload, download, and latency profiles** Request Composer**β Build a request from scratch, send it through ProxyBoy, and inspect the captured result inline** Upstream Proxy Chaining**β Forward traffic through HTTP or SOCKS5 upstream proxies with bypass patterns and secure credential storage** Cookie Inspector**β Parse request cookies andSet-Cookie
headers into a structured, searchable viewAI Assistantβ Chat panel powered by GitHub Copilot that can search traffic, analyze patterns, create rules, and export data** Breakpoint Rules**β requests/responses mid-flight, inspect them, then forward or drop** Map Local Rules**β Serve local files instead of remote responses for mocking APIs** Map Remote Rules**β Forward matching requests to a different upstream host without changing your client** Capture Rules**β Switch between capture-all, allow-list, and block-list modes to control what gets recorded** System Proxy Integration**β Toggle Windows system proxy on/off from the app** HAR Export/Import**β Standard HAR format for sharing captures with other tools** Configurable Columns**β Show/hide columns, sort by any field, timestamps** Body Search**β Include request and response text bodies in traffic filtering when you need deeper search** WebSocket and SSE Inspection**β Capture live WebSocket frames and Server-Sent Events in the traffic detail view** Script Rules**β Run sandboxed JavaScript rules to rewrite requests and responses without leaving the app** Copy as cURL**β Right-click any request to copy it as a cURL command** Keyboard Shortcuts**β Fast access to proxy control, HAR import/export, filtering, and traffic actions** Theme Modes**β Dark, Light, or System theme selection with live switching** Detachable AI Panel**β Pop the assistant out into its own window
HAR Import + Image Preview + AI Session Analysis Import a HAR file, preview images inline, and ask the AI assistant to break down what's in the capture.
Content Type Filtering + JSON Body Viewer Filter traffic by content type (JSON, HTML, CSS, JS, images, etc.) and inspect formatted response bodies.
AI-Powered Request Analysis
Select any request and ask the AI to explain it β it calls tools like analyzeFlow
to inspect headers, body, and context, then gives you a human-readable breakdown.
The embedded Copilot agent has access to these tools:
| Tool | Description |
|---|---|
getRecentTraffic |
|
| Fetch the latest captured flows | |
searchTraffic |
|
| Search flows by URL, body, or headers | |
getErrorFlows |
|
| Find all 4xx/5xx responses | |
getFlowDetails |
|
| Deep-dive into a specific request | |
createBreakpointRule |
|
| Create a breakpoint to matching traffic | |
createMapLocalRule |
|
| Mock an API endpoint with a local file | |
exportHar |
|
| Export captured traffic as HAR | |
controlProxy |
|
| Start or stop the proxy engine |
Tool execution can be auto-approved or require manual confirmation per-call.
Electron+** React**+** TypeScript**β MITM proxy enginehttp-mitm-proxyβ AI agent capabilities@github/copilot-sdkβ SQLite in-process for persistencesql.jsβ StylingTailwind CSSβ Virtualized traffic listreact-virtuosoElectron Forgeβ Build and packaging
**Windows 10/11****Node.js 20+**GitHub Copilot subscription(for the AI assistant β the proxy works without it)
git clone https://github.com/pjperez/proxyboy.git
cd proxyboy
npm install
npm start
npm run build
Output goes to out/make/
.
Start the proxyβ Click the play button in the status bar or use the AI assistant** Route traffic**β Either toggle "System Proxy" in settings, or manually configure your browser/app to use127.0.0.1:9090
Inspectβ Click any row to see request/response details** Create rules**β Use the Breakpoints, Map Local, or Map Remote views, or ask the AI assistant** AI Assistant**β Click the robot icon in the sidebar or pressCtrl+Shift+A
To inspect HTTPS traffic, you'll need to trust ProxyBoy's root CA certificate:
- Go to Settingsβ** Install Certificate** - This installs a local root CA into the Windows certificate store
- Restart your browser after installing
The certificate is generated locally and stored in your user profile. It never leaves your machine.
If a request fails immediately after TLS setup and ProxyBoy tags it as ssl-pinning-suspected
, the target app is probably rejecting the ProxyBoy MITM certificate instead of accepting your locally trusted CA.
Common approaches:
Android debug buildsβ Use a debug-only network security config or a test build that trusts user-installed CAs.** iOS simulators**β Prefer development builds with pinning disabled, or use instrumentation tools in local test environments.** Desktop apps / Electron apps**β Check for developer flags, debug certificates, or test-only trust overrides before trying to intercept production builds.
ProxyBoy can only point out the likely cause. Certificate pinning bypasses are app-specific, and the safest path is usually a debug/test build with relaxed certificate validation.
src/
βββ main/ # Electron main process
β βββ proxy/ # MITM proxy engine, interceptor, certificate manager
β βββ agent/ # Copilot SDK client, tools, prompts
β βββ ipc/ # IPC handlers between main β renderer
β βββ storage/ # SQLite database, queries
β βββ utils/ # Windows proxy settings, HAR export
βββ renderer/ # React UI
β βββ components/ # Traffic list, detail view, agent panel, rules editors
β βββ stores/ # Zustand state management
β βββ utils/ # cURL generation, helpers
βββ shared/ # Types, constants shared between main & renderer
Windows onlyβ System proxy integration uses Windows registry; the rest could theoretically work cross-platform** No request/response editing in breakpoints**β You can inspect and forward/drop, but not modify (yet)** SSL inspection quirks**β Some sites with certificate pinning or HSTS preload may not work through the proxy** Cloudflare challenges**β Sites behind Cloudflare browser challenges will typically fail through any MITM proxy** Very limited automated tests**β There is a small test foothold now, but coverage is still far from production-ready π
β The primary inspiration. Seriously, go use Proxyman if you want a polished, reliable proxy tool. It's great.ProxymanandCharles Proxyβ Other excellent tools in this spaceFiddlerβ Powers the AI assistant, and also helped build this entire appGitHub Copilot
MIT β Do whatever you want with it.