[HN Gopher] Launch HN: Requestly (YC W22) - Network debugging pr...
___________________________________________________________________
Launch HN: Requestly (YC W22) - Network debugging proxy for web and
mobile
Hi HN, My name is Sachin - I'm the founder of Requestly
(https://requestly.io) and I'm very happy to be here and get
feedback from you all. Requestly is software that lets you
intercept network requests, modify, and debug them. We're available
as a browser extension as well as a desktop app and Requestly is
useful whether you are a web developer, backend developer, or
mobile developer. When developers work with APIs on their local
machine, current experience is very broken. Requestly saves you
time by letting you test your APIs faster without deployment on
staging. Requestly also lets you simulate different failover and
edge case scenarios which are hard to simulate without code
changes. Back in 2014, I was working on Adobe Target and I had a
customer issue where the delivered campaign was showing FOUC (Flash
of Unstyled Content) on the customer's website and It was
intermittent. It was so hard to debug with the minified production
version of the script, I built a tool to perform a simple redirect
of production JS to my locally running JS. I was then able to do
logging and gradually pinpoint the exact issue and where I could
optimize. My team and I debugged a lot of customer issues using
this tool, which eventually became Requestly. I just loved working
on Requestly so I kept maintaining the project over weekends and
supporting users. It started to gain traction organically and today
it serves more than 40K monthly active users. In a later job at
Blinkit (10min delivery platform in India), I saw how mobile app
debugging is hard, and similar problems exist in backend
development. I did a bit of both there and decided to work on
Requestly full time to solve these problems. You might have used
solutions like Charles Proxy earlier! Charles is good and I am
myself a huge fan, but when it comes to modification capabilities--
setting up redirects or mocking API responses--it requires a lot of
work. Collaboration is missing, data extraction and offline history
are missing. It'd be fair to say that we are building a better
alternative to Charles Proxy. We are also simplifying mobile app
debugging by building a native SDK that anyone can connect to our
Web. Many users also confuse us with Postman. I'd clarify this as
Postman is an API development platform, while Requestly is an API
debugging and testing platform. For example - as a frontend
engineer at Uber, I'd like to test how my app would react if the
driver allocation API doesn't respond on time - will there be an
automatic retry, or does the app crash? Requestly intercepts your
local network traffic and provides capabilities like Mocking API
Response, Simulate HTTP(s) Status Codes, Switching API endpoints,
Redirect Production Traffic (or selective API) to stage/local
environment, Inject scripts on web pages, and much more. Requestly
is available as a browser extension on Chromium and Firefox, as
well as a desktop app on MacOS, Windows, and Linux systems. You can
download it at https://requestly.io/downloads We have a freemium
model. The free plan has almost every feature but is limited to 3
modification rules. Our pricing is at
https://app.requestly.io/pricing. We are now building an open-
source Android SDK that lets developers view their API traffic (and
analytics events) on the web. This is in testing and planning to
roll out very soon. This can be used by non-developers as well.
Folks like product managers or digital marketers will be able to
validate the analytics instrumentation easily. As a matter of fact,
tools like Requestly are needed not only in development
environments but also in production environments to debug
distributed transactions. We are not there yet but we have plans to
solve that problem too. One foot at a time :) I'd love to hear
your thoughts on the product experience. What specific challenges
do you face while developing and testing your code changes? Do you
ever have to make changes in your codebase to simulate a scenario?
I'd like to discuss & brainstorm potential use-cases that can be
solved with Requestly. I'll do my best to answer in the comments.
Author : sachinjain
Score : 125 points
Date : 2022-03-03 13:33 UTC (9 hours ago)
| atfzl wrote:
| How does it compare with https://httptoolkit.tech/
| orliesaurus wrote:
| httptoolkit is open-source. this one doesn't seem so: no
| mention of open source on either homepage, nor on this Show HN
| intro
| ghoshbishakh wrote:
| You are an inspiration to me.
| Sytten wrote:
| Congratulation! We are big fans of Requestly at Caido as we are
| building something somewhat similar for the infosec community
| (https://caido.io).
|
| Requestly feels good and there is a lot of potential for
| production debugging. I particularly like the switching of API
| endpoint so you can use the live prod website with a local API,
| super useful to debug.
| invalidname wrote:
| If your interest extends to debugging production backends you
| can also check out Lightrun ( https://lightrun.com ) which
| continues this all the way through.
| rkpandey4tech wrote:
| Requestly is such an essential part of web development that one
| cannot live without.
| arvindrajnaidu wrote:
| I would love to have this capability for iOS apps.
| sachinjain wrote:
| We will soon move to IOS after launching our Android SDK.
| Please drop me a Hi at sachin@requestly.io and I'd be happy to
| learn more about your use cases in IOS and I will inform you
| when its available.
| jwong_ wrote:
| I don't see any obvious links to mobile debugging in the features
| list or the FAQ. I see you mention an SDK here in the comment,
| but is there any links to docs on this?
|
| I frequently use Charles/Fiddler, but always interested in new
| offerings. Congrats on the release!
| sachinjain wrote:
| @jwong_ We are about to do a public release of Android SDK.
| Here are a couple of things which we did for internal purpose
| only (& WIP) but still sharing to give you an idea
|
| https://youtu.be/gs02m2pZJlQ (Demo Video)
|
| https://requestly.io/android-interceptor/ (WIP - Landing Page)
|
| I'd be really happy to discuss further on this approach. I
| believe this is going to make things really easy for
| developers.
| jwong_ wrote:
| Thanks for the links!
|
| Curious on the body -- you showed some JSON requests, but do
| image resources or other larger responses also get proxied
| and viewable from browser?
|
| For example, sometimes I like to view large minified JS blobs
| or images. Would that be viewable in the browser?
|
| Also, what do the production vs debugging logs look like? Do
| you just run a special debugging build or is that a flag
| triggered within preferences? So e.g., would a user be able
| to turn debugging on to give extra logs to support staffs?
| sachinjain wrote:
| Our Native SDK provides listening to API Requests and
| Analytics events in your app. In order to view JS blogs or
| Images, you can use the desktop app -
| https://requestly.io/desktop
|
| We provide the capability that you can disable the SDK in
| production builds and enable only in the debug builds. And
| yes we are going to provide the capability using which you
| can download or share the APIs and events sessions with
| your support staff.
| prithvi24 wrote:
| With the desktop app, could network requests from .NET
| apps / more traditional software be intercepted /
| listened to?
| ohgodplsno wrote:
| Why would I use requestly for Android when perfectly good
| alternatives already exist ? Flipper (https://fbflipper.com/)
| lets me do all of this (viewing, mocks, etc), with the same
| setup. And it's extensible too. HTTP Toolkit offers the
| proxying solution to it. Is there anything that might be
| different ?
| sachinjain wrote:
| Thank you for asking this and This is a very good question.
| The way we are building Requestly is to be used within
| teams, test different case-cases, have them on cloud and
| use them again & again without setting up everything from
| scratch. Collaboration is an essential feature which is
| missing in this space. To give you an example - A developer
| working in E-Commerce domain has mocked an API to return
| empty slots for a cart, (s)he'd like to share it with the
| team so that anyone in the team can use the same
| configuration while making any changes in those files. Now,
| Think of a Repository of Rules available in your company
| when you have to test different scenarios. When you work on
| a particular component, you can just enable different
| configurations and test them out easily without having to
| know how to set those configurations up. I believe this
| really improves onboarding and efficiency in testing your
| code.
| sidcool wrote:
| Congrats on launching. Looks awesome.
| sachinjain wrote:
| Thanks @sidcool. Would love to have your feedback if you get a
| chance to try out the product :)
| vineetathome wrote:
| I saw the video of your mobile app debugging. Makes it very
| convenient for mobile development. Thanks for the work
| nullbytesmatter wrote:
| Honest question, why use a company product over free tools like
| zap or even burp for this?
| abdusco wrote:
| Does it actually have an Android app? A play store button shows
| up, but it's linked to /#. It either shows up for every platform
| & browser or the url is missing.
| sachinjain wrote:
| We don't have an Android app. We intended to take it to the
| "Requestly for Android" page. We are building our SDK landing
| page and we want to link it there. Thanks for the feedback.
| moritonal wrote:
| You could likely benefit from having a designer look at your
| onboarding flow. I get it's a developer tool, but the Docs,
| Pricing and Homepage are completely different colour schemes
| (Pricing defaults to dark on my machine) and this comes across as
| a disjointed product (and is quite an easy win!).
|
| Sure, it's a dev-tool and we're not as fussed about design. But
| the pricing page has so much going on at once that I struggled to
| concentrate on the product-offer. Same goes for the Homepage
| where I can see 7 different forms of accreditation before you
| explain what the product is. Have some video's, or animations
| showing the tool in action. I took me waaay too long to realise
| it wasn't a Postman offering.
| sachinjain wrote:
| Thank you for the feedback. Landing pages need more work. We've
| recently worked on our pricing page so I'd really appreciate if
| you can provide more insights into what can be improved on the
| pricing page.
| graderjs wrote:
| This is a fantastic story of how you created your success with
| Requestly. I wish you continued success!
| tomashubelbauer wrote:
| Could you compare Requestly with Proxyman in terms of mobile
| debugging capabilities? Proxyman has especially well developed
| flow for installing certificates that allow the proxying without
| having to change the app's source code. I have not see other apps
| match that and it is incredibly helpful for only semi-technical
| QA workers who might not always have a dev team willing to
| integrate random SDKs only to make their life easier. The only
| problem with Proxyman is that randomly, its local proxy server
| may stop being reachable from the phone on the same network. I
| don't know why this happens.
| sachinjain wrote:
| We also have a desktop app which works very similarly in terms
| of setting up proxy and installing the certificates. The
| fundamentals with which we are building Requestly makes it
| different from other tools in this space. We intend Requestly
| to be used by team, easy re-use of the mocking configurations.
| The intent to go with SDK based approach is that it is one-time
| setup while using an external proxy will always require you to
| configure your phone every time which is painful. Like you
| said, local proxy servers can be flaky sometimes and you may
| eventually end up spending more time on the tool rather than
| your actual work.
| isignal wrote:
| Folks in the windows ecosystem have had the benefit of Fiddler
| for more than a decade now. Glad to see a more universal
| solution.
| ericjung1982 wrote:
| I wrote the FoxyProxy for Firefox and Chrome web extensions. The
| Firefox version has a good logging mechanism, although no
| modification capabilities. Are you looking for contributors?
| sachinjain wrote:
| Wow, FoxyProxy is very popular on Firefox. I'd definitely love
| to discuss this. Can you please drop a hi at
| sachin@requestly.io
| arobakid wrote:
| Congrats, we've been using Requestly for some time now for Theneo
| and we absolutetely love it!
| [deleted]
| billyt555 wrote:
| I found requestly organically a few months back and love it,
| great tool.
| sachinjain wrote:
| Do you happen to remember how did you find Requestly? Was it
| google search and which query?
| from wrote:
| There's a site I use that checks for membership only on the
| client side and I use requestly to spoof premium status. Just had
| to write a simple script like this to modify the response body of
| the request that gets membership status: function
| modifyResponse(args) { const {method, url, response,
| responseType, requestHeaders, requestData} = args; const
| responseDataParsed = JSON.parse(response);
| responseDataParsed.result.user.vip_end =
| "2030-06-11T14:16:20.000Z";
| responseDataParsed.result.user.expire_in = "3573 days, 3 hours";
| responseDataParsed.result.user.is_premium = true; return
| JSON.stringify(responseDataParsed); }
|
| Very nice software.
| Mattwmaster58 wrote:
| I'm interested in this for its potential reverse engineering apps
| on Android. I've had some success with `mitmproxy` but I'm
| wondering what other HN-ers use for this purpose.
| johnmaguire wrote:
| I recently used Fiddler along with Frida[1] to deal with cert
| pinning in the app I was looking into.
|
| [1] https://github.com/httptoolkit/frida-android-unpinning
| abdusco wrote:
| Sweet, thanks for the link.
|
| I was looking for something like this. Tried mitmproxy but it
| was useless against cert pinning. So I went with decompiling
| the app to extract the auth keys and urls for the internal
| API it was using.
| chrisweekly wrote:
| Same. mitmproxy (and its built-in mitmdump lib), along w/ the
| (criminally obscure / amazing) lnav (https://lnav.org), have
| served me very well in the past for this kind of thing.
| mzfr wrote:
| I use burp suite(community version) for the same purpose along
| with frida. There is also Brida[1] its sort of a bridge between
| both of them.
|
| Something which I don't like is that every time I need the
| traffic to go through burp I need to go the WiFi settings and
| modify the "advance option" to use proxy. And if I keep the
| proxy settings on all the time then I've had issues with
| playstore and other such app, on the testing device. So that
| small bit of manual work is what I don't like.
|
| In another comment[2] they mentioned they'll be releasing an
| android interceptor which would work without proxy, I think
| that would make me try this.
|
| [1] [https://github.com/federicodotta/Brida](https://github.com
| /f...
|
| [2] [https://news.ycombinator.com/item?id=30541263](https://new
| s....
| cyral wrote:
| I've been using the Browser extension for years and it is
| incredibly helpful. We use it to debug scripts on customer
| websites by making them resolve to our local instance so that we
| can test fixes quickly.
|
| I would recommend some sort of graphic on the homepage to explain
| what Requestly does though, as you mention it can be confused
| with Postman when it's entirely different. Maybe an animated
| flowchart type graphic showing how a browser request to X is
| redirected to Y based on some Requestly rule.
| sachinjain wrote:
| So glad to hear this. This is really good feedback. Noted this
| down. We will soon make this live. We already have an animated
| gif at https://requestly.io/feature/redirect-url/
|
| Do you mean to say we should have an animated flowchart for the
| hero image on the page?
| cyral wrote:
| Yeah that image is exactly what I was thinking. I clicked the
| link in the post which was the download page which I mistake
| for the homepage.
| sachinjain wrote:
| This makes me realize that we need to improve upon the
| downloads page too. Noted this down. Feel free to drop me a
| Hi at sachin@requestly.io
| ec109685 wrote:
| On iOS, the header doesn't stick at the top of the page.
| sachinjain wrote:
| thank you for informing this! Making the fix.
| sdgluck wrote:
| Looks great, I look forward to trying it out. Just FYI clicking
| the "Upgrade to premium" link bottom left of the application
| takes me to a blank navy screen. Then I have to close and re-open
| Requestly.
| sachinjain wrote:
| On the way to fixing this bug. Looking forward to your feedback
| when you try it out.
| DerJacques wrote:
| This looks great! Congratulations. I particularly like the
| "shortcuts" to common actions like "Insert JS/CSS". That's very
| useful!
|
| I want to also give a shoutout to https://proxyman.io/. Proxyman
| is a native Mac App that also works as a local proxy and is a
| pleasure to use. I've been using it for similar workflows and can
| highly recommend it over Charles (the SSL handling alone is 100x
| simpler).
| sachinjain wrote:
| Insert JS is one of the most used features. Requestly also
| allows adding multiple scripts which are loaded sequentially So
| you can basically add a library URL like jQuery and write a
| code block which depends upon jQuery. Proxyman is a very good
| tool. No doubt over it. SSL handling is a challenge and I just
| don't like the way we have to setup things for Mobile app
| debugging, that's the trigger for building the native SDK for
| us.
| 101008 wrote:
| Proxyman looks like something I always wanted: does it allow
| you to say "when any browsers/webpage request this URL {url},
| return this {content} instead of the original one"? And if it
| works like that, does anyone know something like that for
| Windows? Thanks!
| santa_boy wrote:
| I too used to use paid-version of Charles and then moved to
| Proxyman. I particularly like the scripting ability in
| Proxyman.
___________________________________________________________________
(page generated 2022-03-03 23:00 UTC)