Questions, answered.
The “can it…” worries, answered one by one.
Captured traffic is all ciphertext and gibberish, now what?
Trace Eagle decrypts on capture: session keys match their flows automatically, ciphertext becomes plaintext, and you read the request and response directly, with no keys to export.
Recent Android / Android 14: how do I capture, and do I need root?
Android 7+ distrusts user certs and Android 14 is stricter, but Trace Eagle has several cert-free methods. Whole-device capture needs root, and there are no-root methods too.
Mini-programs / proxy-blind apps (Flutter etc.): how?
That traffic ignores the system proxy, so proxy tools miss it. NIC capture grabs it at the wire, and auto-decrypt shows the plaintext.
Can it capture an app with a pinned cert?
Yes. Read plaintext straight from inside the app, or clear the pinning; it can’t block you.
How do you capture and decrypt HTTP/3 (QUIC)?
Three ways: downgrade-capture, high-fidelity passthrough, or true H3 decryption, so QUIC shows plaintext too.
Does iOS need a jailbreak? A certificate?
iOS needs no jailbreak, captured via a connected computer. Most methods need no cert; only proxy decryption does, and the wizard covers every environment.
Java / Python apps won’t decrypt even with a system cert?
They ignore the system trust store, so ordinary proxies fail. Trace Eagle decrypts them too.
Will it affect my normal internet?
No. Stopping a capture restores network settings automatically, with recovery even after an unexpected exit.
Does my data go to the cloud?
No. Local-first, no telemetry; the traffic you capture stays on your machine.
Is it really free?
Yes. Capture, decrypt, rewrite, replay, load-test, codegen, MCP: every feature is free, and free for the long term.
Can I plug it into an AI (MCP) workflow?
Yes. A real built-in MCP server lets an AI agent call capture, flow search, decryption, replay, code generation and more.