Why Proxy Matters
MCP communication is opaque to standard network tools. The proxy gives full visibility into tool calls, responses, and notifications — enabling manual traffic analysis, breakpoint-based interception, and session replay for reproducing attack scenarios.How It Works
The proxy interception workflow follows five steps:- Launch — Start the proxy between your MCP client and target server
- Observe — Watch the live message stream in the Textual TUI
- Intercept — Set breakpoints to hold messages matching specific criteria
- Act — Forward, modify, or drop held messages
- Replay — Save the session and replay it offline for analysis or reproduction
Built-in Components
- Textual TUI — Live message stream with detail panel for inspecting individual messages
- Intercept engine — Hold/release/drop actions with configurable breakpoint rules
- Session store — Capture all messages as an ordered sequence with save/load and export
- Replay engine — Re-send captured messages against the target server
- Transport adapters — stdio, SSE, and Streamable HTTP server-facing adapters
Next Steps
- Proxy CLI Reference — Command reference for
counteragent proxy - Intercept & Breakpoints — Breakpoint rules and message interception
- Session Replay — Replaying captured sessions
- Session Export — Exporting sessions to external formats