cd /news/developer-tools/show-hn-proxyboy-a-windows-http-http… Β· home β€Ί topics β€Ί developer-tools β€Ί article
[ARTICLE Β· art-47871] src=github.com β†— pub= topic=developer-tools verified=true sentiment=Β· neutral

Show HN: ProxyBoy. A Windows HTTP/HTTPS debugging proxy with an AI assistant

ProxyBoy, a Windows-native HTTP/HTTPS debugging proxy with an AI assistant powered by GitHub Copilot, has been released as an experimental project. The tool captures, inspects, and modifies network traffic, offering features like GraphQL awareness, protobuf decoding, and breakpoint rules. It aims to provide a Windows alternative to tools like Proxyman with integrated AI capabilities.

read6 min views1 publishedJul 4, 2026
Show HN: ProxyBoy. A Windows HTTP/HTTPS debugging proxy with an AI assistant
Image: source

A Windows-native HTTP/HTTPS debugging proxy with an AI-powered assistant, built with Electron.

⚠️ This is a personal/experimental project.If you need a mature, production-ready HTTP debugging proxy, go check outβ€” it's excellent and was the direct inspiration for this project. ProxyBoy exists because I wanted a Windows-native alternative with agentic AI capabilities baked in, and I wanted to learn by building one.[Proxyman]

ProxyBoy is a man-in-the-middle (MITM) HTTP/HTTPS proxy that captures, inspects, and modifies network traffic β€” similar to Charles Proxy, Fiddler, or Proxyman. What makes it different is the embedded AI assistant powered by the GitHub Copilot SDK, which can analyze traffic, create rules, and help debug network issues conversationally.

Traffic Captureβ€” Intercept HTTP and HTTPS traffic with automatic SSL certificate generation** Request/Response Inspector**β€” View headers, bodies (JSON, HTML, XML, images), timing, and metadata** GraphQL Awareness**β€” Detect GraphQL operations, show operation names, and filter traffic by operation** Protobuf / gRPC Decoding**β€” Decode protobuf payloads in the detail view with.proto

files and fall back to raw field inspection when schemas are missingNo Cache Toggleβ€” Strip cache validators and returnCache-Control: no-store

to force fresh responsesNetwork Throttlingβ€” Simulate slower links with preset or custom upload, download, and latency profiles** Request Composer**β€” Build a request from scratch, send it through ProxyBoy, and inspect the captured result inline** Upstream Proxy Chaining**β€” Forward traffic through HTTP or SOCKS5 upstream proxies with bypass patterns and secure credential storage** Cookie Inspector**β€” Parse request cookies andSet-Cookie

headers into a structured, searchable viewAI Assistantβ€” Chat panel powered by GitHub Copilot that can search traffic, analyze patterns, create rules, and export data** Breakpoint Rules**β€” requests/responses mid-flight, inspect them, then forward or drop** Map Local Rules**β€” Serve local files instead of remote responses for mocking APIs** Map Remote Rules**β€” Forward matching requests to a different upstream host without changing your client** Capture Rules**β€” Switch between capture-all, allow-list, and block-list modes to control what gets recorded** System Proxy Integration**β€” Toggle Windows system proxy on/off from the app** HAR Export/Import**β€” Standard HAR format for sharing captures with other tools** Configurable Columns**β€” Show/hide columns, sort by any field, timestamps** Body Search**β€” Include request and response text bodies in traffic filtering when you need deeper search** WebSocket and SSE Inspection**β€” Capture live WebSocket frames and Server-Sent Events in the traffic detail view** Script Rules**β€” Run sandboxed JavaScript rules to rewrite requests and responses without leaving the app** Copy as cURL**β€” Right-click any request to copy it as a cURL command** Keyboard Shortcuts**β€” Fast access to proxy control, HAR import/export, filtering, and traffic actions** Theme Modes**β€” Dark, Light, or System theme selection with live switching** Detachable AI Panel**β€” Pop the assistant out into its own window

HAR Import + Image Preview + AI Session Analysis Import a HAR file, preview images inline, and ask the AI assistant to break down what's in the capture.

Content Type Filtering + JSON Body Viewer Filter traffic by content type (JSON, HTML, CSS, JS, images, etc.) and inspect formatted response bodies.

AI-Powered Request Analysis Select any request and ask the AI to explain it β€” it calls tools like analyzeFlow

to inspect headers, body, and context, then gives you a human-readable breakdown.

The embedded Copilot agent has access to these tools:

Tool Description
getRecentTraffic
Fetch the latest captured flows
searchTraffic
Search flows by URL, body, or headers
getErrorFlows
Find all 4xx/5xx responses
getFlowDetails
Deep-dive into a specific request
createBreakpointRule
Create a breakpoint to matching traffic
createMapLocalRule
Mock an API endpoint with a local file
exportHar
Export captured traffic as HAR
controlProxy
Start or stop the proxy engine

Tool execution can be auto-approved or require manual confirmation per-call.

Electron+** React**+** TypeScript**β€” MITM proxy enginehttp-mitm-proxyβ€” AI agent capabilities@github/copilot-sdkβ€” SQLite in-process for persistencesql.jsβ€” StylingTailwind CSSβ€” Virtualized traffic listreact-virtuosoElectron Forgeβ€” Build and packaging

**Windows 10/11****Node.js 20+**GitHub Copilot subscription(for the AI assistant β€” the proxy works without it)

git clone https://github.com/pjperez/proxyboy.git
cd proxyboy
npm install
npm start
npm run build

Output goes to out/make/

.

Start the proxyβ€” Click the play button in the status bar or use the AI assistant** Route traffic**β€” Either toggle "System Proxy" in settings, or manually configure your browser/app to use127.0.0.1:9090

Inspectβ€” Click any row to see request/response details** Create rules**β€” Use the Breakpoints, Map Local, or Map Remote views, or ask the AI assistant** AI Assistant**β€” Click the robot icon in the sidebar or pressCtrl+Shift+A

To inspect HTTPS traffic, you'll need to trust ProxyBoy's root CA certificate:

  • Go to Settingsβ†’** Install Certificate** - This installs a local root CA into the Windows certificate store
  • Restart your browser after installing

The certificate is generated locally and stored in your user profile. It never leaves your machine.

If a request fails immediately after TLS setup and ProxyBoy tags it as ssl-pinning-suspected

, the target app is probably rejecting the ProxyBoy MITM certificate instead of accepting your locally trusted CA.

Common approaches:

Android debug buildsβ€” Use a debug-only network security config or a test build that trusts user-installed CAs.** iOS simulators**β€” Prefer development builds with pinning disabled, or use instrumentation tools in local test environments.** Desktop apps / Electron apps**β€” Check for developer flags, debug certificates, or test-only trust overrides before trying to intercept production builds.

ProxyBoy can only point out the likely cause. Certificate pinning bypasses are app-specific, and the safest path is usually a debug/test build with relaxed certificate validation.

src/
β”œβ”€β”€ main/              # Electron main process
β”‚   β”œβ”€β”€ proxy/         # MITM proxy engine, interceptor, certificate manager
β”‚   β”œβ”€β”€ agent/         # Copilot SDK client, tools, prompts
β”‚   β”œβ”€β”€ ipc/           # IPC handlers between main ↔ renderer
β”‚   β”œβ”€β”€ storage/       # SQLite database, queries
β”‚   └── utils/         # Windows proxy settings, HAR export
β”œβ”€β”€ renderer/          # React UI
β”‚   β”œβ”€β”€ components/    # Traffic list, detail view, agent panel, rules editors
β”‚   β”œβ”€β”€ stores/        # Zustand state management
β”‚   └── utils/         # cURL generation, helpers
└── shared/            # Types, constants shared between main & renderer

Windows onlyβ€” System proxy integration uses Windows registry; the rest could theoretically work cross-platform** No request/response editing in breakpoints**β€” You can inspect and forward/drop, but not modify (yet)** SSL inspection quirks**β€” Some sites with certificate pinning or HSTS preload may not work through the proxy** Cloudflare challenges**β€” Sites behind Cloudflare browser challenges will typically fail through any MITM proxy** Very limited automated tests**β€” There is a small test foothold now, but coverage is still far from production-ready πŸ™ƒ

β€” The primary inspiration. Seriously, go use Proxyman if you want a polished, reliable proxy tool. It's great.ProxymanandCharles Proxyβ€” Other excellent tools in this spaceFiddlerβ€” Powers the AI assistant, and also helped build this entire appGitHub Copilot

MIT β€” Do whatever you want with it.

── more in #developer-tools 4 stories Β· sorted by recency
── more on @proxyboy 3 stories trending now
sponsored brought to you by zahid.host 4,200+ EU-deployed projects
reading about agents? ship yours in a single git push.

Run your AI side-project on zahid.host

EU-based hosting, git-push deploys, automatic HTTPS, no cold starts. Free tier with a custom domain β€” perfect for shipping the agent you just read about.

$git push zahid main
β†’ Live at https://your-agent.zahid.host βœ“
Get free account β†’ Pricing
from €0/mo Β· no card required
LIVE [news/show-hn-proxyboy-a-w…] indexed:0 read:6min 2026-07-04 Β· β€”