Provides comprehensive traffic interception for Android devices, including CA certificate injection via ADB, reverse tunneling, and SSL unpinning using Frida scripts.
Enables automated launching of the Brave browser with integrated proxy configuration for capturing and modifying web traffic.
Automates proxy configuration for curl commands by setting environment variables to route traffic through the MITM proxy for inspection.
Supports intercepting Deno network traffic by automatically configuring proxy environment variables for spawned processes.
Injects proxy settings and CA certificates into running Docker containers to capture and inspect containerized network traffic.
Enables monitoring and manipulation of Git network requests by automatically configuring proxy environment variables.
Allows for the interception of Node.js network traffic by configuring proxy environment variables and SSL certificate trust for spawned processes.
Routes npm network activity through the proxy by setting appropriate environment variables to capture and inspect package management traffic.
Enables interception of Python application traffic, including support for the requests library, through automated environment variable injection.
Routes yarn network activity through the proxy by setting appropriate environment variables to capture and inspect package management traffic.
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@proxy-mcpintercept traffic to api.example.com and show the headers"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
proxy-mcp
proxy-mcp is an MCP server that runs an explicit HTTP/HTTPS MITM proxy (L7). It captures requests/responses, lets you modify traffic in-flight (headers/bodies/mock/forward/drop), supports upstream proxy chaining, and records TLS fingerprints for connections to the proxy (JA3/JA4) plus optional upstream server JA3S. It also ships "interceptors" to route Chrome, CLI tools, Docker containers, and Android devices/apps through the proxy.
44 tools + 5 resources. Built on mockttp.
Boundaries
Only sees traffic configured to route through it (not a network tap or packet sniffer)
Spoofs outgoing JA3 only (via CycleTLS), not JA4 (JA4 is capture-only)
Can add, overwrite, or delete HTTP headers — does not control header order
Returns its own CA certificate — does not expose upstream server certificate chains
Pairs well with CDP/Playwright
Use CDP/Playwright for browser internals (DOM, JS execution, localStorage, cookie jar), and proxy-mcp for wire-level capture/manipulation + replay. They complement each other:
Capability | CDP / Playwright | proxy-mcp |
See/modify DOM, run JS in page | Yes | No |
Read cookies, localStorage, sessionStorage | Yes (browser cookie jar) | No (but sees Cookie/Set-Cookie headers on the wire) |
Capture HTTP request/response bodies | Yes for browser requests (protocol/size/streaming caveats) | Body previews only (4 KB cap, 1000-entry ring buffer) |
Modify requests in-flight (headers, body, mock, drop) | Via route/intercept handlers | Yes (declarative rules, hot-reload) |
Upstream proxy chaining (geo, auth) | Single browser via | Global + per-host upstreams across all clients (SOCKS4/5, HTTP, HTTPS, PAC) |
TLS fingerprint capture (JA3/JA4/JA3S) | No | Yes |
JA3 spoofing | No | Proxy-side only (CycleTLS re-issues matching requests with spoofed JA3; does not alter the client's TLS handshake) |
Intercept non-browser traffic (curl, Python, Android apps) | No | Yes (interceptors) |
A typical combo: launch Chrome via interceptor_chrome_launch (routes through proxy automatically), drive pages with Playwright/CDP, and use proxy-mcp to capture the wire traffic, inject headers, or spoof JA3 — all in the same session.
Attach Playwright to proxy-launched Chrome:
Call
proxy_startCall
interceptor_chrome_launchCall
interceptor_chrome_cdp_info(or readproxy://chrome/targets) to getcdp.httpUrl(Playwright) andcdp.browserWebSocketDebuggerUrl(raw CDP clients)In Playwright:
import { chromium } from "playwright"; const browser = await chromium.connectOverCDP("http://127.0.0.1:<cdp-port>");
Setup
Claude Code .mcp.json
Tools Reference
Lifecycle (4)
Tool | Description |
| Start MITM proxy, auto-generate CA cert |
| Stop proxy (traffic/cert retained) |
| Running state, port, rule/traffic counts |
| CA certificate PEM + SPKI fingerprint |
Upstream Proxy (4)
Tool | Description |
| Set global upstream proxy |
| Remove global upstream |
| Per-host upstream override |
| Remove per-host override |
Interception Rules (6)
Tool | Description |
| Add rule with matcher + handler |
| Modify existing rule |
| Delete rule |
| List all rules by priority |
| Enable a disabled rule |
| Disable without removing |
Traffic Capture (4)
Tool | Description |
| Paginated traffic list with filters |
| Full exchange details by ID |
| Full-text search across traffic |
| Clear capture buffer |
Modification Shortcuts (3)
Tool | Description |
| Add/overwrite/delete headers on matching traffic (set value to |
| Rewrite request URLs |
| Return mock response for matched requests |
TLS Fingerprinting (6)
Tool | Description |
| Get JA3/JA4 client fingerprints + JA3S for a single exchange |
| List unique JA3/JA4 fingerprints across all traffic with counts |
| Enable JA3 spoofing via CycleTLS for outgoing requests |
| Disable JA3 spoofing and shut down CycleTLS |
| Return current TLS config (server capture, JA3 spoof state) |
| Toggle server-side JA3S capture (monkey-patches |
JA3 spoofing works by re-issuing the request from the proxy via CycleTLS with a specified JA3 string. The origin server sees the proxy's spoofed fingerprint, not the original client's. JA4 fingerprints are captured (read-only) but spoofing is not supported.
Interceptors (17)
Interceptors configure targets (browsers, processes, devices, containers) to route their traffic through the proxy automatically.
Discovery (3)
Tool | Description |
| List all interceptors with availability and active target counts |
| Detailed status of a specific interceptor |
| Emergency cleanup: kill all active interceptors across all types |
Chrome (3)
Tool | Description |
| Launch Chrome/Chromium/Brave/Edge with proxy flags and SPKI cert trust |
| Get CDP endpoints (HTTP + WebSocket) and tab targets for a launched Chrome |
| Close a Chrome instance by target ID |
Launches with isolated temp profile, auto-cleaned on close. Supports chrome, chromium, brave, edge.
Terminal / Process (2)
Tool | Description |
| Spawn a command with proxy env vars pre-configured (HTTP_PROXY, SSL certs, etc.) |
| Kill a spawned process and retrieve stdout/stderr |
Sets 18+ env vars covering curl, Node.js, Python requests, Deno, Git, npm/yarn.
Android ADB (4)
Tool | Description |
| List connected Android devices via ADB |
| Full interception: inject CA cert, ADB reverse tunnel, optional Wi-Fi proxy |
| Remove ADB tunnel and clear Wi-Fi proxy |
| Quick setup: push CA cert + ADB reverse tunnel (no Wi-Fi proxy) |
Caveats: CA cert injection requires root access. Supports Android 14+ (/apex/com.android.conscrypt/cacerts/). Wi-Fi proxy is opt-in (default off).
Android Frida (3)
Tool | Description |
| List running apps on device via Frida |
| Attach to app and inject SSL unpinning + proxy redirect scripts |
| Detach Frida session from app |
Caveats: Requires frida-server running on device. Uses frida-js (pure JS, no native binaries on host). SSL unpinning covers OkHttp, BoringSSL, TrustManager, system TLS — but may not work against QUIC or custom TLS stacks.
Docker (2)
Tool | Description |
| Inject proxy env vars and CA cert into running container |
| Remove proxy config from container |
Two modes: exec (live injection, existing processes need restart) and restart (stop + restart container). Uses host.docker.internal for proxy URL.
Resources
URI | Description |
| Proxy running state and config |
| CA certificate PEM |
| Traffic stats: method/status breakdown, top hostnames, TLS fingerprint stats |
| All interceptor metadata and activation status |
| CDP endpoints + tab targets for active Chrome instances |
Usage Example
Architecture
State:
ProxyManagersingleton manages mockttp server, rules, trafficRule rebuild: Rules must be set before mockttp
start(), so rule changes trigger stop/recreate/restart cycleTraffic capture:
on('request')+on('response')events, correlated by request IDRing buffer: 1000 entries max, body previews capped at 4KB
TLS capture: Client JA3/JA4 from mockttp socket metadata; server JA3S via
tls.connectmonkey-patchInterceptors: Managed by
InterceptorManager, each type registers independently
Testing
Credits
Core Libraries
Project | Role |
MITM proxy engine, rule system, CA generation | |
JA3 spoofing via Go TLS subprocess | |
Pure-JS Frida client for Android instrumentation | |
Chrome/Chromium process management | |
Docker API client | |
MCP server framework |
Vendored Frida Scripts
All scripts in src/frida-scripts/vendor/ are derived from httptoolkit/frida-interception-and-unpinning (MIT):
config-template.js— proxy/cert config injectionandroid-certificate-unpinning.js— TrustManager + OkHttp + BoringSSL hooksandroid-system-certificate-injection.js— runtime cert injection via KeyStoreandroid-proxy-override.js— ProxySelector monkey-patchnative-tls-hook.js— BoringSSL/OpenSSL native hooksnative-connect-hook.js— libcconnect()redirect