I actually use a local instance of nginx/openresty as my web debugging proxy. I should write a blog on it or something, since it seems like few people do.
It's free. It's a breeze to set up, all you need to do is point it at the upstream server you are testing, and it has lua support so you can write code and modify requests on the fly, strip headers, inject things with code.
All the work is already done to manipulate HTTP requests and responses in nginx so it is actually really smooth, there is no learning curve of a new tool, and everything just works.
Same, never thought of doing that even though I run Privoxy locally and on my home internet gateway (Ubiquiti ERLite which runs ARM Debian; could probably run nginx on it as well).
It's definitely possible, but for me it would have to be as easy to use as Charles Proxy. Charles doesn't cost that much money, and frankly I've used it so often that it feels like I got a bargain!
I've had a license for Charles Proxy for the last 9 years and it's been a seriously useful tool, not just for introspecting http/https traffic (and recording those sessions to attach to tickets), but for dynamically modifying requests and responses.
couple of examples that come to mind:
* Want to test your production/deployed app against a dev/local api server? Have it redirect traffic to a different host and rewrite any headers required (production vs dev api keys for example) - That includes DNS spoofing and re-mapping host names as required.
* Found a bug on a web site and want to test a fix to the javascript without setting up a whole environment? Copy the javascript file in question to your hdd, modify it as desired and have Charles serve that file up when the browser/app requests the original
I don't have any connection to the author; just been well worth its price for me.
We use Charles extensively at work, it's a great tool.
The only thing that really annoys me is that, this being a Java app, the interface works slightly different than the standard OS X interface I'm using to.
I regularly use cmd + backspace, for example, to delete all text until between the beginning of the line and the cursor. In Charles this is a hot key that removes all recorded requests. There are more of such things.
I've been looking for a similar app with a native UI, but haven't been able to find one yet.
Nice, the part about JSON schema decoding seems useful. I've done that by hand and ripped apart enough curl requests from chrome network tools -> right click -> copy as curl to want an easier way. Paw can also import HTTP requests into itself (free plugin) and export Python Requests code or different curl or many other versions for different languages, as well as inspecting the request and response headers and bodies, making things like the Authorization header super easy, etc. We use it at work quite a bit and go as far as documenting the APIs for things with a paw file (you could get the same thing with a Swagger doc and the swagger ui, and sometimes we do that as well). https://luckymarmot.com/paw (I'm not affiliated with them in any way beyond being a paying user grateful for a nice tool).
Charles saved my life last year. I had just been promoted to systems administrator, but given no access to any systems. Like, no access to the IIS server, and no access to the SQL Server instance!
That didn't stop them from expecting me to diagnose what was wrong with their custom app. When I noticed that I also could submit test data to a test store in the app on my iPhone (it was an exclusively mobile only app) I ran the app through Charles and discovered that the app was spitting back a SQL Server error - that the disk was full.
48 hours later and the so called database gurus in South Africa had fixed the issue. I would be prevented Dom gaining access to these critical systems throughout my time at that company.
If you make third party web applications, Javascript or whatnot to include on someone else's page, then Charles or similar is a must-have when you have non-technical and semi-technical people helping with customer issues. Almost anyone can use Charles to make the simple assessments of a problem, root cause, wolf-fencing, etc.
In the technical groups, Charles can usually be bettered for ease of use by custom tools for specific use cases. It is pretty quick and easy to use the proxy libraries in Node.js to throw together internal tools with a command line interface, for example.
Why does team must-do-everything-in-the-terminal always come off as so religiously provocative and desperate? Not everyone is obsessed with their keyboard and feel like going through a huge learning curve to use basic tools, most of us prefer utilizing the mouse and GUIs.
The op didn't even mention mitmproxy is a terminal tool. You're being a little too sensitive by automatically assuming this is a GUI vs terminal war.
People would have less problem if the submitted was an open source tool, GUI or not.
P.S. Terminal application does have tremendous advantage when you work on a headless server. I used mitmproxy and it's great. The ncurse'd interface isn't harder to use than that of a GUI.
It doesn't seem to do https right? I like fiddler a lot on windowns as well and fiddler is also free with a better ui and more feature than Charles or mitmproxy.
You can install a self signed certificate by Charles on your device and trust it. Then you can decrypt the traffic from your device using Charles as a proxy.
Really easy,really nice.
Same, and I've found it so useful I paid for a home license. Don't get me wrong, I love a little CLI action, but Charles is pretty seamless and works great with all of my more complicated localhost dev setups and the weird routing that comes along with that.
The point and click scripting it does is pretty neat. Makes it easy to stub out responses if you happen to be a client developer blocked by your server developers.
I like Fiddler, although I use Charles almost every day. The advantage of Fiddler is that it has an API to program the shit out of it. It's .NET based and only for Windows.
Wireshark is also great but has a steep learning curve.
I use Cello from the Mac App Store and I quite like it. I used to use mitmproxy, you can't interrupt/modify responses in Cello like you can with mitmproxy.
This tool was essential for me when working with Flash, as it decoded AMF, the binary remoting protocol used by Flash/Flex. Nowadays with everything being JSON I haven't used it in years. I guess if you've got something outside of browserland you need to debug?
After the trial period is done, it doesn't stop working, it just becomes nagware. All the functionality is there, but it will close itself after 30 minutes, and every once in a while will pause for five seconds to ask you to buy a license.
I've used the nagware version at work while waiting for purchasing approval. It's perfectly functional for the work I do, and only very slightly annoying. YMMV depending on your needs (I never need it for more than ten minutes at a time).
It's free. It's a breeze to set up, all you need to do is point it at the upstream server you are testing, and it has lua support so you can write code and modify requests on the fly, strip headers, inject things with code.
All the work is already done to manipulate HTTP requests and responses in nginx so it is actually really smooth, there is no learning curve of a new tool, and everything just works.