proxy-mcp

Start the HTTPS MITM proxy. Auto-generates a CA certificate. Returns port, URL, cert fingerprint, and setup instructions for the target device.

Stop the MITM proxy. Traffic history and CA certificate are retained.

Get proxy running state, port, upstream config, rule count, and traffic count.

Get the CA certificate PEM and SPKI fingerprint for installing on the target device.

Set a global upstream proxy for all outgoing traffic. Supports socks4://, socks5://, http://, https://, and pac+http:// URLs.

Remove the global upstream proxy. Traffic will go directly to target servers.

Set a per-host upstream proxy override. Traffic to this hostname will use the specified proxy instead of the global one.

Remove a per-host upstream proxy override.

Add an interception rule with a matcher and handler. Rules are evaluated by priority (ascending), first match wins.

Modify an existing interception rule.

Delete an interception rule.

List all interception rules sorted by priority.

Test which interception rules would match a request, with detailed per-field pass/fail diagnostics and effective winner by priority.

Enable a disabled interception rule.

Disable an interception rule without removing it.

List captured HTTP exchanges with optional filters. Returns paginated results.

Get full details of a captured HTTP exchange including headers and body previews.

Full-text search across URLs, headers, and body previews of captured traffic.

Clear all captured traffic from the buffer.

Add or overwrite headers on matching traffic. Creates a passthrough rule with header transforms.

Rewrite request URLs matching a pattern. Creates a passthrough rule with body match-replace on the URL.

Return a mock response for matched requests. Creates a mock rule.

Get JA3/JA4 client fingerprints and JA3S server fingerprint for a specific captured exchange.

List unique client JA3/JA4 fingerprints across captured traffic with occurrence counts.

Legacy: enable JA3 spoofing (deprecated, use proxy_set_fingerprint_spoof). Custom JA3 strings are ignored by the curl-impersonate backend; the request will use the default Chrome preset.

Enable outgoing TLS + HTTP/2 fingerprint spoofing via curl-impersonate (requires Docker or Podman). Supports browser presets that select a curl-impersonate target binary (BoringSSL + nghttp2, matching real Chrome/Firefox). Individual parameters override preset values.

List available browser fingerprint presets for use with proxy_set_fingerprint_spoof.

Check Docker/Podman runtime readiness for TLS/HTTP2 fingerprint spoofing without sending traffic.

Disable fingerprint spoofing and stop curl-impersonate container.

Get current TLS capture and spoofing configuration.

Toggle server-side JA3S capture. When enabled, outgoing TLS connections are intercepted to extract the server's negotiated TLS parameters.

List all interceptors with their availability and active targets. Shows Chrome, Terminal, Android ADB, Android Frida, and Docker interceptors.

Get detailed status of a specific interceptor, including all active targets and their details.

Kill ALL active interceptors across all types. Emergency cleanup — stops all Chrome instances, kills spawned processes, removes ADB tunnels, detaches Frida, cleans Docker.

Launch Chrome/Chromium with proxy flags and SPKI certificate trust. Uses isolated temp profile. Traffic automatically flows through the MITM proxy.

Get CDP endpoints (HTTP + WebSocket) and tab targets for a Chrome instance launched by interceptor_chrome_launch. Useful for attaching Playwright/DevTools.

Navigate a tab in a specific Chrome instance launched by interceptor_chrome_launch using that instance's CDP target WebSocket. Prevents cross-instance mistakes when proxy capture is required.

Close a Chrome instance launched by interceptor_chrome_launch.

Spawn a command with proxy env vars pre-configured (HTTP_PROXY, HTTPS_PROXY, SSL_CERT_FILE, NODE_EXTRA_CA_CERTS, CURL_CA_BUNDLE, and 15+ more). Traffic automatically routes through the MITM proxy.

Kill a spawned process by target ID. Also retrieves final stdout/stderr output.

List connected Android devices via ADB with model, version, root status, and whether they're actively intercepted.

Full Android interception: inject CA cert into system store (root required), set up ADB reverse tunnel, and optionally set Wi-Fi proxy. Proxy must be running.

Remove ADB reverse tunnel and clear Wi-Fi proxy on an Android device.

Quick setup: push CA cert + ADB reverse tunnel only (no Wi-Fi proxy). Equivalent to interceptor_android_activate with set_wifi_proxy=false.

List running apps on an Android device via Frida. Requires frida-server running on the device.

Attach to an Android app via Frida and inject SSL unpinning + proxy redirect scripts. Bypasses certificate pinning, OkHttp CertificatePinner, TrustManager, and native TLS verification.

Detach Frida session from an Android app, removing injected scripts.

Inject proxy env vars and CA certificate into a Docker container. Two modes: 'exec' (inject into running container) or 'restart' (stop + restart with proxy config).

Remove proxy configuration from a Docker container and clean up injected files.

Install/pull chrome-devtools-mcp sidecar locally so full DevTools bridge actions are available.

Start a chrome-devtools-mcp sidecar session bound to a specific interceptor_chrome_launch target_id.

Close a chrome-devtools-mcp sidecar session by session ID.

Navigate the bound Chrome session via chrome-devtools-mcp and verify matching host traffic was captured by proxy-mcp.

Take an accessibility snapshot from the bound Chrome DevTools session.

List network requests from the bound Chrome DevTools session.

List console messages from the bound Chrome DevTools session.

Take a screenshot using the bound Chrome DevTools session.

List browser cookies for the bound Chrome session with pagination and truncated values by default.

Get one cookie by cookie_id with full value (subject to a hard cap to keep output bounded).

List localStorage/sessionStorage keys for the current origin with pagination and truncated value previews.

Get one localStorage/sessionStorage value by item_id.

List request/response header fields from proxy-captured traffic since the DevTools session was created, with pagination and truncation.

Get one full header field value from proxy-captured traffic by field_id.

Start persistent on-disk capture for the current proxy run.

Stop persistent on-disk capture and finalize the active session.

Get current persistent capture runtime status.

List recorded sessions in storage.

Get manifest/details for a specific recorded session.

Import a HAR file from disk into a new persisted session for querying, findings, and replay.

Query indexed session exchanges with filters and pagination.

Summarize TLS handshake/fingerprint availability (JA3/JA4/JA3S) for session exchanges.

Get one exchange from a recorded session by seq or exchange ID.

Replay selected requests from a recorded/imported session. Default mode is dry_run for safety.

Export a recorded session (or filtered subset) to HAR format.

Delete a recorded session from disk.

Rebuild session indexes from records after crash/corruption.

Move mouse along a human-like Bezier curve to target coordinates. Uses Fitts's law velocity scaling and eased timing profile.

Move to an element (by CSS selector) or coordinates, then click with human-like timing. Supports left/right/middle button and multi-click (double-click, etc.).

Type text with human-like keystroke timing. Models per-character delays based on WPM, bigram frequency, shift penalty, word boundary pauses, and optional typo injection with backspace correction.

Scroll with natural acceleration/deceleration using easeInOutQuad velocity distribution. Dispatches multiple wheel events to simulate human scroll behavior.

Simulate idle behavior with mouse micro-jitter and occasional micro-scrolls. Keeps the page 'alive' to avoid idle detection by bot-detection scripts.