1) What JoxFlow is for
JoxFlow acts as a transparent proxy on your computer: applications that trust the inspection certificate can establish TLS with JoxFlow, which decrypts traffic so you can review it in the Inspector and, if you choose, apply rules or export evidence.
It is intended for authorized diagnosis, audits with proper approval, development and testing, and training, always with explicit permission over the systems and data involved.
2) Requirements and first launch
Requirements
- Operating system: Windows 10/11 (64-bit).
- Permissions: to install certificates and, in some cases, run elevated depending on machine policy.
- Network: normal connectivity; the proxy listens on local interfaces.
First launch
- Install the application from the official installer.
- Open JoxFlow and review the status panel (proxy, certificates, license).
- Follow the certificate wizard if HTTPS capture is disabled.
- Configure the proxy in the applications you want to inspect or at the system level, depending on your scenario.
The product page with download and commercial information is on the JoxFlow landing page.
3) Key concepts
| Term | What it means for you |
|---|---|
| Proxy | An intermediary through which HTTP(S) requests pass so they can be observed or modified. |
| Inspector | The view where you see headers, body, timings, and metadata for each captured request. |
| Rule | A condition and an action (for example, replace text or delay a response) applied to matching traffic. |
| Inspection certificate | A local certificate the system or application must trust so the browser or client accepts the connection through the proxy. |
| Pinning / HSTS | Mechanisms that can block inspection if the application does not trust your inspection certificate. |
4) HTTPS capture: enabling and certificate
Enable capture
In capture settings, turn on HTTPS capture. On first use, the wizard will guide you to generate or import the inspection certificate and place it in the correct store.
Renew or rotate a certificate
If you change machines, the certificate expires, or policy requires rotation, generate a new one from the certificates section and redistribute trust as needed.
5) Request inspector
The Inspector lists each request with filters for host, method, status code, and free text. Selecting a row shows typical tabs: summary, headers, body (raw and a readable view when applicable), timings, and TLS errors if any.
Filters and search
- Use the search box to narrow by URL, header, or body fragment.
- Combine host and status filters to speed up diagnosis.
Request origin
When the operating system allows it, you can see which source application generated the connection. This helps relate traffic to specific programs.
6) Rewrite rules
Rules let you change requests or responses in a repeatable way: substitutions, injections, simulated latency, or static responses for testing.
Good practice
- Start with narrow rules (one host or a specific path).
- Record the purpose of each rule in your own internal procedures.
- Disable rules after a test to avoid unexpected side effects.
7) Certificates and stores
From the certificates section you can install or remove the inspection certificate, export the public key for managed deployments, and check validity dates.
8) Export and evidence
You can export traces in common formats (for example HAR or others supported by your build) to share evidence with your team or attach to a ticket, always minimizing personal data.
9) Built-in tools
Beyond the Inspector, JoxFlow includes network utilities from the Tools menu: connectivity checks, interface information, and diagnostics according to your installed version.
10) Licensing and updates
The application may show license status (active, trial, or limitations). Keep JoxFlow updated for security fixes and better compatibility with recent TLS stacks and operating systems.
11) Privacy and good practice
- Capture only what you need and only for as long as necessary.
- Anonymize or redact personal data before sharing exports.
- Review the privacy policy on the official site for telemetry or license-related data processing, if applicable to your edition.
12) Troubleshooting
| Symptom | What to check |
|---|---|
| Browser shows certificate warnings | Inspection certificate installation, system clock, and trust chain. |
| No requests appear | Proxy is running, the app uses the configured proxy, and no conflicting proxy is active. |
| Emulated mobile apps do not capture | Proxy/certificate settings inside the emulator and app pinning. |
| Rules do not apply | Rule order, overly broad conditions, or disabled rules. |
13) Keyboard shortcuts
Shortcuts may vary slightly by version and locale. See in-app help (F1 or the Help menu) for the current list.
14) Short glossary
- TLS: encryption layer on top of which HTTPS runs.
- MITM (intermediary): the legitimate role of an inspection proxy when authorized.
- HAR: HTTP archive format used to share traces.
15) Processes and traffic context
On Windows, knowing which process opens a connection or listens on a port helps interpret what you see in the Inspector.
In the Inspector
When available in your build, the detail view may show the source application associated with a request. Use it to separate browser traffic, background updates, and other clients.
System network tool
From the tools area you can open the system network utility, which summarizes active connections, owning processes, and listening ports on your machine. It complements the Inspector: while the Inspector focuses on HTTP(S) through the proxy, the system network view provides operating-system-level connection context.
16) FAQ
Is HTTPS inspection legal?
It depends on jurisdiction and consent. In organizations it is usually governed by internal policy and user notices. When in doubt, speak with legal or compliance.
Does it affect performance?
There can be overhead, especially with complex rules or very heavy traffic. Tune filters and capture windows.
Does it work with every application?
Not guaranteed: apps with strict pinning, extra validation, or private certificates may reject the proxy.