First Capture
You’ve installed Probe and launched it. The proxy is already running, your system proxy is already pointed at it, and the log table is sitting empty waiting for traffic. This page walks you through generating your first request and reading what Probe captures.
First launch — the Welcome dialog
Section titled “First launch — the Welcome dialog”The very first time you open Probe, a small Welcome window appears prompting you to install the Probe Root CA. HTTPS bodies are unreadable until the CA is trusted, so this is the one piece of one-time setup that turns Probe from a passive HTTP recorder into a full HTTPS debugger. The dialog also detects whether the CA is already trusted on this machine — if so, Probe skips the prompt entirely. Click Install Probe Root CA to set it up now, follow the Setting up a phone? Open the full setup guide link to jump straight to the mobile guide, or click Close to dismiss it. The Don’t show again checkbox stops the dialog appearing on future launches; you can still install the cert later from the toolbar shield icon or http://localhost:9098.
If you skipped this, see Why You Need a CA Certificate when you’re ready.
Confirm the proxy is running
Section titled “Confirm the proxy is running”Before you send any traffic, glance at the toolbar:
- Stop button is visible (not Start) — meaning the proxy is up.
- An IP and port like
192.168.1.42:9099shows where Probe is listening. - A CA URL like
http://192.168.1.42:9098shows where to download the certificate from other devices.
If you see Start instead, click it. Probe boots the proxy on 0.0.0.0:9099 and flips your system proxy. macOS may ask for your password the first time.
Generate the first request
Section titled “Generate the first request”The simplest way to get traffic flowing is from your own machine — your system proxy is already configured, so any browser request is routed through Probe automatically.
Open Safari or Chrome and visit:
http://example.comThat’s plain HTTP, so Probe sees the full request and response without any certificate dance. Switch back to the Probe window — there’s a new row in the log table.
Open Edge or Chrome and visit:
http://example.comThat’s plain HTTP, so Probe sees the full request and response without any certificate dance. Switch back to the Probe window — there’s a new row in the log table.
If nothing appears, two things are usually the cause: the proxy isn’t actually running (toolbar shows Start), or the browser is using its own proxy override (e.g. a corporate VPN extension). Click Start if needed; otherwise check System Settings → Network → Proxies on macOS or Settings → Network & Internet → Proxy on Windows and confirm the HTTP/HTTPS proxy points at 127.0.0.1:9099.
Read what Probe captured
Section titled “Read what Probe captured”The window has three columns — that’s the layout you’ll work in for everything that follows.
- Sidebar on the left lists Navigation (All, Devices, Favorites, Ignored), Filter Folders, and Saved sessions.
- Log table in the middle is the live list of captured requests.
- Detail panel on the right shows whatever request you’ve selected.
Click the new example.com row. The detail panel fills in.
At the top you’ll see the method badge (GET), the URL, and a star to favorite this domain. Below that are three tabs:
- Request — method, URL, headers, query parameters, and body.
- Response — status, headers, and body. JSON is pretty-printed automatically.
- Summary — overview, timing breakdown (DNS, connect, TLS, send, wait, receive), size, and connection (including the resolved remote address).
For an http://example.com GET, you’ll see the HTML body in Response → Body and the timing breakdown in Summary.
Try an HTTPS request
Section titled “Try an HTTPS request”Now visit:
https://example.comThis time Probe captures the request, but the body is unreadable — it’s TLS-encrypted, and Probe doesn’t yet have permission to decrypt it on your machine.
That’s because HTTPS interception requires installing Probe’s CA certificate. Probe acts as a man-in-the-middle: it generates a per-host leaf certificate signed by its own CA, hands that to your browser, and re-encrypts to the real origin. None of that works until your browser trusts the CA.
The full walkthrough is on a separate page. Once the cert is installed, every HTTPS request shows full headers and body just like the HTTP one above:
Switch view modes
Section titled “Switch view modes”The log table has two view modes, switched from the toggle above the list.
- Sequence — flat chronological list of every request. This is the default and the easiest to scan when you’re watching live traffic.
- Structure — grouped tree by domain and path. Useful when an app fires hundreds of requests to a handful of endpoints and you want to see them collapsed.
Try both. They show the same data; only the layout differs. You can switch at any time.
Filter the noise
Section titled “Filter the noise”Most apps generate background chatter — analytics pings, push token refreshes, telemetry. To cut through:
- Type into the search box above the log table. It filters by URL substring in real time.
- Right-click any row and choose Add to Favorites to pin that domain. It then shows under the Favorites sidebar entry.
- Right-click → Ignore to hide a domain entirely. Ignored domains stop appearing in the log until you remove them from the Ignored list.
- Domain Watch is a stricter mode: unwatched domains show only the first request as a teaser, with a Watch Domain button on the detail panel. Useful for app debugging where you only care about one or two backends.
Save the session
Section titled “Save the session”When you’ve captured something worth keeping, hit Cmd+S (macOS) or Ctrl+S (Windows). Probe asks for a name, marks the current tab as read-only, and opens a fresh recording tab so new traffic doesn’t pollute the saved snapshot.
Saved sessions live under the View → Sessions dialog. From there you can rename, export to a .pro file, or share with a teammate who has Probe installed.