Skip to content

FAQ

Started capturing, but not a single piece of traffic? First confirm whether the target uses the system proxy. Many apps (for example, some built with cross-platform frameworks) don’t use the proxy at all, so proxy capture receives nothing; for these, switch to NIC capture, which captures everything at the NIC layer. Also, capture must start before the traffic happens; if you start partway through, you may have missed it.

So many capture methods, which should I use? Pick one from the capture method selection table in Getting started; if you’re unsure, start with Proxy capture, the most general option.

Captured a huge pile, how do I find the one I want? Use the filter and search at the top to narrow by domain, type, or keyword and quickly locate the request you care about.

Will capturing affect my normal internet use? No. When capture stops, the app automatically restores any network settings it changed, and there’s a recovery fallback even after an abnormal exit.

Traffic is captured, but the body is ciphertext or garbled? Most likely no certificate is installed, or the app uses certificate pinning. To decrypt via a proxy, install a certificate first; for pinning, switch to App-layer plaintext capture to read plaintext directly from inside the program. See TLS Decryption for details.

Some apps decrypt, some don’t? For apps with certificate pinning or in-house encryption, use App-layer plaintext capture; apps that don’t recognize the system certificate, like Java and Python, go through it too. For the very few where keys can’t be obtained, the per-packet view can still show the encrypted traffic itself.

Can HTTP/3 (QUIC) be decrypted? Yes. Three handling methods are supported: downgrade capture, high-fidelity passthrough, and true H3 decryption.

Do I have to install a certificate? Not necessarily. Direct NIC capture, targeting a specific program, and app-layer plaintext capture all need no certificate; only decrypting via a proxy requires one, and the certificate wizard covers all kinds of environments.

Does iOS need jailbreak? No. iOS stays jailbreak-free throughout, capturing through a connected computer, see iOS capture.

Installed the certificate on Android but still can’t capture? Android 7 and above no longer trust user-installed certificates, and Android 14 is stricter still. Use the certificate-free capture methods in Android capture so you no longer have to wrestle with certificates.

How do I capture mini-programs or apps that don’t use a proxy? These don’t use the system proxy, so a proxy can’t capture them. Use NIC capture to grab them at the NIC layer, paired with automatic decryption to see plaintext.

Is installing a capture certificate safe? Only trust a capture certificate on devices you own or are authorized to test, and remove it when you’re done. See Certificate management and installation.

Does the captured data go to the cloud? No. Local-first, no telemetry; the captured traffic stays only on your machine.

Re-read the relevant capture or decryption guide, or contact us through the channels listed in the app.