Requestly
Open-source HTTP interceptor and API mocker trusted by 300,000+ developers — intercept, modify, and mock HTTP traffic from browser extensions or desktop without complex proxy setup.
Requestly HTTP Interceptor is an open-source tool that lets developers intercept, inspect, and modify HTTP and HTTPS traffic in real time directly from browsers or desktop apps. It spans a Chrome/Firefox/Edge/Safari extension and a cross-platform desktop app, enabling request redirection, header modification, response body overrides, and JavaScript injection without routing traffic through an external proxy server.
The interceptor’s rule engine covers a broad set of interception patterns — from simple URL redirects to dynamic response scripting using JavaScript — making it practical for frontend debugging, API mocking in CI pipelines, and QA simulations. Developers can import existing configurations from Charles Proxy, ModHeader, and Resource Override with one click, removing friction when switching tools.
Requestly’s ecosystem extends beyond the browser extension: the companion web application at app.requestly.com provides a dashboard for rule management, session recording, and a network inspector. An API mocking layer supports both static responses and dynamic GraphQL targeting, with bulk mock generation from recorded sessions for use in Cypress, Playwright, and Selenium test suites.
The codebase is dual-licensed under GNU AGPLv3 for community features and a proprietary enterprise license for advanced governance capabilities housed in the ee/ directory. The project is actively maintained by the Requestly team (now part of BrowserStack) with a weekly release cadence and a 300,000+ user base across 11,000+ companies.
What You Get
- HTTP Rule Engine - Define interception rules for redirecting URLs, replacing string patterns in requests, modifying request and response headers, blocking requests, delaying responses, and injecting custom JavaScript into web pages.
- API Mocking - Create static and dynamic API mocks with JavaScript-powered response logic, including GraphQL targeting by operation name, bulk mock generation from recorded sessions, and cloud-hosted mock endpoints for team sharing.
- Session Recording & Network Inspector - Capture full HTTP session recordings from browser tabs for replay and debugging, with a dedicated network inspector that shows real-time request/response details filtered by domain or rule match.
- 1-Click Tool Import - Migrate existing configurations from Charles Proxy, ModHeader, and Resource Override directly into Requestly rules without manual re-entry.
- Browser Extension + Desktop App - Install as a lightweight extension for in-browser traffic interception, or use the desktop app for system-wide capture across all browsers, mobile simulators, and native desktop applications.
- Test Automation Integrations - Plug into Cypress, Playwright, Selenium, and Puppeteer workflows using dedicated integration packages to intercept and mock API calls in automated end-to-end test suites.
- Shared Rules & Workspaces - Organize rules into shared workspaces for team collaboration, with role-based access control (Admin, Editor, Viewer) to manage who can modify production-affecting interception rules.
- Script Editor with AI Assistance - Write pre-request and post-response JavaScript with linting support, CodeMirror-based editing, and an AI-powered script generator to accelerate rule creation.
Common Use Cases
- Redirecting production traffic to local dev - A frontend developer redirects API calls from a production or staging domain to a locally running server to test backend changes without deploying, using a URL redirect rule in the extension.
- Mocking third-party APIs in E2E tests - A QA engineer integrates Requestly into a Playwright test suite to intercept and return controlled fixture responses from external payment or analytics APIs, enabling deterministic test runs in CI.
- Debugging mobile app HTTP traffic - A mobile developer uses the desktop app to capture traffic from an iOS simulator or Android emulator, inspecting and modifying API calls that cannot be intercepted from a browser extension alone.
- Overriding feature flags via response modification - A developer injects a modified JSON response body to flip a feature flag returned by a remote config endpoint, testing the enabled state locally without touching the backend service.
- Migrating from Charles Proxy - A team imports an existing Charles Proxy
.chlssession file into Requestly to replicate their rewrite rules and continue using familiar configuration in a browser-native tool. - Simulating backend failures and latency - A reliability engineer adds a delay rule and a block rule to reproduce timeout and 5xx error scenarios on specific API endpoints to test frontend error-handling behavior.
Under The Hood
Architecture
Requestly HTTP Interceptor is structured as a multi-package monorepo with distinct layers: a shared rule-processor library, browser extension components, and a React web application, each developed and built independently but integrated at runtime. The browser extension relies on Manifest V3 service workers for request interception, with a dedicated RequestProcessor class that fetches enabled rules from a storage service and applies redirect, header, and CSP handling logic per intercepted request. The web application is a React Router-based single-page app that communicates with the extension via a dedicated API layer, enabling the dashboard to manage rules stored in the extension’s local storage without requiring direct DOM access. This separation of concerns keeps the rule engine lean and deterministic while allowing the UI to evolve independently.
Tech Stack
The web application is built on React 18 with TypeScript, using Redux Toolkit for rule and workspace state management alongside Zustand for lighter UI state. Vite handles development builds for the web app, while Rollup with Babel targets both ESM and CJS outputs for the shared core package. Firebase provides authentication and cloud hosting for app.requestly.com, and Amplitude handles analytics. The browser extension targets Manifest V3 across Chrome, Firefox, Edge, and Safari with platform-specific manifest files. The common/rule-processor package builds with Webpack and Karma for Node-compatible testing of rule evaluation logic independently from browser APIs. The ee/ directory uses its own build pipeline and license gate for enterprise-specific features.
Code Quality The codebase has solid test coverage for the rule-processor layer, with Karma-based unit tests covering all major rule types — redirect, replace, header modification, query params, user agent, delay, block, and response modification — each with dedicated spec files and assertion-based validation. The web application uses Vitest and Playwright for unit and end-to-end testing respectively. TypeScript adoption is comprehensive in the web app and extension layers, with strict-mode configurations and typed service interfaces. ESLint and Prettier are enforced via Husky pre-commit hooks through lint-staged. The codebase reflects active maintenance discipline with consistent file organization by feature domain, though some legacy JavaScript files remain in the rule-processor and extension common utilities.
What Makes It Unique
Requestly’s most distinctive architectural choice is its browser-extension-first interception model: rather than routing traffic through a proxy or requiring OS-level certificate installation, the extension hooks directly into browser network APIs (Manifest V3 declarativeNetRequest and webRequest) to modify requests in-process. This removes network-level overhead and eliminates certificate trust issues that affect traditional proxy tools like Charles Proxy. The desktop app extends this reach by acting as a local proxy for non-browser traffic, bridging both interception surfaces under a unified rule set. The integration of a full API mocking layer with GraphQL operation targeting and session-based bulk mock generation inside the same tool — where other dedicated interceptors treat mocking as a separate concern — gives Requestly a uniquely broad scope for developer testing workflows.
Self-Hosting
The Requestly HTTP Interceptor uses a dual-license model. Core community features are licensed under the GNU Affero General Public License v3 (AGPLv3), which is a strong copyleft license. This means you can use, modify, and distribute the software freely, but any network-facing derivative works must also be released under AGPLv3. For commercial self-hosting where you cannot comply with the AGPLv3’s source-sharing requirements, a separate commercial license is needed — the enterprise edition terms are defined in ee/LICENSE and governed by BrowserStack (which acquired Requestly). The ee/ directory contains enterprise-specific features that require an active subscription.
Self-hosting the interceptor for internal use is technically straightforward for the web application component: the React app can be built with Vite and deployed as a static site, with Firebase handling authentication if you use the cloud backend, or replaced with your own auth layer. The browser extension is installed separately by each developer from browser stores or via enterprise extension management policies. The desktop app is distributed as a standalone Electron binary. You are responsible for managing updates across all three surfaces — extension, desktop app, and web dashboard — and coordinating version compatibility when Requestly ships breaking changes to the rule storage format or API layer.
Compared to using Requestly’s hosted service (app.requestly.com), self-hosting gives you full control over data residency, which matters for regulated industries. However, you lose automatic updates, the managed cloud mock endpoints, enterprise SSO and SAML integrations, centralized audit logs, and BrowserStack’s support SLAs. Team and Enterprise paid tiers on the hosted service add RBAC enforcement, SOC-2-backed security controls, priority support, and on-premises deployment options — the latter being the supported path for organizations that need air-gapped or fully self-hosted deployments with enterprise governance without building their own infrastructure.
Related Apps
Ollama
AI Development · Developer Tools
Run Llama, Gemma, DeepSeek, and other open LLMs on your own machine with one command and an OpenAI-compatible API.
Ollama
MITDify
No Code Platforms · AI Development · Developer Tools
Visual LLM workflow platform with RAG pipelines, agent capabilities, and model management for building production AI applications.
Dify
OtherFirecrawl
AI Development · Developer Tools
Turn any website into clean, LLM-ready data with a single API call — no proxy headaches, no scraping complexity.