Pākiki Blog

The latest insights, vulnerabilities, research, and release information from the Pākiki team.

Follow us on social media:

What Is an Intercepting Proxy?

Published on by Jess
Categories: Proxy Security
Tags: Explanation

That’s a great question.

An intercepting proxy is commonly used by security professionals in order to understand how an application communicates with a server, and to attempt to find security vulnerabilities by manipulating that traffic. An intercepting proxy is a tool we frequently use in penetration testing, but they are also used by developers.

Fundamentally an intercepting proxy is designed to allow somebody to intercept and manipulate network traffic in-transit from a client to a server. Typically, they are talked about in the context of web-based traffic (HTTP). It’s worth noting that technically any proxy will intercept the traffic, but when talking about intercepting proxies, people often mean tools for security professionals.

Most intercepting proxies support the following features:

It’s also really important that they can record a history of requests, so that if you need to go back and check something weeks after you’ve filled a bug report, you can do so.

In addition to the standard features, a proxy may also contain other features, such as:


An intercepting proxy is an essential tool to help security professionals find vulnerabilities. While it is technically possible to use tools built into modern web browsers, or built in system tools, using a proxy makes the job significantly easier. This allows consultants to find more vulnerabilities in a shorter amount of time. While we’re biassed, and obviously we like Pākiki Proxy, there are plenty of other options available as well.