English | 中文
This repo is an MCP-enhanced fork of ProxyPin.
It ships a built-in MCP Server (Model Context Protocol) on top of the full original feature set, letting AI clients (Claude, Cursor, Windsurf, etc.) connect directly to the running proxy, read capture data, and actively control interception and modification—no extra service or Python script needed.
TL;DR: Open ProxyPin, and AI can see every request you capture, help you analyze it, modify it, and release it—like Fiddler breakpoints, but controlled by AI.
The MCP Server listens on port 9099 by default (SSE transport, no extra dependencies required).
Configure in Claude Desktop / Cursor / Windsurf:
{
"mcpServers": {
"proxypin": {
"url": "http://127.0.0.1:9099/sse"
}
}
}| Tool | Description |
|---|---|
get_request_list |
List captured requests with filters: domain, method, status code, keyword, pagination |
get_request_detail |
Full details of a single request: headers, body, response, timing |
get_request_body |
Fetch large request/response body content directly |
get_request_stats |
Summary stats: domain distribution, status codes, methods, avg latency |
search_requests |
Advanced search: URL/Body/Header keyword + time range |
get_domain_summary |
Group by domain: unique paths, method distribution, avg latency |
get_cookie_info |
Extract Cookie/Set-Cookie headers and analyze attributes |
compare_requests |
Diff two requests: URL, Headers, Query params, Body, Status code |
analyze_encrypted_content |
Detect Base64/Hex/URL-encoded/JWT content, compute entropy, hint at algorithm |
| Tool | Description |
|---|---|
replay_request |
Replay a captured request with optional header/body overrides; returns the live response |
generate_code |
Convert a captured request to runnable code: Python / JavaScript / cURL / Go |
Fiddler-style breakpoints, but controlled by AI conversation.
| Tool | Description |
|---|---|
add_breakpoint |
Add a breakpoint rule (URL regex + HTTP method + request/response phase) |
list_breakpoints |
List all rules and their enabled state |
remove_breakpoint |
Remove a rule by index |
get_pending_intercepts |
View all currently paused requests/responses with full data |
release_intercept |
Release an intercept with optional modifications: Headers, Body, StatusCode, or abort |
Typical workflow:
AI → add_breakpoint url=".*api/login.*"
Trigger login in the App
AI → get_pending_intercepts ← reads the full intercepted request
AI → release_intercept requestId=xxx body='{"user":"admin","pass":"test"}'
The modified request is forwarded to the server
| Tool | Description |
|---|---|
list_rewrite_rules |
List all persistent rewrite rules |
add_rewrite_rule |
Add a rule: replace body/headers, update params, redirect (5 types) |
remove_rewrite_rule |
Remove a rule by index |
| Tool | Description |
|---|---|
list_scripts |
List all JS intercept scripts |
get_script_content |
Read script source code |
create_or_update_script |
AI writes/updates a JS script with onRequest/onResponse; takes effect immediately |
| Tool | Description |
|---|---|
find_sensitive_data |
Scan for phone numbers, ID cards, emails, JWT, Bearer tokens, API keys, passwords, private IPs |
analyze_auth |
Extract Auth headers, API key headers, Cookie session tokens; auto-decode JWT payloads |
extract_api_endpoints |
Group and normalize API paths (replace IDs/UUIDs with placeholders), count calls and status codes |
GitHub Actions handles multi-platform builds with no local Flutter environment needed.
| File | Trigger | Output |
|---|---|---|
windows-build.yml |
Push to mcp-main / manual |
Windows zip (CI validation) |
release.yml |
v* tag push / manual |
Windows zip + Setup.exe + Android APK → GitHub Release |
git tag v1.2.7
git push origin v1.2.7
# GitHub Actions builds and creates the Release automatically (~15-25 min)proxypin-mcp-windows-{ver}.zip— extract and runproxypin-mcp-windows-{ver}-setup.exe— Inno Setup installer (EN/ZH)proxypin-mcp-android-{ver}.apk— Android APK (release-signed if secrets configured, otherwise debug-signed)
Set these Secrets in GitHub → Settings → Secrets → Actions to enable release signing:
| Secret | Description |
|---|---|
ANDROID_KEYSTORE_BASE64 |
Output of base64 -w 0 your.keystore |
ANDROID_STORE_PASSWORD |
storePassword |
ANDROID_KEY_ALIAS |
keyAlias |
ANDROID_KEY_PASSWORD |
keyPassword |
Without these secrets, the build automatically falls back to debug signing (sideloadable, not Play Store ready).
- All platforms: Windows, Mac, Android, iOS, Linux
- QR code device pairing: connect phones without manual Wi-Fi proxy config
- Domain filtering: intercept only the traffic you need
- Request search: keyword, content-type, multi-condition search
- JavaScript scripts: dynamic request/response manipulation
- Request rewrite: redirect, replace body, modify headers/params
- Request mapping: respond with local files/scripts instead of remote server
- Request decryption: AES key auto-decrypts message bodies
- Request blocking: block requests by URL pattern
- History: auto-save capture data; HAR import/export
git fetch upstream
git merge upstream/main
git push origin mcp-mainOriginal ProxyPin: https://github.com/wanghongenpin/proxypin
Thanks to @wanghongenpin for the excellent original work.
Apache License 2.0, same as the upstream project.