HTTP interceptor

Learn where intercepted data is stored, what gets synced to servers, and how we prioritize your privacy and security

What is intercepted?

When the Requestly application starts, it initializes a proxy server on one of the open ports available on the user’s device, typically port 8281. Initially, no traffic is intercepted. The interception process only begins after the user actively connects an application or configures the proxy settings in any app. This ensures that interception is entirely user-controlled and does not occur without explicit configuration.

Where are Intercepted requests stored?

Once interception is activated, all intercepted request and response data is securely stored locally on the user’s device. This design guarantees complete privacy and gives users full control over their data. Importantly, no intercepted data is ever transmitted to Requestly servers. Additionally, users can save their interception sessions locally as HAR (HTTP Archive) files, making the data easily accessible and portable while maintaining privacy.

Saving Session Data

Users can save intercepted session data in two ways, ensuring complete control and privacy:

  1. Direct Download: Users can directly download intercepted session data as a HAR (HTTP Archive) file for analysis or archiving. This approach allows immediate and portable access to the session data.

  2. Save Within Requestly App: Users can save sessions within the Requestly app, where the data is securely stored as a HAR file on the local system. Even when using this option, no intercepted data is sent to or stored on Requestly servers.

In both cases, intercepted data remains local to the user's system, ensuring privacy and compliance with data security standards.

Storage Location

After Requestly has captured traffic, users can save it in a session for later usage. These sessions are stored in HAR (HTTP Archive) format locally on the user's system and are not sent to any server. The locations for these are as follows:

  • Requestly Data:

    • Linux: ~/.config/Requestly

    • Windows: %APPDATA%/Requestly

    • macOS: ~/Library/Application Support/Requestly

  • Saved Sessions:

    • Linux: ~/.config/network-sessions

    • Windows: %APPDATA%/network-sessions

    • macOS: ~/Library/Application Support/network-sessions

These directories ensure that all data remains private and under the user’s control. Even after uninstalling the Requestly desktop app, these folders will continue to exist on the system. As a result:

  • Previously saved sessions will still be accessible if the app is reinstalled.

  • Your login and personal information are deleted when uninstalling Requestly, but session and certificate data remain.

  • If a Certificate Authority (CA) certificate was installed for systemwide proxying, it will not be automatically removed after uninstalling Requestly. Users may need to manually remove the certificate if necessary.

Updated on
HTTP Rules
Mock/File Server