Quick start: first capture, HTTPS decrypt, and debug
A complete first-run path for new users: install DevPeek, configure the local proxy and HTTPS certificate, capture your first decrypted request, then learn when to use resend, param transform, Mock, and page debugging.
Demo
Certificate install to your first HTTPS capture
Install and trust the DevPeek root CA, set SSL decrypt scope, and verify your first decrypted HTTPS request in the capture list.
Before you start
DevPeek is a local HTTP(S) proxy. It does not read browser or phone history by itself; traffic appears only after a client sends requests through the DevPeek proxy port.
- The current desktop build is primarily for Windows; check the homepage and changelog for macOS/Linux availability.
- Use DevPeek only on sites, apps, and test environments you are allowed to inspect.
- To read HTTPS plaintext, install and trust the DevPeek root CA on the client device and include the target host in SSL decrypt scope.
- For phones or other devices, keep them on the same LAN as the DevPeek computer and make sure they can reach its proxy port.
Recommended first path
Start with local browser capture. After that works, extend to phones, virtual machines, containers, or collaboration.
Install and launch DevPeek
Download the Windows installer from the homepage. The main window opens on Capture; the title bar Rules menu covers encrypt/decrypt config, param transform, and Mock; Settings covers preferences and release notes.
- Download the latest Windows installer from the homepage.
- Launch DevPeek and confirm the main window opens.
- If needed, open Gear → Preferences, choose language/theme, and press OK.
Check: the main window opens, Capture is visible, and the gear menu opens.
Confirm proxy port and system proxy
DevPeek starts a local HTTP(S) proxy. Browsers, phones, or tools must point to this computer and port before traffic reaches the capture list.
- Open Preferences → Proxy to see the current port.
- For local browser capture, enable the system proxy entry from the menu if available.
- For phones, set the Wi-Fi proxy host to the computer LAN IP and port to the DevPeek proxy port.
- After changing the port, press OK; DevPeek restarts the proxy service.
Check: visiting an HTTP page creates rows under the corresponding client IP.
Install and trust the HTTPS root certificate
HTTPS decrypt relies on the DevPeek root CA. Proxy without trust usually leaves encrypted tunnels, certificate errors, or missing bodies.
- Open certificate management in DevPeek and install or export the root certificate.
- On Windows, make sure it lands in Trusted Root Certification Authorities.
- On iOS, install the profile and then enable full trust.
- On Android, install the CA certificate; some apps require debug builds that trust user CAs.
Check: HTTPS request details show readable headers and bodies, not only undecrypted tunnel rows.
Enable SSL decrypt scope and capture the first HTTPS request
The certificate lets clients trust DevPeek; SSL scope decides which hosts DevPeek may decrypt. Both are required for useful HTTPS analysis.
- Open SSL proxy config and add rules like *.example.com or *api*.
- For the first verification, you may temporarily use * and narrow it later.
- Refresh the target page from the browser or phone.
- Select a request and inspect overview, headers, and bodies.
Check: HTTPS rows show host, status, timing, and readable plaintext.
Use filters, details, and resend
When the list is noisy, narrow by client tab, protocol, method, keyword, or regex. Then use request details and resend to validate API behavior.
- Pick the source device from client tabs.
- Filter by HTTP/HTTPS and GET/POST as needed.
- Search by path, host, method, or response fragment.
- Use Resend to edit URL, query, headers, or body and send again.
Check: you can find the target API and confirm how changed parameters affect the response.
Use param transform and Mock when you need to change traffic
Param transform decrypts wire params for readable capture details. Mock pauses or auto-tampers requests/responses. Put repeat decrypt logic in transform rules; use Mock for one-off or preset tampering.
- Encrypted APIs: add encrypt/decrypt config under Rules, then save a param transform rule from the list context menu.
- Tampering: right-click a row → Mock, pick manual or auto, then enable rules under Proxy → Start Mock.
- On manual Mock hit, the full-screen Mock tamper dialog opens; edit headers/body there, then Continue or Abort.
Check: transform tab shows plaintext; Mock pauses or applies tamper as configured.
Debug web pages in the phone browser
Page debugging targets mobile HTML through DevPeek’s proxy. Complete proxy routing, mobile CA trust, and SSL decrypt first—then mirror in Debug with DevPeek’s built-in panels, not browser DevTools.
- Confirm the phone’s Wi‑Fi proxy points at DevPeek and Capture shows decrypted HTTPS / HTML from that device.
- Open Debug, pick the phone in the top client tab, and refresh the target page in the phone browser to auto-connect.
- Use the built-in debug panels for DOM, scripts, and network; use Throttling when needed.
- If the preview stays on “Waiting for device connection”, fix proxy and SSL setup—do not skip certificate configuration.
Check: after the phone loads the page through the proxy, DevPeek mirrors it with built-in debug panels.
Read next by scenario
I only need API capture, Mock, or response search
Focus on param encrypt/decrypt, visual Mock, response-body search, capture details, and resend debug.
Open capture guideI need HTTPS certificates or phone capture
Focus on proxy port, system proxy, SSL allowlist, and certificate trust on Windows/iOS/Android.
Open proxy guideI need to modify requests or automate rewrites
Focus on param transform, Mock (manual/auto), multi-rule enablement, and tamper versions.
Open Mock guideI need to debug H5 / web pages in the phone browser
Focus on proxy setup, mobile SSL cert & decrypt scope, Debug tab, page mirror, and DevPeek built-in debug panels.
Open mobile web debugging guideSuggested daily setup
After the base path works, turn these into habits:
- Keep SSL decrypt scope limited to the hosts you are testing.
- Use stable IPs or notes for common test devices.
- Name Mock rules clearly, such as “Login request pause” or “Product detail response rewrite”.
- Before sharing recordings or captures, check for tokens, cookies, phone numbers, and emails.
If one step does not pass its check, stop and fix proxy, certificate, SSL scope, or client network settings first. Do not stack param transform, Mock, or page debugging on a broken base path.