MITM proxy for HTTP/HTTPS traffic capture. Records API conversations in multiple formats with auto-generated CA certificates and curl script export.
scorpiox-traffic is a transparent MITM proxy built in pure C that intercepts HTTP and HTTPS traffic between scorpiox code and AI provider APIs. It launches an embedded Python proxy script (mitmproxy), auto-generates CA certificates for TLS interception, injects HTTP_PROXY/HTTPS_PROXY into the child process environment, and collects all request/response pairs in a thread-safe manner. Output is written in four formats: raw captures, summary.json, conversation.jsonl, and HAR archives.
Source
# Single-file C implementation
scorpiox/scorpiox-traffic.c
Transparent man-in-the-middle proxy for HTTP and HTTPS traffic capture between scorpiox code and AI provider endpoints.
Launches an embedded mitmproxy script — no separate install required. The proxy script is compiled into the binary.
Writes captured traffic in 4 formats: raw request/response pairs, summary.json, conversation.jsonl, and HAR archives.
Generates CA certificates automatically for TLS interception. No manual cert setup needed — just run and capture.
Sets HTTP_PROXY and HTTPS_PROXY environment variables for the child process, routing all traffic through the capture proxy.
Exports captured requests as replayable curl commands. Debug and reproduce any API call from the recorded session.
All data collection is thread-safe. Concurrent requests from multiple provider calls are captured without data races.
Inject a custom CA bundle for environments with corporate proxies or internal certificate authorities.
scorpiox-traffic sits between scorpiox code and the AI provider API. When you enable traffic capture, it starts a local MITM proxy, configures the child process to route through it, and records every HTTP/HTTPS exchange.
# Step 1: scorpiox-traffic starts mitmproxy on port 8899 # Step 2: Auto-generates CA cert for TLS interception # Step 3: Sets HTTP_PROXY=http://127.0.0.1:8899 # Sets HTTPS_PROXY=http://127.0.0.1:8899 # Step 4: Launches child process (sx) with proxy env # Step 5: All HTTP/HTTPS traffic flows through proxy # Step 6: Writes raw, summary.json, conversation.jsonl, HAR
scorpiox-traffic uses two primary configuration keys in scorpiox-env.txt:
| Key | Type | Description |
|---|---|---|
TRAFFIC_OUTDIR |
path | Output directory for captured traffic files. All formats (raw, JSON, JSONL, HAR) are written here. |
TRAFFIC_PORT |
integer | Local proxy listen port. Defaults to 8899. |
GEMINI_TRAFFIC_DIR |
path | Separate output directory for Gemini API traffic logs when using the Gemini provider. |
GEMINI_TRAFFIC_SEQ |
integer | Sequence counter for Gemini traffic log file numbering. |
OPENAI_TRAFFIC_DIR |
path | Separate output directory for OpenAI API traffic logs when using the OpenAI provider. |
OPENAI_TRAFFIC_SEQ |
integer | Sequence counter for OpenAI traffic log file numbering. |
scorpiox-env.txt example
# Enable traffic capture TRAFFIC_OUTDIR=/tmp/sx-traffic TRAFFIC_PORT=8899 # Provider-specific traffic dirs (optional) GEMINI_TRAFFIC_DIR=/tmp/sx-traffic/gemini OPENAI_TRAFFIC_DIR=/tmp/sx-traffic/openai
scorpiox-traffic writes captured traffic in four complementary formats, all within TRAFFIC_OUTDIR:
| Format | File | Description |
|---|---|---|
| Raw | *.raw | Full HTTP request and response bodies captured byte-for-byte. Includes headers and payloads exactly as transmitted over the wire. |
| summary.json | summary.json | Structured JSON summary of the session — method, URL, status code, timing, and size for every request/response pair. |
| conversation.jsonl | conversation.jsonl | JSON Lines format with one entry per API turn. Extracts the semantic conversation from streaming API responses for easy analysis. |
| HAR | capture.har | HTTP Archive format compatible with browser dev tools, Charles Proxy, and other HAR viewers. Full timing waterfall included. |
Output directory structure
TRAFFIC_OUTDIR/ ├── 000_req.raw # First request raw bytes ├── 000_res.raw # First response raw bytes ├── 001_req.raw # Second request ├── 001_res.raw # Second response ├── summary.json # Session summary ├── conversation.jsonl # Conversation log └── capture.har # HAR archive
scorpiox-traffic can generate replayable curl commands from captured traffic. This lets you reproduce any API request outside of scorpiox code for debugging, sharing, or integration testing.
Generated curl script example
#!/bin/bash # Auto-generated by scorpiox-traffic # Session: 2026-03-13T15:30:00+13:00 curl -X POST 'https://api.anthropic.com/v1/messages' -H 'Content-Type: application/json' -H 'x-api-key: sk-ant-...' -H 'anthropic-version: 2023-06-01' -d '@000_req_body.json'
Basic traffic capture
# Set output directory and run scorpiox code export TRAFFIC_OUTDIR=/tmp/sx-capture sx "refactor the auth module" # All API traffic is now in /tmp/sx-capture/ ls /tmp/sx-capture/ # 000_req.raw 000_res.raw summary.json conversation.jsonl capture.har
Custom port
# Use a different proxy port export TRAFFIC_PORT=9999 export TRAFFIC_OUTDIR=./debug-traffic sx "explain this error"
Provider-specific capture (Gemini)
# Capture only Gemini provider traffic export GEMINI_TRAFFIC_DIR=/tmp/gemini-debug export GEMINI_TRAFFIC_SEQ=0 sx --provider gemini "write unit tests"
Inspect captured traffic
# View session summary cat /tmp/sx-capture/summary.json | python3 -m json.tool # View conversation turns cat /tmp/sx-capture/conversation.jsonl | head -5 # Open HAR in browser dev tools # Chrome → F12 → Network → Import HAR open /tmp/sx-capture/capture.har