Low-level, full capture
NIC capture reads every packet: DNS, QUIC, ICMP, ARP, any TCP/UDP, with a protocol tree and follow-stream, as complete as Wireshark.
Capture it, and decrypt it. It grabs even low-level raw packets the way Wireshark does, then decrypts them automatically so you read every request and response. Pinned certs, proxy-blind apps, Android 14, HTTP/3: whatever ordinary tools cannot capture or cannot decrypt, it takes down. Capture out of the box, no setup, free on every platform.
| authorization | Basic YWNtZTpz… |
| content-type | application/x-www-form-urlencoded |
| content-type | application/json |
{
"access_token": "eyJhbGci…s4Q",
"token_type": "Bearer",
"expires_in": 3600,
"user_id": 48213
}Speaks the protocols your apps actually use
Wall-of-ciphertext HTTPS, a cert installed but still nothing captured, another app that just errors out. You have probably hit most of these. See if one of them is what has you stuck right now.
| Common problem | Ordinary tools | Trace Eagle |
|---|---|---|
| Everything captured is ciphertext, a wall of gibberish | Captured, but not decrypted | Auto-decrypts on capture; read request and response directly |
| Cert installed, app still won’t capture or just errors out (pinning) | Hangs, won’t decrypt | Read plaintext from inside the app, or clear the pinning; it decrypts |
| The app ignores the system proxy entirely, not one packet | Can’t capture | NIC or transparent capture; grabbed even when it ignores the proxy |
| Android 7+ / Android 14 won’t trust a user cert | Installed cert does nothing | iOS without a jailbreak, Android without a cert install |
| Mini-programs, media, games, UDP, QUIC not captured | A plain HTTP proxy can’t see it | NIC capture plus real H3 decryption; all visible |
| Java / Python apps, no decrypt even with a system cert | Won’t decrypt | Decrypts too |
| A captured flow, but which app sent it? | Only an IP and a domain | Labelled with the source program (process attribution) |
| Will capturing disturb the target app? | Changes request characteristics | Multiple high-fidelity modes; characteristics stay intact |
| After capture you still need to edit, replay, load-test | Two or three more tools | Rewrite, replay and load-test in one place |
| A pile of setup first: proxy, cert, key export | Every single time | Auto-decrypt out of the box, one click to start |
| One call succeeds, one fails, and you want the diff | Compare two requests by eye | Line-by-line diff, differences highlighted |
Low-level capture like Wireshark or tcpdump grabs any traffic, but it is all ciphertext. Ordinary proxy tools give you plaintext, yet the moment they hit a pinned cert, a proxy-blind app or HTTP/3 they capture nothing. Trace Eagle puts both into one tool, and decrypts the moment it captures.
NIC capture reads every packet: DNS, QUIC, ICMP, ARP, any TCP/UDP, with a protocol tree and follow-stream, as complete as Wireshark.
A rule-driven decrypting proxy for precise HTTP, HTTPS, HTTP2, HTTP3, WebSocket and gRPC capture, with rewrite and replay.
Pinned certs and custom crypto are no problem: read plaintext straight from inside the app, decrypting what an ordinary proxy can’t.
iOS without a jailbreak, Android without a cert install, the same interface and views as on your computer.
Proxy is precise, NIC is complete, per-process is clean. Pick whatever fits.
| Desktop | iOS | Android | |
|---|---|---|---|
| Proxy capture (precise) | ✓ | ✓ | ✓ |
| Transparent / whole-device (proxy-blind too) | ✓ | — | — |
| NIC capture (all protocols) | ✓ | ✓ | ✓ |
| Per-process (just one app) | ✓ | — | — |
| App-layer plaintext (beats pinning) | ✓ | ✓ | ✓ |
| System-level / stubborn apps | ✓ | ✓ | — |
| No cert install | — | ✓ | ✓ |
| pcap / HAR import | ✓ | ✓ | ✓ |
No proxy to configure, no keys to export by hand, no environment to set up. Pick a method, and it decrypts on capture.
Proxy, NIC capture, per-process, phone. One click to begin.
Session keys match their flows automatically, so ciphertext becomes plaintext, with no keys to export or wrangle by hand.
The raw packet and the decrypted plaintext sit side by side, request by request, field by field.
Multiple views with smart formatting decode what your apps put on the wire into readable requests and responses, with no exporting and no second tool.
Capture is only the start. You can also rewrite these flows, replay them, load-test them and generate code.
A declarative rule engine to redirect, map to local, mock, and edit headers or body, plus live breakpoints to pause a request in flight and change it.
Rebuild any request and resend it. Dynamic values recompute signatures and timestamps, ${hmacSha256:…}, so signed APIs replay for real.
Right-click a captured request to load-test it: constant QPS or concurrency, percentiles to p99.9, tail latency that isn’t faked low.
Turn any request into cURL, Python, JavaScript, Go or OkHttp, with header order and duplicates preserved.
Turn captured flows into a standard OpenAPI 3.0 spec, with paths templated and schemas inferred.
Add latency and cap bandwidth with 2G/3G/4G presets to see how your app behaves on a bad connection.
You talk, it works.
Trace Eagle ships a real MCP server. Point your AI assistant or your own agent at it, and the things you normally do by hand, start a capture, search flows, decode, replay, become tools the model can call directly, over stdio or HTTP.
Start a capture on any path: NIC, system-level, app injection, browser launch, mobile or remote. Then search and read flows, decode bytes, replay requests, generate code and run the network toolbox.
Plug into any MCP client: stdio for clients that spawn a process, or a direct HTTP endpoint.
The MCP server runs on loopback and honors the same access rules as the app. Convenience for your AI, not a backdoor.
start_nic_capturestart_system_capturestart_app_capturestart_launch_capturestart_mobile_capturestart_remote_capturelist_deviceslist_appsproxy_startset_rulesset_interceptresume_breakpointadd_key_sourceset_block_http3list_sessionsstop_capturelist_flowsget_flowdecode_bytessend_requestreplay_flowgenerate_codeopenapi_from_flowsdns_lookuptls_auditip_intelweb_fingerprintdns_leak_testlist_connectionsnet_pingnet_diagnoseAdd one entry to your MCP client config and your agent can capture and inspect traffic on its own.
The full toolset, on every platform you ship on.
Capture, decrypt, rewrite, replay, load-test, codegen, MCP: the whole toolset, with no feature paywall.
macOS, Windows, Linux, iOS and Android, with the same workflow and the same views everywhere.
Request characteristics stay intact, so sensitive apps keep running and you analyze the real link.
The traffic you capture is yours. Nothing is uploaded.
Capture it, decrypt it, read it: whatever ordinary tools can’t capture or can’t decrypt, it takes down. Capture out of the box, free on every platform.