<?xml version="1.0" encoding="UTF-8"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:dc="http://purl.org/dc/elements/1.1/">
  <channel>
    <title>DEV Community: Anh Vu</title>
    <description>The latest articles on DEV Community by Anh Vu (@anh_vu).</description>
    <link>https://dev.to/anh_vu</link>
    <image>
      <url>https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3989489%2Fb3249a11-086b-4ab4-9661-ccff0f036103.jpeg</url>
      <title>DEV Community: Anh Vu</title>
      <link>https://dev.to/anh_vu</link>
    </image>
    <atom:link rel="self" type="application/rss+xml" href="https://dev.to/feed/anh_vu"/>
    <language>en</language>
    <item>
      <title>How to Capture HTTPS Traffic on iPhone (On-Device, No Desktop Proxy)</title>
      <dc:creator>Anh Vu</dc:creator>
      <pubDate>Fri, 19 Jun 2026 16:14:14 +0000</pubDate>
      <link>https://dev.to/anh_vu/how-to-capture-https-traffic-on-iphone-on-device-no-desktop-proxy-20da</link>
      <guid>https://dev.to/anh_vu/how-to-capture-https-traffic-on-iphone-on-device-no-desktop-proxy-20da</guid>
      <description>&lt;p&gt;If you build or test mobile apps, you have almost certainly hit this wall: your app calls an API, something breaks, and you have no idea what actually went over the wire. To debug it properly, you need to &lt;strong&gt;capture and inspect the HTTPS traffic&lt;/strong&gt; your iPhone is sending and receiving.&lt;/p&gt;

&lt;p&gt;Traditionally that meant tethering your phone to a computer, running a desktop proxy, and fiddling with certificates and Wi-Fi proxy settings. This guide shows a faster, mobile-first approach: capturing decrypted HTTPS traffic &lt;strong&gt;directly on the iPhone itself&lt;/strong&gt; — no Mac, no jailbreak, and no desktop proxy.&lt;/p&gt;

&lt;h2&gt;
  
  
  Why HTTPS Traffic Inspection Matters
&lt;/h2&gt;

&lt;p&gt;Nearly all modern app traffic is encrypted with TLS — great for security, inconvenient for debugging. Being able to decrypt and inspect it on demand unlocks problems you would otherwise be guessing at:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;API debugging.&lt;/strong&gt; See the exact request URL, method, headers, query parameters, and body, plus the raw response.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Authentication issues.&lt;/strong&gt; Verify bearer tokens, cookies, and API keys are present, correctly formatted, and not expired.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Backend troubleshooting.&lt;/strong&gt; Confirm whether a failure is a 4xx/5xx response, an unexpected payload, or a timeout.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;QA testing.&lt;/strong&gt; Reproduce edge cases by mocking responses or rewriting payloads.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Network analysis.&lt;/strong&gt; Audit which third-party SDKs are phoning home, how often, and with what data.&lt;/li&gt;
&lt;/ul&gt;

&lt;h2&gt;
  
  
  The Mobile-First Approach
&lt;/h2&gt;

&lt;p&gt;&lt;a href="https://moniproxy.com/" rel="noopener noreferrer"&gt;Moni Proxy&lt;/a&gt; runs the proxy &lt;em&gt;on the iPhone itself&lt;/em&gt;, using iOS's native VPN and certificate APIs to capture, decrypt, and render traffic locally. Everything happens on-device and the traffic never leaves your phone.&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;No desktop required.&lt;/strong&gt; No Mac running a proxy, no same-network requirement.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;No jailbreak.&lt;/strong&gt; Supported system VPN profiles and a local certificate authority.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Less setup.&lt;/strong&gt; Install, run the certificate wizard once, and start capturing.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Inspect anywhere.&lt;/strong&gt; Debug on a real device on cellular, on the train, or in the field.&lt;/li&gt;
&lt;/ul&gt;

&lt;h2&gt;
  
  
  Step-by-Step Tutorial
&lt;/h2&gt;

&lt;h3&gt;
  
  
  1. Install Moni Proxy
&lt;/h3&gt;

&lt;p&gt;Download Moni Proxy from the &lt;a href="https://apps.apple.com/us/app/moni-proxy-https-debug/id6772754819" rel="noopener noreferrer"&gt;App Store&lt;/a&gt; and open it. A one-time wizard installs a local certificate authority (CA) on your device — generated locally, never shared.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2F5fm3e292zn6fqpzqgljo.jpg" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2F5fm3e292zn6fqpzqgljo.jpg" alt="Moni Proxy home screen with the CA certificate trusted" width="720" height="1557"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Install the profile in &lt;strong&gt;Settings → General → VPN &amp;amp; Device Management&lt;/strong&gt;, then enable full trust in &lt;strong&gt;Settings → General → About → Certificate Trust Settings&lt;/strong&gt;. You only do this once.&lt;/p&gt;

&lt;h3&gt;
  
  
  2. Start a Capture Session
&lt;/h3&gt;

&lt;p&gt;Tap &lt;strong&gt;Start&lt;/strong&gt;. Moni Proxy spins up a local proxy and routes your device traffic through it using a system VPN profile.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fzafbqeqs2k2qwy0x54bo.jpg" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fzafbqeqs2k2qwy0x54bo.jpg" alt="Capture session running as live HTTPS requests stream in" width="720" height="1558"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;h3&gt;
  
  
  3. Generate Traffic
&lt;/h3&gt;

&lt;p&gt;Switch to the app you want to debug and use it normally — log in, refresh, submit a form. Each network call is intercepted in real time. Works for any stack (URLSession, Alamofire, a Flutter HTTP client, or a React Native fetch).&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Ftmzyv10n9n5qfihle2zw.jpg" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Ftmzyv10n9n5qfihle2zw.jpg" alt="Traffic list with the filter-by-domain panel open" width="720" height="1557"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;h3&gt;
  
  
  4. Inspect Requests
&lt;/h3&gt;

&lt;p&gt;Tap any entry to see the full URL, method, status code, headers, query parameters, and request body — syntax-highlighted for JSON. Most API bugs reveal themselves here: a missing &lt;code&gt;Authorization&lt;/code&gt; header, a wrong content type, or a malformed payload.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fdtg4203dn4cf63e4f4t0.jpg" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fdtg4203dn4cf63e4f4t0.jpg" alt="Request detail view showing a POST request" width="720" height="1557"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;h3&gt;
  
  
  5. Inspect Responses
&lt;/h3&gt;

&lt;p&gt;Switch to the response tab for the status line, response headers, timing, and the decrypted response body. Pretty-printed JSON makes it easy to confirm whether the bug is on the backend.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fdkmawxsi9lqxavtkol13.jpg" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fdkmawxsi9lqxavtkol13.jpg" alt="Decrypted response body as pretty-printed JSON" width="720" height="1558"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;h3&gt;
  
  
  6. Debug APIs
&lt;/h3&gt;

&lt;p&gt;Beyond read-only inspection, you can &lt;strong&gt;mock&lt;/strong&gt; a response, &lt;strong&gt;rewrite&lt;/strong&gt; headers or body fields on the fly, or &lt;strong&gt;replay&lt;/strong&gt; a captured request after editing it — reproduce an error state, test a 500, or simulate an empty list, all without touching the backend.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fd0wyfh3ng51ylb7md3fq.jpg" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fd0wyfh3ng51ylb7md3fq.jpg" alt="Map Local screen with custom mock responses" width="720" height="1558"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Febpuvlfltrcxxos9sw7b.jpg" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Febpuvlfltrcxxos9sw7b.jpg" alt="Rewrite rules editing headers and body before replay" width="720" height="1558"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;h2&gt;
  
  
  Common Issues
&lt;/h2&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;Bodies are unreadable.&lt;/strong&gt; The certificate is installed but not &lt;em&gt;trusted&lt;/em&gt;. Go to &lt;strong&gt;Settings → General → About → Certificate Trust Settings&lt;/strong&gt; and toggle full trust on.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;A specific app's traffic is missing.&lt;/strong&gt; Some apps use &lt;strong&gt;certificate pinning&lt;/strong&gt;, which rejects any certificate other than the developer's. That's a security feature, not a bug.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Nothing is captured.&lt;/strong&gt; Confirm the capture session is running and the VPN profile is enabled (iOS shows a small VPN indicator in the status bar).&lt;/li&gt;
&lt;/ul&gt;

&lt;h2&gt;
  
  
  Conclusion
&lt;/h2&gt;

&lt;p&gt;A mobile-first workflow removes the desktop proxy, the Wi-Fi configuration, and the same-network requirement — leaving a fast loop of capture, inspect, and mock that works wherever your bug actually happens.&lt;/p&gt;

&lt;p&gt;Moni Proxy is free to try on &lt;strong&gt;iPhone, Android &amp;amp; macOS&lt;/strong&gt; → &lt;a href="https://moniproxy.com/" rel="noopener noreferrer"&gt;moniproxy.com&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fl9we6ss096bxhcrsifda.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fl9we6ss096bxhcrsifda.png" alt=" " width="800" height="479"&gt;&lt;/a&gt;&lt;/p&gt;

</description>
      <category>ai</category>
      <category>mobile</category>
      <category>api</category>
      <category>tutorial</category>
    </item>
    <item>
      <title>Why Mobile API Bugs Take Days to Reproduce</title>
      <dc:creator>Anh Vu</dc:creator>
      <pubDate>Fri, 19 Jun 2026 00:41:24 +0000</pubDate>
      <link>https://dev.to/anh_vu/why-mobile-api-bugs-take-days-to-reproduce-3el5</link>
      <guid>https://dev.to/anh_vu/why-mobile-api-bugs-take-days-to-reproduce-3el5</guid>
      <description>&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fpoh7x9lafgqo5t0cxaih.jpeg" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fpoh7x9lafgqo5t0cxaih.jpeg" alt=" " width="800" height="533"&gt;&lt;/a&gt;&lt;br&gt;
QA has screenshots.&lt;/p&gt;

&lt;p&gt;Frontend can't reproduce.&lt;/p&gt;

&lt;p&gt;Backend can't find the request.&lt;/p&gt;

&lt;p&gt;A 5-minute bug turns into a 3-hour investigation.&lt;/p&gt;

&lt;p&gt;After dealing with this problem repeatedly, I built a tool to capture and export HTTPS traffic directly from mobile devices.&lt;/p&gt;

&lt;p&gt;Along the way I learned that most debugging delays aren't caused by bugs.&lt;/p&gt;

&lt;p&gt;They're caused by missing context.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://moniproxy.com/blog/why-mobile-bugs-take-days-to-reproduce" rel="noopener noreferrer"&gt;https://moniproxy.com/blog/why-mobile-bugs-take-days-to-reproduce&lt;/a&gt;&lt;/p&gt;

</description>
      <category>backend</category>
      <category>mobiledev</category>
      <category>testing</category>
      <category>productivity</category>
    </item>
    <item>
      <title>Why Mobile API Bugs Take Days to Reproduce</title>
      <dc:creator>Anh Vu</dc:creator>
      <pubDate>Fri, 19 Jun 2026 00:41:24 +0000</pubDate>
      <link>https://dev.to/anh_vu/why-mobile-api-bugs-take-days-to-reproduce-l08</link>
      <guid>https://dev.to/anh_vu/why-mobile-api-bugs-take-days-to-reproduce-l08</guid>
      <description>&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fk9amnqqcoxue39hs4s85.jpeg" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fk9amnqqcoxue39hs4s85.jpeg" alt=" " width="800" height="533"&gt;&lt;/a&gt;&lt;br&gt;
QA has screenshots.&lt;/p&gt;

&lt;p&gt;Frontend can't reproduce.&lt;/p&gt;

&lt;p&gt;Backend can't find the request.&lt;/p&gt;

&lt;p&gt;A 5-minute bug turns into a 3-hour investigation.&lt;/p&gt;

&lt;p&gt;After dealing with this problem repeatedly, I built a tool to capture and export HTTPS traffic directly from mobile devices.&lt;/p&gt;

&lt;p&gt;Along the way I learned that most debugging delays aren't caused by bugs.&lt;/p&gt;

&lt;p&gt;They're caused by missing context.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://moniproxy.com/blog/why-mobile-bugs-take-days-to-reproduce" rel="noopener noreferrer"&gt;https://moniproxy.com/blog/why-mobile-bugs-take-days-to-reproduce&lt;/a&gt;&lt;/p&gt;

</description>
      <category>backend</category>
      <category>mobiledev</category>
      <category>testing</category>
      <category>productivity</category>
    </item>
    <item>
      <title>Why Mobile Bugs Take Days to Reproduce (And How We Fixed It)</title>
      <dc:creator>Anh Vu</dc:creator>
      <pubDate>Thu, 18 Jun 2026 14:43:06 +0000</pubDate>
      <link>https://dev.to/anh_vu/why-mobile-bugs-take-days-to-reproduce-and-how-we-fixed-it-20bk</link>
      <guid>https://dev.to/anh_vu/why-mobile-bugs-take-days-to-reproduce-and-how-we-fixed-it-20bk</guid>
      <description>&lt;p&gt;
One thing surprised me after years of building mobile apps.
&lt;/p&gt;

&lt;p&gt;
The bugs that consumed the most engineering time were rarely the most difficult bugs.
&lt;/p&gt;

&lt;p&gt;
The fixes were often simple.
&lt;br&gt;
The investigation was the expensive part.
&lt;/p&gt;





&lt;h2&gt;A Typical Conversation&lt;/h2&gt;

&lt;p&gt;&lt;strong&gt;QA:&lt;/strong&gt;&lt;br&gt;
"Login is failing for some users."
&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Frontend:&lt;/strong&gt;&lt;br&gt;
"I can't reproduce it."
&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Backend:&lt;/strong&gt;&lt;br&gt;
"I don't see anything unusual in the logs."
&lt;/p&gt;

&lt;p&gt;
QA sends screenshots.
&lt;br&gt;
Frontend asks for more details.
&lt;br&gt;
Backend asks for request payloads.
&lt;br&gt;
Someone records a video.
&lt;br&gt;
Someone else tries to reproduce the issue.
&lt;/p&gt;

&lt;p&gt;
Hours pass.
&lt;br&gt;
Sometimes days.
&lt;/p&gt;

&lt;p&gt;
Eventually, the root cause turns out to be something trivial:
&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;An expired token&lt;/li&gt;
&lt;li&gt;A missing header&lt;/li&gt;
&lt;li&gt;A malformed request body&lt;/li&gt;
&lt;li&gt;A backend validation rule&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;
The fix takes &lt;strong&gt;five minutes&lt;/strong&gt;.
&lt;br&gt;
The investigation took &lt;strong&gt;two days&lt;/strong&gt;.
&lt;/p&gt;





&lt;h2&gt;The Real Problem Isn't The Bug&lt;/h2&gt;

&lt;p&gt;
The real problem is &lt;strong&gt;visibility&lt;/strong&gt;.
&lt;/p&gt;

&lt;p&gt;
When an issue happens on a mobile device, every team sees only part of the picture.
&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;QA sees the error&lt;/li&gt;
&lt;li&gt;Frontend sees the code&lt;/li&gt;
&lt;li&gt;Backend sees server logs&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;
Nobody sees the complete request and response that caused the problem.
&lt;/p&gt;

&lt;p&gt;
As a result, teams spend most of their time collecting evidence instead of fixing the issue.
&lt;/p&gt;





&lt;h2&gt;Screenshots Aren't Enough&lt;/h2&gt;

&lt;p&gt;
For years our workflow looked like this:
&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Screenshot from QA&lt;/li&gt;
&lt;li&gt;Screen recording&lt;/li&gt;
&lt;li&gt;Console logs&lt;/li&gt;
&lt;li&gt;Slack messages&lt;/li&gt;
&lt;li&gt;Guessing&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;
The problem is that screenshots don't contain enough information.
&lt;/p&gt;

&lt;p&gt;
A screenshot cannot tell you:
&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Which headers were sent&lt;/li&gt;
&lt;li&gt;Which payload was submitted&lt;/li&gt;
&lt;li&gt;Which response was returned&lt;/li&gt;
&lt;li&gt;Whether authentication failed&lt;/li&gt;
&lt;li&gt;Whether the request even reached the server&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;
Yet these are exactly the details engineers need.
&lt;/p&gt;





&lt;h2&gt;What Changed Everything&lt;/h2&gt;

&lt;p&gt;
The biggest improvement came when we started sharing traffic logs instead of screenshots.
&lt;/p&gt;

&lt;p&gt;
Instead of saying:
&lt;/p&gt;

&lt;blockquote&gt;
&lt;p&gt;Login failed.&lt;/p&gt;
&lt;/blockquote&gt;

&lt;p&gt;
QA could share:
&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Request URL&lt;/li&gt;
&lt;li&gt;Headers&lt;/li&gt;
&lt;li&gt;Request Body&lt;/li&gt;
&lt;li&gt;Response Body&lt;/li&gt;
&lt;li&gt;HTTP Status Code&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;
Now frontend and backend engineers were looking at the same evidence.
&lt;/p&gt;

&lt;p&gt;
✅ No guessing
&lt;br&gt;
✅ No interpretation
&lt;br&gt;
✅ Just facts
&lt;/p&gt;

&lt;p&gt;
Suddenly issues became much easier to reproduce.
&lt;/p&gt;





&lt;h2&gt;The Impact&lt;/h2&gt;

&lt;p&gt;
The result wasn't fewer bugs.
&lt;/p&gt;

&lt;p&gt;
The result was &lt;strong&gt;faster investigations&lt;/strong&gt;.
&lt;/p&gt;

&lt;p&gt;
Instead of spending hours asking questions, teams could immediately focus on solving the actual problem.
&lt;/p&gt;

&lt;p&gt;
What surprised me most was how often communication, not code, was the bottleneck.
&lt;/p&gt;

&lt;p&gt;
The technical fix was usually straightforward.
&lt;br&gt;
Getting everyone aligned on what actually happened was the difficult part.
&lt;/p&gt;





&lt;h2&gt;What We Changed&lt;/h2&gt;

&lt;p&gt;
After running into this workflow repeatedly, our team started capturing and sharing traffic logs directly from mobile devices.
&lt;/p&gt;

&lt;p&gt;
The goal wasn't better debugging tools.
&lt;/p&gt;

&lt;p&gt;
The goal was reducing the time it took QA, frontend engineers and backend engineers to understand the same issue.
&lt;/p&gt;

&lt;p&gt;
Once everyone could see the exact request and response, investigations became dramatically faster.
&lt;/p&gt;

&lt;p&gt;
The feature was traffic inspection.
&lt;br&gt;
The outcome was better collaboration.
&lt;/p&gt;





&lt;h2&gt;Final Thoughts&lt;/h2&gt;

&lt;p&gt;
Many engineering teams spend far more time investigating bugs than fixing them.
&lt;/p&gt;

&lt;p&gt;
If your bug reports still rely on screenshots, screen recordings and Slack threads, there may be an easier way.
&lt;/p&gt;

&lt;p&gt;
The most valuable debugging information is often the request and response that triggered the issue.
&lt;/p&gt;

&lt;p&gt;
Everything else is just context.
&lt;/p&gt;





&lt;h3&gt;How does your team currently handle API-related bug investigations?&lt;/h3&gt;

&lt;p&gt;
Do you rely on screenshots, logs, traffic captures, or something else?
&lt;/p&gt;

&lt;p&gt;canonical_url: &lt;a href="https://moniproxy.com/blog/why-mobile-bugs-take-days-to-reproduce" rel="noopener noreferrer"&gt;https://moniproxy.com/blog/why-mobile-bugs-take-days-to-reproduce&lt;/a&gt;&lt;/p&gt;

</description>
      <category>softwareengineering</category>
      <category>mobiledev</category>
      <category>productivity</category>
      <category>webdev</category>
    </item>
    <item>
      <title>How to Capture HTTPS Traffic on iPhone Without a Mac</title>
      <dc:creator>Anh Vu</dc:creator>
      <pubDate>Wed, 17 Jun 2026 16:59:19 +0000</pubDate>
      <link>https://dev.to/anh_vu/how-to-capture-https-traffic-on-iphone-without-a-mac-45o8</link>
      <guid>https://dev.to/anh_vu/how-to-capture-https-traffic-on-iphone-without-a-mac-45o8</guid>
      <description>&lt;p&gt;As a mobile developer, I spend a lot of time debugging API requests.&lt;/p&gt;

&lt;p&gt;Most of the time, the workflow looks something like this:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Open Charles Proxy or Proxyman on a Mac&lt;/li&gt;
&lt;li&gt;Configure proxy settings&lt;/li&gt;
&lt;li&gt;Install certificates&lt;/li&gt;
&lt;li&gt;Connect devices to the same network&lt;/li&gt;
&lt;li&gt;Start inspecting traffic&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;These tools are excellent and have become essential parts of many developers’ workflows.&lt;/p&gt;

&lt;p&gt;But recently I found myself in a situation where I only had my iPhone with me.&lt;/p&gt;

&lt;p&gt;No MacBook.&lt;/p&gt;

&lt;p&gt;No desktop setup.&lt;/p&gt;

&lt;p&gt;I simply wanted to inspect HTTPS traffic from a mobile app.&lt;/p&gt;

&lt;p&gt;That raised a simple question:&lt;/p&gt;

&lt;p&gt;Why is mobile network debugging still so dependent on desktop tools?&lt;/p&gt;

&lt;p&gt;⸻&lt;/p&gt;

&lt;p&gt;The Problem&lt;/p&gt;

&lt;p&gt;Modern mobile applications communicate with dozens of APIs.&lt;/p&gt;

&lt;p&gt;When something goes wrong, developers often need to inspect:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Request headers&lt;/li&gt;
&lt;li&gt;Authentication tokens&lt;/li&gt;
&lt;li&gt;Request payloads&lt;/li&gt;
&lt;li&gt;Response bodies&lt;/li&gt;
&lt;li&gt;HTTP status codes&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;For years, desktop proxy tools have been the standard solution.&lt;/p&gt;

&lt;p&gt;The problem is that they assume you always have access to a computer.&lt;/p&gt;

&lt;p&gt;For quick testing, QA validation, or debugging on the go, that assumption doesn’t always hold true.&lt;/p&gt;

&lt;p&gt;⸻&lt;/p&gt;

&lt;p&gt;Existing Solutions&lt;/p&gt;

&lt;p&gt;Today, many developers rely on tools such as:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Charles Proxy&lt;/li&gt;
&lt;li&gt;Proxyman&lt;/li&gt;
&lt;li&gt;HTTP Toolkit&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;They’re powerful and battle-tested.&lt;/p&gt;

&lt;p&gt;However, they are primarily designed around a desktop-first workflow.&lt;/p&gt;

&lt;p&gt;I started wondering what a mobile-first debugging experience would look like.&lt;/p&gt;

&lt;p&gt;⸻&lt;/p&gt;

&lt;p&gt;Building a Mobile-First Workflow&lt;/p&gt;

&lt;p&gt;That curiosity eventually led me to build Moni Proxy.&lt;/p&gt;

&lt;p&gt;The goal wasn’t to replace existing tools.&lt;/p&gt;

&lt;p&gt;The goal was simply to make network debugging easier when working directly from mobile devices.&lt;/p&gt;

&lt;p&gt;The core requirements were straightforward:&lt;/p&gt;

&lt;p&gt;✅ Capture HTTPS traffic&lt;/p&gt;

&lt;p&gt;✅ Inspect requests and responses&lt;/p&gt;

&lt;p&gt;✅ Remote debugging support&lt;/p&gt;

&lt;p&gt;✅ Minimal setup&lt;/p&gt;

&lt;p&gt;✅ Native mobile experience&lt;/p&gt;

&lt;p&gt;The ideal workflow became:&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt;Open Moni Proxy&lt;/li&gt;
&lt;li&gt;Start a session&lt;/li&gt;
&lt;li&gt;Connect a device&lt;/li&gt;
&lt;li&gt;Inspect traffic in real time&lt;/li&gt;
&lt;/ol&gt;

&lt;p&gt;No desktop required.&lt;/p&gt;

&lt;p&gt;⸻&lt;/p&gt;

&lt;p&gt;A Typical Debugging Scenario&lt;/p&gt;

&lt;p&gt;Imagine you’re testing a mobile application and an API call suddenly fails.&lt;/p&gt;

&lt;p&gt;Without traffic inspection, you’re often guessing:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Was the request sent?&lt;/li&gt;
&lt;li&gt;Did the token expire?&lt;/li&gt;
&lt;li&gt;Did the backend return an error?&lt;/li&gt;
&lt;li&gt;Was the payload malformed?&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Being able to inspect raw requests and responses immediately answers those questions.&lt;/p&gt;

&lt;p&gt;For mobile developers and QA engineers, this can save a surprising amount of time.&lt;/p&gt;

&lt;p&gt;⸻&lt;/p&gt;

&lt;p&gt;Lessons Learned&lt;/p&gt;

&lt;p&gt;Building developer tools is interesting because developers already have good solutions.&lt;/p&gt;

&lt;p&gt;The challenge isn’t creating another tool.&lt;/p&gt;

&lt;p&gt;The challenge is improving a specific workflow.&lt;/p&gt;

&lt;p&gt;In my case, I focused on one question:&lt;/p&gt;

&lt;p&gt;How can network debugging feel native on mobile devices instead of being an extension of desktop software?&lt;/p&gt;

&lt;p&gt;The answer is still evolving, but the journey has been incredibly rewarding.&lt;/p&gt;

&lt;p&gt;⸻&lt;/p&gt;

&lt;p&gt;Looking for Feedback&lt;/p&gt;

&lt;p&gt;Moni Proxy is now available on iOS and macOS.&lt;/p&gt;

&lt;p&gt;I’m actively looking for feedback from:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;iOS Developers&lt;/li&gt;
&lt;li&gt;Android Developers&lt;/li&gt;
&lt;li&gt;Flutter Developers&lt;/li&gt;
&lt;li&gt;React Native Developers&lt;/li&gt;
&lt;li&gt;QA Engineers&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;What does your current network debugging workflow look like?&lt;/p&gt;

&lt;p&gt;If you regularly inspect HTTPS traffic, what is the biggest pain point in your setup today?&lt;/p&gt;

&lt;p&gt;Website:&lt;/p&gt;

&lt;p&gt;&lt;a href="https://moniproxy.com" rel="noopener noreferrer"&gt;https://moniproxy.com&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;I’d love to hear your thoughts.&lt;/p&gt;

</description>
      <category>ai</category>
      <category>ios</category>
      <category>flutter</category>
      <category>webdev</category>
    </item>
  </channel>
</rss>
