Capture and inspect
View request and response headers, bodies, decoded payloads, raw bytes, and modification history for allowlisted domains.
Authorized application traffic inspection for local labs. App Trust Proxy Core is a free open source proxy runtime for capturing, replaying, mocking, and modifying traffic while you test apps and devices you control.
App Trust Proxy is also the name of the desktop app for Mac that is still under development.
Run the local proxy, web console, capture store, rules, scripts, and profile system.
A native app is planned for the same trusted traffic workflows with a desktop-first experience.
Use it with apps, devices, networks, and systems that you own or have explicit permission to test.
App Trust Proxy Core
Core is the portable project you can run in a local lab. It provides HTTP and HTTPS proxying, SOCKS5, DNS override support, generated local certificates, domain allowlists, raw traffic capture, mocking, scripts, and reusable profiles.
It is designed for development, QA, security research with permission, and repeatable app traffic experiments where every change should be visible and portable.
View request and response headers, bodies, decoded payloads, raw bytes, and modification history for allowlisted domains.
Return raw HTTP answers, adjust requests, rewrite responses, and preserve a visible audit of changes.
Package domains, rules, scripts, prompts, capture settings, and setup notes so another tester can reproduce the same proxy behavior.
Under development
Desktop app
The desktop app will focus on a polished local workflow for the same trusted proxy use case. Core remains the open source foundation, while the Mac app is being developed as the branded desktop product.
The naming is intentional. App Trust Proxy Core is the community project. App Trust Proxy is the desktop app and product family.
Read about the project editionsWorkflow
App Trust Proxy Core helps you define the traffic you want to see, decide how it should change, and export that setup for another local environment.
Configure proxy, SOCKS, or DNS for the app or device under test.
Apply allowlists, certificates, scripts, mocks, profiles, and interaction prompts.
Forward passthrough traffic or replace matching traffic with configured answers.
Documentation
Run with Docker or the direct local script when Docker is not available.
02Match domains and URLsAllowlist hostnames, choose capture settings, and define request or answer behavior.
03Return raw answersServe exact raw HTTP responses for matching client requests.
04Share profilesExport a setup that another tester can import and run with the same behavior.
Safety
Keep the web UI, generated root CA, private keys, capture store, proxy listeners, DNS listener, and exported profiles private. Do not expose them to the public internet.