Inspect HTTP/HTTPS traffic
with context, not guesswork.
JoxFlow runs a capture proxy on your machine, records each request and response, and lays them out in a calm Inspector: filter and search, read headers and bodies, inspect timing, replay a call, and export the session when you need evidence. It is the missing link between “something is slow or wrong on the wire” and a clear story you can share with your team.
Modern apps speak HTTP and HTTPS all day long. Yet the truth of what actually left the machine is often buried in scattered devtools tabs, one-off logs, or assumptions.
JoxFlow centralises that reality. You point your browser or client at a local proxy, start capture, and every flow appears in a structured table with status codes, latency, sizes, and application context inferred from the traffic itself. Select any row to open a deep detail view: headers for both directions, a readable preview of JSON or text, raw bytes when you need them, timing phases, JWT decoding where tokens appear, Smart insights that surface useful signals, and one-click replay to confirm behaviour without repeating manual clicks.
Beyond the table, a flow map turns hosts into a graph so dependencies jump out. Traffic Watch runs saved rules across live traffic so you notice patterns (errors, sensitive headers, JWTs, redirects) instead of hoping you were looking at the right millisecond. Session data can be imported and exported as JSON; richer exports and automation follow the feature matrix attached to your licence.
Who gets the most value
If your job touches integrations, performance, or compliance, JoxFlow is built to shorten the distance between symptom and proof.
Developers and QA engineers validating APIs, reproducing bugs, and comparing headers and payloads against documentation.
Technical product roles that need to explain which domains and services participate in a journey without reverse‑engineering spreadsheets.
Incident responders and integrators who must attach a portable session export to a ticket or handover note.
Students and advanced self‑learners who want a visual, repeatable way to understand HTTP and HTTPS in the wild.
Four views, one continuous narrative
Each area answers a different question. Together they replace the habit of jumping between five disconnected tools.
Inspector — command centre
Start and stop capture, see the listen host and port, import or clear a session, and scan the live grid with method, host, path, status, duration, and transfer sizes. Search narrows the session; method and status filters cut noise; focus mode highlights slow calls above your threshold; “important only” hides the long tail of tiny assets when you need signal. The timeline strip maps each request in time—click a bar to jump. The right‑hand panel is where headers, preview, raw body, timings, JWT decoding, Smart insights, and replay come together.
Flow map — who talks to whom
Hosts become nodes and traffic becomes edges so you can present a journey visually: unexpected CDNs, analytics calls, and third‑party services stand out before you dive back into row‑level detail in the Inspector.
Traffic Watch — rules that watch while you work
Define named rules with patterns, scope (URL, headers, bodies, and more), and optional sound alerts on Windows. When traffic matches, JoxFlow records the hit and can open the flow directly in the Inspector. Rule capacity and advanced pattern options scale with the licence you activate at checkout.
Data & integrated toolbox
Bring JSON sessions back for regression compares, or export what you captured for colleagues. CSV, PDF, and deeper table automation appear where your licence includes them. A full suite of inspection companions—tokens, payloads, APIs, DNS, ports, and more—lives alongside capture so context never leaves the workspace.
A practical day‑one workflow
The built‑in welcome guide walks Windows users through proxy choice, trusting the HTTPS certificate, and responsible use. After that, most teams settle into a simple rhythm:
1
Capture with intent
Start the proxy, route the browser or app, reproduce the scenario once, and let JoxFlow collect the full conversation—including HTTPS once the certificate is trusted.
2
Reduce the haystack
Combine search, filters, focus mode, and the timeline to isolate the calls that matter. Open context menus for copy helpers, web search shortcuts, and contextual Smart insights when your licence includes them.
3
Explain and replay
Use the detail tabs to compare headers and payloads, read timing breakdowns, decode JWT material, and hit Replay to confirm a fix without re‑driving the UI from scratch.
4
Preserve the evidence
Export JSON for archives or diffs; add Traffic Watch rules so the next regression surfaces the same signatures early. When policy allows, attach exports to tickets so context survives the next shift.
Specialist utilities, one workspace
Twelve focused environments sit beside capture so follow-up work—tokens, payloads, connectivity checks, and evidence—stays inside one trusted desktop experience.
JWT
JWT toolkit
Inspect bearer tokens end to end: header and payload, expiry signals, optional signature checks, and hand-off into Replay when you need to prove a flow with a fresh token.
ENC
Encode & decode
Normalise payloads with Base64, URL-safe transforms, JSON formatting, hex helpers, and compressed-body previews tied to what you are already viewing.
API
API playground
Compose outbound HTTP calls with full control of method, URL, headers, and body, then read status, timing, and response content next to the traffic you captured.
RGX
Regex lab
Validate patterns with case, multiline, and dotall options on sample text before you promote the same logic into Traffic Watch or service policies.
JSON
JSON & diff
Beautify or minify documents, isolate lines by keyword, and compare two JSON bodies with a unified diff tuned for regression reviews.
SRCH
Global search
Sweep methods, hosts, paths, statuses, timestamps, headers, and bodies across the whole session, including advanced pattern syntax when you need precision.
HDR
Header intelligence
Understand security-sensitive headers with plain-language guidance on intent, risk, and common misconfigurations informed by a curated reference set.
ERR
Error intelligence
Translate HTTP outcomes into ordered hints and recommended checks using status, optional URL context, and representative error text from the response.
GEN
Test data studio
Generate batches of UUIDs, realistic placeholder emails, random tokens, or compact JSON samples for volume and negative-path testing without changing applications.
DNS
DNS & IP lab
Resolve names, inspect reverse records, measure reachability, and compare IPv4 and IPv6 answers in a layout aligned with your capture narrative.
PRT
Port intelligence
Run respectful, parallel TCP probes with timing, service hints, and exportable results for hosts and ranges your organisation authorises you to analyse.
NET
Network overview
See active connections with owning processes, interface activity, listening ports, and controlled hosts-file editing with export support where the platform allows.
How the product looks on screen
These panels mirror the real layout: capture controls and the live table, disciplined filtering, structured request detail, and the host graph that explains dependencies at a glance.
Inspector toolbar with proxy status, listen host and port, start/stop capture, import, export, and clear—above a live table of methods, hosts, paths, status codes, timing, and sizes.
Session controls in one row: full-text search, method and status filters, focus mode and “important only”, plus the horizontal timeline that places every request on a shared clock.
Detail stack for the selected flow: summary strip plus tabs such as Headers and Preview so JSON, text, and timing stay readable without leaving the capture context.
Flow map canvas linking hosts as nodes, traffic as edges, and a filtered list of flows for whichever dependency you select.
Licences, checkout, and capability depth
The standard download already ships the professional capture stack: Inspector with filters and timeline, flow map, Traffic Watch with named rules, JSON import and export, Replay, Smart insights at a depth suited to everyday debugging, and the full Tools catalogue described above—including JWT Toolkit, Encoder/Decoder, Regex Tester, API Playground, JSON & Diff, Global Search, Header and Error explainers, Data Generator, DNS & IP suite, TCP port scanner, and System network panel subject to operating-system permissions.
Commercial licences extend automation where JoxSoft lists them at checkout: higher Traffic Watch capacity, regular expressions inside rules, advanced grouping in the main table, shortcuts to reuse requests in external tooling, CSV and PDF exports, deeper JWT workflows such as signature verification, HS token generation, one-click inject into Replay, and richer JSON diffing when offered for your edition. Fresh installs may open with a time-limited evaluation window so teams can confirm fit before purchase.
Prices, taxes, and payment methods are displayed only on the official checkout page.
Questions people ask before they install
Do I need to be a networking expert?
No. JoxFlow is designed so intermediate developers can succeed: the welcome guide explains proxy and HTTPS trust in plain language, and the Inspector keeps the most common actions one click away. Power features remain available when you grow into them.
Where does my traffic go?
Capture stays on your PC. JoxFlow routes traffic through a built-in local capture stack and stores flows in a SQLite database under your Windows user profile. No vendor cloud sits in the inspection path unless you choose to export or share material yourself.
Why do I need a certificate for HTTPS?
HTTPS is encrypted end‑to‑end. For the proxy to show readable content, your system must trust a local certificate authority that JoxFlow generates on first capture. Until that step succeeds, browsers will warn about insecure connections—this is expected, not a bug.
Can I try it before I buy?
Yes. Download JoxFlow from this page when the demo button is available, or from your usual distribution channel. From first launch you get three days of trial with the full feature set and no artificial usage limits; after that window the desktop build keeps the included baseline until you add a commercial licence. Checkout lists what remains included long term.
What is replay?
Replay resends the captured request so you can compare a new response with the original without manually redoing every UI step. It is ideal for verifying backend fixes or toggling feature flags while keeping the same payload and headers.
Which operating systems are supported?
JoxFlow targets Windows desktop workflows first—system proxy helpers and certificate guidance are written with that environment in mind. Check the purchase page for the latest compatibility statement if you run other editions.
Bring clarity to your next debugging session
Continue to the official checkout to complete your purchase. Licence terms, tax handling, and payment methods are displayed only there.
