Capture it, decrypt it, read it

Capture it, and decrypt it. It grabs even low-level raw packets the way Wireshark does, then decrypts them automatically so you read every request and response. Pinned certs, proxy-blind apps, Android 14, HTTP/3: whatever ordinary tools cannot capture or cannot decrypt, it takes down. Capture out of the box, no setup, free on every platform.

Completely free macOS Windows Linux iOS Android

Speaks the protocols your apps actually use

HTTP/1.1 HTTP/2 HTTP/3 · QUIC WebSocket gRPC TLS 1.2 / 1.3

Keep getting stuck on these?

Wall-of-ciphertext HTTPS, a cert installed but still nothing captured, another app that just errors out. You have probably hit most of these. See if one of them is what has you stuck right now.

Common problemOrdinary toolsTrace Eagle
Everything captured is ciphertext, a wall of gibberishCaptured, but not decryptedAuto-decrypts on capture; read request and response directly
Cert installed, app still won’t capture or just errors out (pinning)Hangs, won’t decryptRead plaintext from inside the app, or clear the pinning; it decrypts
The app ignores the system proxy entirely, not one packetCan’t captureNIC or transparent capture; grabbed even when it ignores the proxy
Android 7+ / Android 14 won’t trust a user certInstalled cert does nothingiOS without a jailbreak, Android without a cert install
Mini-programs, media, games, UDP, QUIC not capturedA plain HTTP proxy can’t see itNIC capture plus real H3 decryption; all visible
Java / Python apps, no decrypt even with a system certWon’t decryptDecrypts too
A captured flow, but which app sent it?Only an IP and a domainLabelled with the source program (process attribution)
Will capturing disturb the target app?Changes request characteristicsMultiple high-fidelity modes; characteristics stay intact
After capture you still need to edit, replay, load-testTwo or three more toolsRewrite, replay and load-test in one place
A pile of setup first: proxy, cert, key exportEvery single timeAuto-decrypt out of the box, one click to start
One call succeeds, one fails, and you want the diffCompare two requests by eyeLine-by-line diff, differences highlighted

Capture it all but can’t decrypt, or decrypt but can’t capture it all? You get both.

Low-level capture like Wireshark or tcpdump grabs any traffic, but it is all ciphertext. Ordinary proxy tools give you plaintext, yet the moment they hit a pinned cert, a proxy-blind app or HTTP/3 they capture nothing. Trace Eagle puts both into one tool, and decrypts the moment it captures.

Low-level, full capture

NIC capture reads every packet: DNS, QUIC, ICMP, ARP, any TCP/UDP, with a protocol tree and follow-stream, as complete as Wireshark.

Precise proxy capture

A rule-driven decrypting proxy for precise HTTP, HTTPS, HTTP2, HTTP3, WebSocket and gRPC capture, with rewrite and replay.

Plaintext from inside the app

Pinned certs and custom crypto are no problem: read plaintext straight from inside the app, decrypting what an ordinary proxy can’t.

On the phone too

iOS without a jailbreak, Android without a cert install, the same interface and views as on your computer.

Free
Full features, no paywall
All traffic
Wire to app layer, capture anything
Auto-decrypt
Plaintext on capture, no key wrangling
MCP
AI can drive it directly

One tool, every capture method

Proxy is precise, NIC is complete, per-process is clean. Pick whatever fits.

DesktopiOSAndroid
Proxy capture (precise)
Transparent / whole-device (proxy-blind too)
NIC capture (all protocols)
Per-process (just one app)
App-layer plaintext (beats pinning)
System-level / stubborn apps
No cert install
pcap / HAR import

Decrypted the moment it’s captured

No proxy to configure, no keys to export by hand, no environment to set up. Pick a method, and it decrypts on capture.

Pick a method and start

Proxy, NIC capture, per-process, phone. One click to begin.

Decrypted on capture

Session keys match their flows automatically, so ciphertext becomes plaintext, with no keys to export or wrangle by hand.

Read request and response

The raw packet and the decrypted plaintext sit side by side, request by request, field by field.

Opaque bodies, finally readable

Multiple views with smart formatting decode what your apps put on the wire into readable requests and responses, with no exporting and no second tool.

  • Auto-detected JSON, forms and gRPC, pretty-printed
  • Raw bytes and decrypted payload, side by side
  • Search and filter across every captured flow
  • Gzip, Brotli and chunked bodies decoded on the fly
  • Diff two requests line by line to spot the difference
Browse the guides
content-typeapplication/jsoncontent-encodinggzip → decoded:status200tls1.3 · AES-128-GCMbody{ "ok": true, "items": 42 }decodedpretty-printed

Not just capture. There’s a lot you can do next.

Capture is only the start. You can also rewrite these flows, replay them, load-test them and generate code.

Rewrite & breakpoint

A declarative rule engine to redirect, map to local, mock, and edit headers or body, plus live breakpoints to pause a request in flight and change it.

Compose & replay

Rebuild any request and resend it. Dynamic values recompute signatures and timestamps, ${hmacSha256:…}, so signed APIs replay for real.

Load-test in place

Right-click a captured request to load-test it: constant QPS or concurrency, percentiles to p99.9, tail latency that isn’t faked low.

Generate code

Turn any request into cURL, Python, JavaScript, Go or OkHttp, with header order and duplicates preserved.

Export an API spec

Turn captured flows into a standard OpenAPI 3.0 spec, with paths templated and schemas inferred.

Simulate weak networks

Add latency and cap bandwidth with 2G/3G/4G presets to see how your app behaves on a bad connection.

Let your AI capture traffic hands-on.

You talk, it works.

Trace Eagle ships a real MCP server. Point your AI assistant or your own agent at it, and the things you normally do by hand, start a capture, search flows, decode, replay, become tools the model can call directly, over stdio or HTTP.

  • 40+ tools, ready to call

    Start a capture on any path: NIC, system-level, app injection, browser launch, mobile or remote. Then search and read flows, decode bytes, replay requests, generate code and run the network toolbox.

  • stdio or HTTP

    Plug into any MCP client: stdio for clients that spawn a process, or a direct HTTP endpoint.

  • Local, same permissions

    The MCP server runs on loopback and honors the same access rules as the app. Convenience for your AI, not a backdoor.

Start a capture
start_nic_capturestart_system_capturestart_app_capturestart_launch_capturestart_mobile_capturestart_remote_capturelist_deviceslist_apps
Proxy & session control
proxy_startset_rulesset_interceptresume_breakpointadd_key_sourceset_block_http3list_sessionsstop_capture
Inspect & craft
list_flowsget_flowdecode_bytessend_requestreplay_flowgenerate_codeopenapi_from_flows
Network toolbox
dns_lookuptls_auditip_intelweb_fingerprintdns_leak_testlist_connectionsnet_pingnet_diagnose

Add one entry to your MCP client config and your agent can capture and inspect traffic on its own.

Free, cross-platform, no strings

The full toolset, on every platform you ship on.

Every feature, free

Capture, decrypt, rewrite, replay, load-test, codegen, MCP: the whole toolset, with no feature paywall.

One tool, every platform

macOS, Windows, Linux, iOS and Android, with the same workflow and the same views everywhere.

High fidelity, no interference

Request characteristics stay intact, so sensitive apps keep running and you analyze the real link.

Stays on your machine

The traffic you capture is yours. Nothing is uploaded.

See what your apps really send.

Capture it, decrypt it, read it: whatever ordinary tools can’t capture or can’t decrypt, it takes down. Capture out of the box, free on every platform.