Quick start: first capture, HTTPS decrypt, and debug
A complete first-run path for new users: install DevPeek, configure the local proxy and HTTPS certificate, capture your first decrypted request, then learn when to use resend, breakpoints, replay, and collaboration.
Video placeholder
Suggested video 1: first HTTPS capture in 10 minutes
Use this slot for a linear screen recording: download, install, enable system proxy, install the certificate, open a test site, and inspect request details.
Recommended length: 6-10 minutes. Show the key buttons in both light and dark UI if possible.
Before you start
DevPeek is a local HTTP(S) proxy. It does not read browser or phone history by itself; traffic appears only after a client sends requests through the DevPeek proxy port.
- The current desktop build is primarily for Windows; check the homepage and changelog for macOS/Linux availability.
- Use DevPeek only on sites, apps, and test environments you are allowed to inspect.
- To read HTTPS plaintext, install and trust the DevPeek root CA on the client device and include the target host in SSL decrypt scope.
- For phones or other devices, keep them on the same LAN as the DevPeek computer and make sure they can reach its proxy port.
Recommended first path
Start with local browser capture. After that works, extend to phones, virtual machines, containers, or collaboration.
Install and launch DevPeek
Download the Windows installer from the homepage. The main window opens on Capture; the gear menu contains Preferences, certificates, SSL proxy config, scripts, breakpoints, and release notes.
- Download the latest Windows installer from the homepage.
- Launch DevPeek and confirm the main window opens.
- If needed, open Gear → Preferences, choose language/theme, and press OK.
Check: the main window opens, Capture is visible, and the gear menu opens.
Confirm proxy port and system proxy
DevPeek starts a local HTTP(S) proxy. Browsers, phones, or tools must point to this computer and port before traffic reaches the capture list.
- Open Preferences → Proxy to see the current port.
- For local browser capture, enable the system proxy entry from the menu if available.
- For phones, set the Wi-Fi proxy host to the computer LAN IP and port to the DevPeek proxy port.
- After changing the port, press OK; DevPeek restarts the proxy service.
Check: visiting an HTTP page creates rows under the corresponding client IP.
Install and trust the HTTPS root certificate
HTTPS decrypt relies on the DevPeek root CA. Proxy without trust usually leaves you with CONNECT tunnels, certificate errors, or missing bodies.
- Open certificate management in DevPeek and install or export the root certificate.
- On Windows, make sure it lands in Trusted Root Certification Authorities.
- On iOS, install the profile and then enable full trust.
- On Android, install the CA certificate; some apps require debug builds that trust user CAs.
Check: HTTPS request details show plaintext headers/bodies instead of only CONNECT.
Enable SSL decrypt scope and capture the first HTTPS request
The certificate lets clients trust DevPeek; SSL scope decides which hosts DevPeek may decrypt. Both are required for useful HTTPS analysis.
- Open SSL proxy config and add rules like *.example.com or *api*.
- For the first verification, you may temporarily use * and narrow it later.
- Refresh the target page from the browser or phone.
- Select a request and inspect overview, headers, and bodies.
Check: HTTPS rows show host, status, timing, and readable plaintext.
Use filters, details, and resend
When the list is noisy, narrow by client tab, protocol, method, keyword, or regex. Then use request details and resend to validate API behavior.
- Pick the source device from client tabs.
- Filter by HTTP/HTTPS and GET/POST as needed.
- Search by path, host, method, or response fragment.
- Use Resend to edit URL, query, headers, or body and send again.
Check: you can find the target API and confirm how changed parameters affect the response.
Use breakpoints and scripts only when you need modification
Breakpoints are for pausing one request/response before it continues. Global scripts are for repeatable transformations such as decrypting parameters or rewriting test fields.
- Create one breakpoint rule with URL/protocol/method and Req/Res phase.
- Enable that rule from the proxy menu.
- Trigger the request and edit headers/body before Continue if needed.
- Move repeated work into global script phases later.
Check: the request pauses and your edited content continues upstream or back to the client.
Use debug, recording, and replay for page bugs
For “the page breaks after these clicks,” record and replay is more useful than a single request. DevPeek aligns actions, console, DOM, and network on one timeline.
- Open Debug and select an HTML client seen through the proxy.
- Enter preview and inspect Elements, Console, and Network.
- Start recording before reproducing the bug, then save it to History.
- Open Repro from History and review the timeline.
Check: History contains the recording and Repro can play it back.
Video placeholder
Suggested video 2: phone capture and certificate trust
Use this slot for phone setup: find computer IP, set Wi-Fi proxy, download certificate, trust it on iOS/Android, then verify HTTPS plaintext in DevPeek.
Recommended length: 5-8 minutes. Split iOS and Android if possible.
Read next by scenario
I only need API capture and resend
Focus on capture list, filters, details tabs, body previews, and resend debug.
Open capture guideI need HTTPS certificates or phone capture
Focus on proxy port, system proxy, SSL allowlist, and certificate trust on Windows/iOS/Android.
Open proxy guideI need to modify requests or automate rewrites
Focus on breakpoint rules, auto breakpoints, script rules, global phases, and script logs.
Open scripts guideI need to reproduce a page bug
Focus on Debug, recording, History, Repro, extension import, and collaboration.
Open debug guideSuggested daily setup
After the base path works, turn these into habits:
- Keep SSL decrypt scope limited to the hosts you are testing.
- Use stable IPs or notes for common test devices.
- Name breakpoint rules clearly, such as “Login Req pause” or “Product detail Res rewrite”.
- Before sharing recordings or captures, check for tokens, cookies, phone numbers, and emails.
If one step does not pass its check, stop and fix proxy, certificate, SSL scope, or client network settings first. Do not stack breakpoints, scripts, or replay on a broken base path.