New Transparent capture is in preview. Record every app's traffic with no proxy configuration, on Windows, macOS and Linux. Learn more

Capture mobile app traffic (Android and iOS)

Fluxzy captures and decrypts HTTPS traffic from real phones and emulators, so you can see exactly what your mobile apps send and receive. On Android the recommended path is Fluxzy Connect, a local-VPN companion app that works even with apps that ignore proxy settings; on iOS you route the device's Wi-Fi proxy through Fluxzy.

Go to download page

Android: capture with Fluxzy Connect

Android HTTP debugging is notoriously painful, and not because the tools are bad. The OS treats the proxy setting as a suggestion rather than an enforcement, so:

  • Most apps ignore the system proxy. Anything using a custom HTTP client or native networking layer never asks Android for proxy settings.
  • Flutter, React Native and custom stacks are proxy-unaware by default. Dart's HttpClient, OkHttp, Cronet and similar libraries bypass the device proxy unless you modify and rebuild the app.
  • Android 7+ distrusts user-installed certificates, so even when traffic does route through a proxy, HTTPS interception fails without a network_security_config.xml change.

The one thing Android does enforce is VPN routing: when a VPN is active, traffic goes through the tunnel and apps cannot opt out. Fluxzy Connect uses exactly that. It is a free, open-source (Apache 2.0) Android app that creates a local VPN tunnel and forwards your device's HTTP and HTTPS traffic to a Fluxzy proxy on your computer. The apps never know they are proxied, so it works transparently for any app, including ones you do not own, with no source changes and no rebuild.

What Fluxzy Connect gives you:

  • Automatic proxy discovery (mDNS). Start Fluxzy with discovery enabled and the app finds it on your LAN, no IP addresses or port numbers to type.
  • Per-app routing. Tunnel only the app you are debugging and leave everything else on the normal network, which also keeps the capture free of background noise.
  • One-tap certificate install. Download and trust the proxy's root certificate from inside the app instead of fighting Android's buried security settings.
  • HTTP/3 (QUIC) blocking. Force QUIC apps to fall back to HTTP/2 or HTTP/1.1 over TCP so the proxy can intercept them.
  • SOCKS5 tunnel mode. Point the app at any SOCKS5 endpoint, with or without authentication, not just Fluxzy.
  • Stable foreground service so the tunnel survives long debugging sessions, plus an automation API to start/stop the tunnel and select apps from test scripts and CI/CD.
Fluxzy Connect Android app icon
Fluxzy Connect for Android
By Fluxzy Team · rated 4.8 ★ on Google Play · free and open source (Apache-2.0)
Get Fluxzy Connect on Google Play
Fluxzy Connect discovering the desktop Fluxzy proxy on the local network over mDNS Fluxzy Connect connected to a Fluxzy proxy with the root certificate trusted and per-app VPN enabled

Fluxzy Connect on Android: auto-discovering the desktop proxy (left), and a live capture with the fluxzy.io root certificate trusted and per-app VPN on (right).

Typical Android workflow

  1. Start Fluxzy on your computer with discovery enabled: fluxzy start -l 0.0.0.0:44344 -p --enable-discovery
  2. Open Fluxzy Connect on your Android device and tap your computer in the auto-discovered list.
  3. Select the app you want to inspect in the per-app filter.
  4. Install the certificate (one tap, first time only).
  5. Use your app. Every HTTP and HTTPS request shows up in Fluxzy, fully decoded.

Get Fluxzy Connect on Google Play, read the full story behind it, or browse the source on GitHub.

iOS and emulators

iOS apps generally honour the device proxy, so the Wi-Fi method works well:

  1. Connect your phone and your computer to the same network.
  2. In the iOS Wi-Fi settings, set the HTTP proxy to your computer's IP address and the Fluxzy listening port.
  3. Install and trust the Fluxzy root certificate on the device so HTTPS can be decrypted.
  4. Open any app and watch its requests appear in Fluxzy.

Android emulators and iOS simulators are supported the same way.

Debug Flutter and Dart apps

Flutter is the classic hard case. Its dart:io HttpClient, and the popular package:http and package:dio clients built on top of it, ignore the system proxy, so Flutter traffic never reaches Fluxzy until you point the client at the proxy in code.

On Android, the simplest fix is Fluxzy Connect above: its VPN tunnel captures Flutter traffic with no code change at all. On iOS, on desktop, or whenever you cannot use Connect, configure the proxy and trust the certificate directly in your Dart code:

  • Set the proxy on the client: client.findProxy = (uri) => 'PROXY 127.0.0.1:44344';
  • Accept the Fluxzy certificate in debug builds: client.badCertificateCallback = (cert, host, port) => true;
  • Prefer to trust the CA explicitly rather than skip validation? Export it with fluxzy cert export fluxzy-ca.pem and load it into a SecurityContext.

The proxy address depends on where the app runs:

Where the app runs Proxy address
Desktop (Windows, macOS, Linux) 127.0.0.1:44344
iOS Simulator 127.0.0.1:44344
Android Emulator 10.0.2.2:44344
Physical Android or iOS device <your-computer-ip>:44344

If the app uses certificate pinning, Fluxzy's re-signed traffic is rejected until you add Fluxzy's root CA to the SecurityContext next to the pinned certificate (debug builds only). This works for both leaf and CA pinning.

For copy-paste code covering dart:io, package:http and package:dio, both pinning strategies, and the Android network_security_config.xml for the emulator, follow the full guide: How to intercept HTTPS traffic from Flutter apps.

What you can inspect

Once traffic flows through Fluxzy, every mobile request is a first-class exchange: readable headers, decoded JSON, gRPC and JWT payloads, LLM and AI API calls, timing and connection metrics, and the server certificate chain. You can filter to a single host, set breakpoints to edit a request live, or replay it to reproduce a bug.

A note on certificate pinning

Apps that use certificate pinning will reject the Fluxzy certificate and refuse to connect, on Android and iOS alike. This is expected: pinning is a security feature. For an app you control, use a debug build that trusts user-installed certificates.

FAQ

How do I debug Android app traffic that ignores the proxy?

Use Fluxzy Connect. It routes traffic through a local VPN tunnel that apps cannot bypass, so it captures HTTP and HTTPS even from apps that ignore Android's system proxy, with no source changes or rebuild.

Can I debug a Flutter or React Native app on Android?

Yes. Because Fluxzy Connect works at the VPN layer, proxy-unaware frameworks like Flutter and React Native are captured without modifying the app or adding a network_security_config.xml.

How do I capture HTTPS traffic from a Flutter app?

Flutter's dart:io client ignores the system proxy. On Android, Fluxzy Connect captures it through the VPN with no code change. On iOS, desktop, or without Connect, set findProxy to the Fluxzy address and accept the certificate with badCertificateCallback in debug builds; for pinned apps, add Fluxzy's root CA to the SecurityContext. The Flutter interception guide has full code for dart:io, package:http and package:dio.

Do I have to enter the proxy IP and port on my phone?

No. Start Fluxzy with --enable-discovery and Fluxzy Connect finds it automatically over mDNS. You just tap your computer in the list.

Can I capture iOS app traffic?

Yes. Point the iOS Wi-Fi proxy at Fluxzy and trust the root certificate, and Fluxzy shows the decrypted requests and responses. Simulators work too.

Do I need to root or jailbreak the device?

No. You only install and trust the Fluxzy root certificate. Apps that pin certificates are the exception and need a debug build to be intercepted.

ESC
Navigate Select ESC Close