Open-source local-first HTTP debugging proxy for inspecting sensitive app traffic

Open-source local-first HTTP debugging proxy for inspecting sensitive app traffic

Hi everyone,

I’m the developer of Rockxy.

Rockxy is an open-source native macOS HTTP/HTTPS debugging proxy for inspecting real app and API traffic locally.

I thought it might fit here because traffic debugging tools often see very sensitive data: auth headers, session tokens, cookies, internal APIs, GraphQL payloads, WebSocket messages, mobile app traffic, and sometimes production-like data during development.

Rockxy’s direction is local-first by default: capture and inspection happen on your Mac, and the project is open source so developers can inspect how the tool works instead of treating the proxy as a black box.

What it supports today:

- HTTP/HTTPS inspection

- WebSocket and GraphQL debugging

- macOS app, CLI, backend service, and iOS Simulator/device traffic

- Local certificate/proxy setup for HTTPS debugging

- Request/response inspection

- Breakpoints, Map Local, Map Remote

- HAR, cURL, JSON, raw, .rockxysession, and OpenAPI export

- Local-first workflow

Repo:

https://github.com/RockxyApp/Rockxy

Website:

https://rockxy.io

I’m not posting this as a big launch. I’m mainly curious how privacy/security-minded developers think about traffic debugging tools.

A few questions:

- Do you trust local HTTP debugging proxies with sensitive traffic?

- What would make this kind of tool more trustworthy?

- Does open source matter for proxy/debugging tools?

- Would you prefer everything to stay local unless you explicitly export/share a session?

- What privacy/security mistakes should a tool like this avoid?

https://reddit.com/link/1ujn5kt/video/2vjo5koeteah1/player

reddit.com
u/locnguyen305 — 6 days ago
▲ 10 r/devtools+3 crossposts

I built an open-source macOS debugging proxy and I’m looking for repo/product feedback

I’m building Rockxy, an open-source native macOS HTTP/HTTPS debugging proxy:

https://github.com/RockxyApp/Rockxy

It’s for developers who need to inspect traffic from real apps, not just browser DevTools: Mac apps, command-line tools, iOS devices, iOS Simulator, HTTP/HTTPS, WebSocket, GraphQL, replay, rewrite/map local, breakpoints, and export/redaction workflows.

I’m not doing a big launch yet. I’m trying to improve the repo and understand what would make developers trust or try a tool like this.

If you have a minute, I’d love feedback on:
- Does the repo explain the product clearly?
- What would stop you from trying it?
- What should be more visible: screenshots, install flow, security model, roadmap, comparison with Proxyman/Charles?
- What issue would you open first?

Repo feedback is very welcome.

u/locnguyen305 — 6 days ago

Rockxy: open-source native macOS HTTP/HTTPS debugging proxy for real app traffic

I’m building Rockxy, an open-source native macOS HTTP/HTTPS debugging proxy.

Repo:
https://github.com/RockxyApp/Rockxy

It is for developers who need to inspect traffic from real apps, not just browser DevTools: Mac apps, command-line tools, iOS devices, iOS Simulator, HTTP/HTTPS, WebSocket, and GraphQL.

A few things it supports:
- local-first traffic debugging
- signed macOS releases
- Homebrew install
- request/response inspection
- breakpoints
- replay and compose
- map local / map remote
- WebSocket and GraphQL inspection
- HAR/session export with redaction
- optional local MCP server for AI assistants

I’m sharing it here because I’m looking for GitHub/product feedback, especially from developers who use Proxyman, Charles Proxy, Postman, Insomnia, Wireshark, or browser DevTools.

What would you check first in a repo like this before trying it? README, screenshots, install flow, security model, issues, roadmap, or something else?

u/locnguyen305 — 18 days ago