fiddler-mcp
Verified Safeby schwarztim
Overview
Intercept HTTP/HTTPS traffic, extract credentials, and replay/make requests for API debugging and reverse engineering.
Installation
node dist/index.jsSecurity Notes
The MCP uses `mitmdump` with the `--set ssl_insecure=true` flag. This disables SSL/TLS certificate verification for upstream connections, which can make the proxy susceptible to Man-in-the-Middle attacks if used for general browsing on untrusted networks. However, for its stated purpose of development and API analysis, this is sometimes a necessary configuration. Captured flows and extracted credentials (API keys, tokens, cookies) are stored locally in unencrypted JSON files in `~/.fiddler-mcp/flows.json`. While this is an expected behavior for a tool of this nature, it means these files should be protected with appropriate system-level security, as their compromise could lead to credential leakage.
Similar Servers
mcphub
An orchestration hub that aggregates, manages, and routes Model Context Protocol (MCP) servers and their tools, providing a centralized interface, user management, OAuth 2.0 authorization server capabilities, and AI-powered tool discovery and routing.
jetski
Jetski is an open-source platform providing analytics, authentication, and simplified client setup for Model Context Protocol (MCP) servers by acting as a proxy.
mcp-shark
Aggregate multiple Model Context Protocol (MCP) servers into a single unified interface with a powerful monitoring UI.
proxypin-mcp-server
Enables an AI agent to interact with the ProxyPin network analysis and proxy tool, allowing it to manage requests, generate code, rewrite traffic, and analyze network data.