Intercept & Modify Pause, edit, and control HTTP traffic in real time
ProxyServer can pause matching requests and responses mid-flight, letting you inspect them, modify any part (method, URL, headers, body, status code), then forward or drop them. This is essential for testing how servers and clients react to unexpected data.
How Interception Works
Two things must be true for interception to happen:
- Intercept is globally ON — Toggle the "Intercept" button in the topbar (or press
i) - A matching rule exists — At least one enabled rule must match the request
Managing Rules
Click Rules in the topbar to open the rules modal. Rules define which requests get intercepted.
Rule Fields
| Field | Description | Example |
|---|---|---|
urlPattern | Glob pattern matched against the full URL. * matches any sequence of characters. | *api/users* |
method | HTTP method filter. * matches any method. | POST |
contentType | Substring match on the Content-Type header. | json |
headerKey | Match requests with this header present. | authorization |
headerValue | Substring match on the header's value. | Bearer |
direction | Which phase to intercept: request, response, or both. | request |
Glob Pattern Matching
The urlPattern uses simple glob syntax:
| Pattern | Matches | Doesn't Match |
|---|---|---|
*api* | https://example.com/api/v1/users | https://cdn.example.com/styles.css |
*login* | https://auth.example.com/login | https://example.com/logout |
*.json | https://example.com/data.json | https://example.com/data.xml |
*example.com* | Any URL to example.com | Any other domain |
urlPattern: *api* and method: POST, only POST requests to URLs containing "api" will be intercepted.
Creating Rules via the API
# Create a rule to intercept all POST requests to any /api/ endpoint
curl -X POST http://localhost:9081/api/rules \
-H "Content-Type: application/json" \
-d '{
"urlPattern": "*api*",
"method": "POST",
"direction": "request"
}'
# List all rules
curl http://localhost:9081/api/rulesRequest Interception
When a request matches a rule with direction: "request" or "both":
-
Request pauses
The entry's state changes to
interceptedand its row turns yellow in the traffic list. The client's connection hangs, waiting. -
Edit modal appears
The dashboard shows a modal with editable fields:
- Method — Change GET to POST, etc.
- URL — Modify the path and query string
- Headers (JSON) — Edit the full header object
- Body — Modify the request body
-
Forward or Drop
- Forward — Sends the (potentially modified) request to the upstream server
- Drop — Aborts the request. The client receives a
502 Bad Gateway
Response Interception
When a response matches a rule with direction: "response" or "both":
-
Full response is buffered
The proxy receives the complete response from the upstream server and buffers it in memory.
-
Response pauses
The entry's state changes back to
interceptedwithphase: "response". -
Edit modal appears
The modal shows response-specific fields:
- Status Code — Change 200 to 404, etc.
- Original URL — Read-only, for reference
- Headers (JSON) — Edit response headers
- Body — Modify the response body
-
Forward or Drop
- Forward — Sends the (potentially modified) response to the client
- Drop — Aborts. Client gets
502 Bad Gateway
Auto-Forward Timeout
Intercepted requests and responses auto-forward after 5 minutes if you don't act on them. This prevents:
- Clients hanging indefinitely
- Connection leaks and timeouts
- Forgetting about an intercepted request in another tab
Common Use Cases
1. Test error handling
Intercept responses and change 200 to 500 to see how your app handles server errors.
2. Modify API responses
Change JSON response bodies to test edge cases — empty arrays, missing fields, unexpected values.
3. Inject authentication headers
Intercept requests and add/modify the Authorization header to test different user sessions.
4. Simulate slow responses
Intercept a response, wait 10 seconds, then forward — your app experiences a 10-second delay.
5. Block specific requests
Drop analytics, tracking, or third-party requests to see how your app behaves without them.