When a Flutter app misbehaves, the cause is often in the network layer: a request to the wrong endpoint, a missing header, or an unexpected response from the backend. Because Flutter's http package, Dio, and most plugins send standard HTTPS requests, you can inspect every call your app makes by capturing the device's traffic — no matter how the networking code is written.

Why Inspect Flutter Traffic on the Device?

Flutter runs the same Dart code on iOS and Android, but the actual network requests still go out over the platform's networking stack. Capturing on the device means you see exactly what left the phone, including requests from plugins and SDKs you did not write. Moni Proxy records this traffic on-device, so you do not need a desktop proxy or a special debug build to start.

  • API debugging: confirm the URL, method, headers, and JSON body your Dio/http client actually sent.
  • Auth troubleshooting: verify bearer tokens and cookies are attached and valid.
  • Backend issues: read decrypted responses to see whether a bug is client-side or server-side.
  • Third-party SDKs: audit analytics and ad SDKs bundled in your app.

How It Works

Moni Proxy installs a local certificate authority and runs an on-device proxy. Every HTTPS request your Flutter app makes is captured, decrypted, and shown with full request and response detail — grouped by domain so you can find the call you care about quickly.

Step-by-Step

  1. Install Moni Proxy and complete the one-time certificate trust setup.
  2. Start a capture session.
  3. Use your Flutter app to trigger the API calls you want to inspect.
  4. Open any request to read headers, query parameters, and the decrypted body.
  5. Mock or rewrite a response to reproduce error states and empty data.

A Note on Certificate Pinning

If your Flutter app uses certificate pinning (for example via Dio's badCertificateCallback or a pinning plugin), pinned connections will reject the inspection certificate by design. For apps you control, disable pinning in debug builds to inspect traffic; in production builds, pinned requests will remain opaque, which is the intended security behavior.