A local macOS HTTP/HTTPS debugging proxy for iOS devices. Inspect network traffic from iPhones and iPads routed through your Mac β no cloud, no accounts, no analytics. All data stays on your machine.
Think Proxyman or Charles, but open source and free.
iPhone/iPad ββWi-Fi proxyβββΆ Mac (port 9090) βββΆ Internet
β
Trabant captures
& displays traffic
- Trabant runs a proxy server on your Mac (default port 9090)
- You generate a local CA certificate and install it on your iOS device
- Point your device's Wi-Fi proxy to your Mac's IP
- HTTP traffic is captured directly; HTTPS traffic is decrypted via MITM using certificates signed by your local CA
- Hosts with certificate pinning (e.g. Twitter, Snapchat) automatically fall back to raw tunneling β the app still works, those requests just appear as opaque
TUNNELrows
- HTTPS decryption β MITM with locally generated certificates, TLS 1.3, HTTP/1.1 & HTTP/2
- Automatic pinned-host bypass β certificate-pinned hosts fall back to raw tunneling so apps keep working
- Device grouping β traffic organized by connected device with nicknames
- Request inspector β headers, body (with JSON pretty-printing), timing, and protocol info
- Detached windows β double-click any request to open it in its own window
- QR code setup β scan to install the CA certificate on your device from Safari
- Smart compaction β noisy tunnel-learning and duplicate media requests are collapsed in the UI
- Zero telemetry β no analytics, no network calls, no cloud. Everything stays local and in-memory
Grab the latest .dmg from Releases.
Requires macOS 15.0 or later. Distributed as a notarized app outside the Mac App Store.
- Download and launch Trabant
- Generate the CA β menu bar:
CertificateβShow Setupβ Generate CA - Install on iPhone β scan the QR code in Safari (not Chrome/Firefox β Apple restriction)
- Trust the certificate on iPhone:
- Settings β General β VPN & Device Management β install the profile
- Settings β General β About β Certificate Trust Settings β enable full trust
- Configure Wi-Fi proxy on iPhone:
- Settings β Wi-Fi β your network β Configure Proxy β Manual
- Server: your Mac's IP (shown in Trabant)
- Port:
9090
- Start the proxy in Trabant and browse on your device β traffic appears in real time
git clone https://github.com/gsdv/trabant.git
cd trabant
open Trabant.xcodeprojBuild and run in Xcode (macOS target). Requires Xcode 16+.
Dependencies are managed via SPM and declared in the Xcode project:
| Package | Purpose |
|---|---|
| SwiftNIO | TCP server, HTTP handling |
| SwiftNIO SSL | TLS termination for MITM |
| SwiftNIO HTTP/2 | HTTP/2 protocol support |
| Swift Certificates | X.509 certificate generation |
| Swift Crypto | P256 ECDSA key generation |
| Swift ASN1 | PEM serialization |
Trabant/
βββ App/ # AppState, lifecycle
βββ Core/
β βββ Models/ # ProxySession, DeviceRecord
β βββ Store/ # CaptureStore (in-memory, max 2000 sessions)
β βββ Proxy/ # NIO proxy server, MITM, tunnel relay, cert authority
β βββ Utilities/ # Body formatting, LAN IP detection
βββ UI/ # SwiftUI views, theme, dashboard
Proxy pipeline: SwiftNIO server β HTTP routing β CONNECT upgrade β TLS termination (NIOSSL) β cleartext capture β upstream forwarding (URLSession)
Pinned-host handling: If a client rejects the MITM certificate during TLS handshake, the host is added to a persistent bypass list. Future connections to that host use a raw byte-relay tunnel instead of MITM.
- In-memory only β captured sessions are lost when the app quits
- No HTTP/3 / QUIC β out of scope for now
- Certificate pinned hosts are tunneled, not decrypted
- App Sandbox is disabled β required for binding server sockets; distributed outside the Mac App Store
- iOS certificate install requires Safari β Chrome/Firefox cannot trigger the profile install flow