How to use Trafexia: Step-by-step beginner's guide (2026)

Intercepting mobile app traffic used to require a complicated setup with command-line tools, manual proxy configuration, and hours of troubleshooting certificate issues.

Trafexia changes that entirely.

Whether I'm reverse engineering a mobile API, debugging network requests in my own app, or analyzing how third-party apps communicate with their servers, Trafexia handles everything through a clean desktop interface.

If you're new to mobile traffic interception and want an easier alternative to mitmproxy or Charles Proxy, you're in the right place.

This guide walks you through everything from installation to capturing your first HTTPS request.

What is Trafexia?

Trafexia is a free, open-source desktop application that intercepts HTTP and HTTPS traffic from mobile devices. It runs a man-in-the-middle (MITM) proxy server on your computer and captures all network requests from any device connected through it.

Built with Electron, Vue 3, and TypeScript, Trafexia provides a modern GUI that makes traffic analysis accessible without touching the command line.

In practice, this means Trafexia can:

• Intercept all HTTP and HTTPS requests from iOS and Android devices
• Automatically generate and manage SSL certificates for HTTPS decryption
• Configure mobile devices via QR code scanning
• Filter captured requests by method, status, host, and content type
• Detect sensitive data patterns like JWT tokens and API keys
• Export traffic to HAR, cURL, Python code, or Postman collections

Trafexia is particularly useful for mobile app developers debugging their APIs, security researchers analyzing app behavior, and reverse engineers studying how apps communicate with backend servers.

The project is maintained on GitHub and released under the MIT license.

Trafexia vs Other Traffic Interception Tools

Trafexia isn't the only tool for intercepting mobile traffic.

But it stands out for combining ease of use with professional features.

Here's how it compares to the most common alternatives:

Choose Trafexia if you want:

• A visual interface without learning command-line syntax
• Quick mobile device setup through QR codes
• Automatic detection of sensitive data patterns
• A completely free tool with no feature restrictions

Consider alternatives if you need:

• Scriptable traffic manipulation (use mitmproxy)
• Professional support and documentation (use Charles Proxy)
• Deep Android integration with ADB (use HTTP Toolkit)

For most mobile traffic analysis tasks, Trafexia provides the fastest path from zero to captured requests.

How to Install Trafexia

Trafexia runs natively on Windows, macOS, and Linux.

Prerequisites

Before installing, make sure you have:

• A computer running Windows 10+, macOS 10.15+, or a modern Linux distribution
• Both your computer and mobile device on the same WiFi network
• Administrative access to install certificates on your mobile device

Option 1: Download Pre-built Releases

The easiest installation method is downloading the pre-built release for your platform.

Visit the Trafexia releases page and download:

• Windows: .exe installer
• macOS: .dmg disk image
• Linux: .AppImage portable application

Run the installer and follow the on-screen prompts.

On macOS, you may need to right-click the app and select "Open" the first time to bypass Gatekeeper.

Option 2: Build from Source

If you want the latest development version or plan to contribute, build Trafexia from source.

First, clone the repository:

git clone https://github.com/danieldev23/trafexia.git
cd trafexia

Install dependencies:

npm install

Start the development server:

npm run dev

This launches Trafexia in development mode with hot reload enabled.

To build a production release for your platform:

# Build for current platform
npm run build

# Build for specific platforms
npm run build:mac
npm run build:win
npm run build:linux

The compiled application appears in the dist folder.

Verify Installation

Launch Trafexia after installation.

You should see the main interface with a "Start Proxy" button and an empty request list.

The application displays your computer's IP address and the proxy port (default: 8888).

Note these values—you'll need them for mobile device configuration.

Setting Up Your Mobile Device

Trafexia captures traffic from devices configured to route requests through its proxy server.

The setup process differs slightly between Android and iOS.

Quick Setup via QR Code

The fastest method uses Trafexia's built-in QR code feature.

1. Click "Start Proxy" in Trafexia
2. Locate the QR code displayed in the interface
3. Scan the code with your mobile device's camera
4. Follow the automatic configuration prompts

This method configures proxy settings automatically on supported devices.

Manual Setup for Android

If QR scanning doesn't work, configure the proxy manually.

Step 1: Configure WiFi Proxy

1. Open Settings → WiFi
2. Long-press your connected network
3. Select "Modify network" or tap the gear icon
4. Tap "Advanced options"
5. Change Proxy from "None" to "Manual"
6. Enter your computer's IP address in the Proxy hostname field
7. Enter 8888 in the Proxy port field
8. Save the settings

Step 2: Install the CA Certificate

1. Open your browser and navigate to the certificate download URL shown in Trafexia
2. Download the certificate file
3. Go to Settings → Security → Install from storage
4. Select the downloaded certificate
5. Name it "Trafexia" and set the usage to "VPN and apps"

Step 3: Trust the Certificate (Android 7+)

On Android 7 and later, apps don't trust user-installed certificates by default.

For your own apps, add this to your network security config:

<!-- res/xml/network_security_config.xml -->
<network-security-config>
    <debug-overrides>
        <trust-anchors>
            <certificates src="user"/>
        </trust-anchors>
    </debug-overrides>
</network-security-config>

For third-party apps, you'll need a rooted device or a modified APK.

Manual Setup for iOS

Step 1: Configure WiFi Proxy

1. Open Settings → WiFi
2. Tap the (i) icon next to your connected network
3. Scroll down and tap "Configure Proxy"
4. Select "Manual"
5. Enter your computer's IP address as the Server
6. Enter 8888 as the Port
7. Leave Authentication off
8. Tap "Save"

Step 2: Install the CA Certificate

1. Open Safari and navigate to the certificate URL shown in Trafexia
2. Tap "Allow" when prompted to download the configuration profile
3. Go to Settings → General → VPN & Device Management
4. Tap the Trafexia profile under "Downloaded Profile"
5. Tap "Install" and enter your passcode

Step 3: Enable Full Trust

1. Go to Settings → General → About → Certificate Trust Settings
2. Enable full trust for the Trafexia certificate
3. Confirm by tapping "Continue"

Your iOS device now routes all traffic through Trafexia.

Capturing Your First Traffic

With your mobile device configured, you're ready to capture requests.

Start the Proxy Server

1. Launch Trafexia on your computer
2. Click the "Start Proxy" button
3. Verify the status shows "Proxy Running" on port 8888

The proxy now listens for incoming connections.

Generate Test Traffic

On your mobile device, open any app or browse to a website.

Each HTTP/HTTPS request appears in Trafexia's request list in real-time.

You'll see:

• HTTP method (GET, POST, PUT, DELETE)
• Full request URL
• Response status code
• Response time in milliseconds
• Content type

Inspect a Request

Click any captured request to view its details.

The detail panel shows:

• Request headers: User-Agent, Accept, Authorization, custom headers
• Request body: JSON payloads, form data, raw content
• Response headers: Content-Type, Set-Cookie, cache headers
• Response body: API responses with syntax highlighting
• Timing: DNS lookup, connection, TLS handshake, transfer times

This information helps you understand exactly how apps communicate with servers.

Working with Filters

Real-world traffic analysis generates thousands of requests.

Trafexia's filtering system helps you focus on what matters.

Filter by HTTP Method

Click the method dropdown to show only specific request types:

• GET: Resource retrieval and API queries
• POST: Data submission and authentication
• PUT: Resource updates
• DELETE: Resource removal
• PATCH: Partial updates

Filtering by POST often reveals authentication endpoints and data submission flows.

Filter by Status Code

Focus on specific response types:

• 2xx: Successful responses
• 3xx: Redirects
• 4xx: Client errors (useful for debugging)
• 5xx: Server errors

Filtering for 4xx responses quickly identifies authentication failures and invalid requests.

Filter by Host

Enter a domain pattern to show only requests to specific servers.

For example, filtering by api.example.com hides all requests to third-party analytics and tracking services.

This dramatically reduces noise when analyzing a specific app's API.

Filter by Content Type

Filter requests by response content type:

• application/json: API responses
• text/html: Web pages
• image/*: Images and media
• application/octet-stream: Binary downloads

JSON filtering is especially useful for API analysis.

Combining Filters

Multiple filters work together.

For example, combine "POST method" with "api.example.com host" to see only data submissions to the main API.

Analyzing Request Details

Trafexia provides detailed views for every captured request.

Headers Tab

The headers tab displays all HTTP headers in a formatted list.

Look for these important headers:

• Authorization: Bearer tokens, API keys, basic auth
• Cookie: Session identifiers and tracking
• X-Request-ID: Correlation IDs for debugging
• Content-Type: Request/response format

Headers often reveal authentication mechanisms and API versioning strategies.

Body Tab

The body tab shows request and response content with syntax highlighting.

For JSON responses, Trafexia formats the content for readability.

You can:

• Expand/collapse nested objects
• Copy values directly
• Search within large payloads

Timing Tab

The timing tab breaks down request duration into phases:

• DNS lookup: Domain name resolution
• Connection: TCP handshake
• TLS handshake: SSL/TLS negotiation
• Request sent: Time to send request
• Waiting: Server processing time
• Content download: Response transfer time

This breakdown helps identify performance bottlenecks.

Pattern Detection and Security Analysis

Trafexia automatically scans captured traffic for sensitive data patterns.

Detected Pattern Types

The pattern detection feature identifies:

• JWT tokens: JSON Web Tokens in headers or bodies
• API keys: Common API key formats
• Base64 encoded data: Potentially hidden payloads
• Bearer tokens: OAuth2 authentication
• Secrets: Patterns matching password or secret key formats

Detected patterns appear highlighted in the request details.

Security Analysis Use Cases

Pattern detection helps with:

API security audits: Identify apps transmitting sensitive data in insecure ways.

Token analysis: Decode JWT tokens to understand authentication claims.

Credential discovery: Find hardcoded API keys in mobile apps.

Data leak detection: Discover unexpected data exposure.

Click any detected pattern to view details and copy the value for further analysis.

Exporting Captured Traffic

Trafexia supports multiple export formats for different workflows.

Export to HAR

HAR (HTTP Archive) is the standard format for traffic analysis.

1. Select the requests you want to export
2. Click Export → HAR
3. Choose a save location

HAR files open in Chrome DevTools, Firefox Network Monitor, and specialized HAR viewers.

Export to cURL

Generate cURL commands to replay requests from the terminal.

1. Right-click a request
2. Select "Copy as cURL"

The generated command includes all headers and body content.

This is perfect for testing API endpoints directly:

curl -X POST 'https://api.example.com/login' \
  -H 'Content-Type: application/json' \
  -H 'User-Agent: Mozilla/5.0...' \
  -d '{"email":"user@example.com","password":"..."}'

Export to Python

Generate Python requests code for automation scripts.

The exported code uses the requests library:

import requests

response = requests.post(
    'https://api.example.com/login',
    headers={
        'Content-Type': 'application/json',
        'User-Agent': 'Mozilla/5.0...',
    },
    json={
        'email': 'user@example.com',
        'password': '...',
    }
)

print(response.json())

Export to Postman

Create Postman collections for team collaboration.

1. Select requests to include
2. Click Export → Postman Collection
3. Import the JSON file into Postman

This creates a ready-to-use collection with all headers and parameters configured.

Advanced Techniques

Once you're comfortable with basic traffic capture, explore these advanced features.

Analyzing Authentication Flows

Capture a complete authentication sequence:

1. Start with a fresh session (clear app data)
2. Begin capturing
3. Perform login in the app
4. Filter by the auth domain

You'll see the full OAuth flow, including token exchanges and refresh mechanisms.

Monitoring Background API Calls

Many apps communicate with servers even when idle.

Let your device sit connected for several minutes while capturing.

Filter for periodic requests to discover:

• Analytics and tracking endpoints
• Token refresh intervals
• Push notification registrations
• Background sync operations

Comparing App Versions

Capture traffic from different app versions to identify API changes.

Export HAR files from each version and compare:

• New endpoints
• Changed request formats
• Modified authentication

This helps understand breaking changes and deprecation patterns.

Working with WebSocket Traffic

Trafexia captures WebSocket upgrade requests.

Look for requests with Upgrade: websocket headers.

While the WebSocket message stream isn't fully decoded, you can identify:

• WebSocket server endpoints
• Authentication handshakes
• Protocol versions

Common Errors and Troubleshooting

"Connection refused" on mobile device

Fix:

1. Verify both devices are on the same WiFi network
2. Check that Trafexia's proxy is running (status shows "Running")
3. Temporarily disable your computer's firewall
4. Confirm the IP address matches your computer's current address

HTTPS requests show as failed

Fix:

For Android:

1. Reinstall the certificate through Settings → Security
2. Ensure the certificate is set for "VPN and apps"
3. Check if the specific app uses certificate pinning

For iOS:

1. Go to Settings → General → About → Certificate Trust Settings
2. Enable full trust for the Trafexia certificate
3. Restart the app you're analyzing

App refuses to connect with proxy enabled

Fix:

Certificate pinning prevents MITM interception by design.

For your own apps, disable pinning in debug builds.

For third-party apps, you'll need specialized tools like Frida with SSL unpinning scripts.

Traffic appears but bodies are empty

Fix:

1. Check if the response uses gzip/br encoding
2. Restart Trafexia to reset the capture state
3. Try a different app to isolate the issue

Proxy runs but QR code doesn't work

Fix:

Use manual proxy configuration instead:

1. Note the IP and port from Trafexia
2. Configure proxy settings manually on your device
3. Download the certificate by navigating to the URL shown in Trafexia

Best Practices

1. Use a Dedicated Test Network

Create a separate WiFi network for traffic analysis.

This prevents accidentally capturing traffic from other devices and reduces noise.

2. Clear App Data Before Capture

Start with a fresh state to capture complete authentication flows.

On Android: Settings → Apps → [App] → Clear Data On iOS: Delete and reinstall the app

3. Filter Aggressively

Don't try to analyze all traffic at once.

Focus on specific domains or request types relevant to your analysis.

4. Remove Certificates When Done

Leaving MITM certificates installed creates security risks.

Remove the Trafexia certificate when you're not actively using the tool.

5. Document Your Findings

Export interesting requests immediately.

Use the Postman export to build collections of discovered API endpoints.

6. Respect Terms of Service

Only analyze apps you own or have permission to test.

Traffic interception of apps you don't own may violate terms of service or laws in your jurisdiction.

Trafexia FAQs

Is Trafexia free?

Yes. Trafexia is completely free and open source under the MIT license.

There are no paid tiers or feature restrictions.

Does Trafexia work with certificate pinning?

Not directly. Certificate pinning is designed to prevent exactly this type of interception.

For apps with pinning, you'll need additional tools like Frida with SSL unpinning scripts, which require a rooted/jailbroken device.

Can I intercept traffic from any app?

You can intercept traffic from apps that trust user-installed certificates.

On Android 7+, apps must explicitly opt-in to trust user certificates.

On iOS, most apps trust user-installed profiles.

What's the difference between Trafexia and Charles Proxy?

Charles Proxy is a commercial tool with more advanced features like throttling, breakpoints, and rewriting.

Trafexia is free and focuses on ease of use with features like QR code setup and pattern detection.

Does Trafexia support request modification?

Currently, Trafexia is a passive capture tool.

It doesn't support modifying requests in flight.

For traffic modification, consider mitmproxy or Burp Suite.

Can I use Trafexia with emulators?

Yes. Configure the emulator's proxy settings to point to Trafexia.

For Android emulators, use 10.0.2.2 as the host (this refers to the host machine from the emulator).

Conclusion

Trafexia provides the fastest path from zero to capturing mobile traffic.

Its visual interface, QR code setup, and automatic pattern detection make traffic analysis accessible without command-line expertise.

For developers debugging their own apps, Trafexia offers a simpler alternative to Charles Proxy.

For security researchers and reverse engineers, it provides quick reconnaissance before diving deeper with specialized tools.

Next steps:

1. Download Trafexia from the GitHub releases page
2. Configure your mobile device using the QR code
3. Start capturing traffic from your first app