Show HN: QTap DevTools – Chrome-style encrypted traffic inspector for Linux

Y	Hacker News new \| ask \| show \| jobs

Show HN: QTap DevTools – Chrome-style encrypted traffic inspector for Linux (qpoint.io)

30 points by tylerflint 145 days ago

Hi HN, I'm Tyler Flint. Eight months ago we shared qtap here (https://news.ycombinator.com/item?id=43928118).

Today we're releasing DevTools - a browser-based interface that gives you the Chrome Network tab experience for server-side HTTP/S traffic.

The problem: You're debugging a production issue. An external dependency is returning errors. Your logs say "request failed" but not what was actually sent. Adding debug logging means redeploying and restarting services - which takes time and often changes the conditions you're trying to debug. tcpdump shows encrypted blobs. Setting up mitmproxy means certificates, restarts, reconfiguration.

Our solution: install qtap, enable DevTools, open localhost:10001 in your browser. You're now watching live HTTP/S traffic - every request, response, header, body - in plaintext. No restarts, no certificates, no code changes.

It works by hooking into TLS libraries (OpenSSL, Go crypto, Java SSL, Node.js, etc) via eBPF before encryption happens.

Getting started:

    # Option A: Install script (inspect it first if you prefer)
    curl -s https://get.qpoint.io/install | less
    curl -s https://get.qpoint.io/install | sudo sh
    sudo qtap --enable-dev-tools

If you're (rightly) skeptical of curl | sh, grab the binary directly or build from source. We get it.

    # Option B: Direct binary download (use the link for your architecture)
    curl -L https://downloads.qpoint.io/qpoint/qtap-latest-linux-amd64.tgz -o qtap.tgz
    # curl -L https://downloads.qpoint.io/qpoint/qtap-latest-linux-arm64.tgz -o qtap.tgz
    tar -xzf qtap.tgz
    sudo ./qtap --enable-dev-tools

Then open http://localhost:10001

    # For remote servers, use SSH port forwarding or Tailscale/Twingate
    ssh -L 10001:localhost:10001 user@remote-server

Key features: - Process/container attribution (which container made that call?) - Real-time SSE streaming - Copy any request as cURL - Data never leaves your machine

DevTools is free and open source (AGPL-3.0).

GitHub: https://github.com/qpoint-io/qtap Docs: https://docs.qpoint.io/release-notes/devtools

Questions we'd love feedback on: - What debugging scenarios would you use this for? - Any protocols beyond HTTP you'd want? (Postgres, MySQL, Redis coming soon)