Show HN: A MitM proxy to see what your LLM tools are sending(github.com)
35 pointsby jmuncor4 hours ago7 comments
  • EMM_3862 hours ago
    This is great.

    When I work with AI on large, tricky code bases I try to do a collaboration where it hands off things to me that may result in large number of tokens (excess tool calls, unprecise searches, verbose output, reading large files without a range specified, etc.).

    This will help narrow down exactly which to still handle manually to best keep within token budgets.

    Note: "yourusername" in install git clone instructions should be replaced.

    • kej37 minutes ago
      Would you mind sharing more details about how you do this? What do you add to your AI prompts to make it hand those tasks off to you?
    • jmuncor32 minutes ago
      Hahahah just fixed it, thank you so much!!!! Think of extending this to a prompt admin, Im sure there is a lot of trash that the system sends on every query, I think we can improve this.
  • FEELmyAGIan hour ago
    Dang how will Tailscale make any money on its latest vibe coded feature [0] when others can vibe code it themselves? I guess your SaaS really is someones weekend vibe prompt.

    [0]https://news.ycombinator.com/item?id=46782091

    • 3abiton23 minutes ago
      That's what LLMs enabled. Faster prototyping. Also lots of exposed servers and apps. It's never been more fun to be a cyber security researcher.
      • jmuncor8 minutes ago
        I think it just has been more fun being into computers overall!
  • david_shaw2 hours ago
    Nice work! I'm sure the data gleaned here is illuminating for many users.

    I'm surprised that there isn't a stronger demand for enterprise-wide tools like this. Yes, there are a few solutions, but when you contrast the new standard of "give everyone at the company agentic AI capabilities" with the prior paradigm of strong data governance (at least at larger orgs), it's a stark difference.

    I think we're not far from the pendulum swinging back a bit. Not just because AI can't be used for everything, but because the governance on widespread AI use (without severely limiting what tools can actually do) is a difficult and ongoing problem.

    • LudwigNagasena32 minutes ago
      I had to vibe code a proxy to hide tokens from agents (https://github.com/vladimirkras/prxlocal) because I haven’t found any good solution either. I planned to add genai otel stuff that could be piped into some tool to view dialogues and tool calls and so on, but I haven’t found any good setup that doesn’t require lots of manual coding yet. It’s really weird that there are no solutions in that space.
  • alickkkan hour ago
    Nice work! Do i need to update Claude Code config after start this proxy service?
    • jmuncor42 minutes ago
      Nope... You just run "sherlock claude" and that sets up the proxy for you. So you dont have to think about it... And just use claude normally, every prompt you send in that session will be stored in the files.
  • mrbluecoatan hour ago
    So is it just a wrapper around MitM Proxy?
    • guessmynamean hour ago
      > So is it just a wrapper around MitM Proxy?

      Yes.

      I created something similar months ago [*] but using Envoy Proxy [1], mkcert [2], my own Go (golang) server, and Little Snitch [3]. It works quite well. I was the first person to notice that Codex CLI now sends telemetry to ab.chatgpt.com and other curiosities like that, but I never bothered to open-source my implementation because I know that anyone genuinely interested could easily replicate it in an afternoon with their favourite Agent CLI.

      [1] https://www.envoyproxy.io/

      [2] https://github.com/FiloSottile/mkcert

      [3] https://www.obdev.at/products/littlesnitch/

      [*] In reality, I created something like 6 years ago or so before LLMs were popular, originally as a way to inspect all outgoing HTTP(s) traffic from all app installed in my macOS system. Then, a few months ago, when I started using Codex CLI, I made some modifications to inspect Agent CLI calls too.

      • tkp-415an hour ago
        Curious to see how you can get Gemini fully intercepted.

        I've been intercepting its HTTP requests by running it inside a docker container with:

        -e HTTP_PROXY=http://127.0.0.1:8080 -e HTTPS_PROXY=http://host.docker.internal:8080 -e NO_PROXY=localhost,127.0.0.1

        It was working with mitmproxy for a very brief period, then the TLS handshake started failing and it kept requesting for re-authentication when proxied.

        You can get the whole auth flow and initial conversation starters using Burp Suite and its certificate, but the Gemini chat responses fail in the CLI, which I understand is due to how Burp handles HTTP2 (you can see the valid responses inside Burp Suite).

        • jmuncor30 minutes ago
          Tried with gemini and gave more headaches than anything else, would love if you can help me adding it to sherlock... I use claude and gemini, claude mainly for coding, so wanted to set it up first. With gemini, ran into the same problem that you did...
    • jmuncor40 minutes ago
      Kind of yes... But with a nice cli so that you don't have to set it up just run "sherlock claude" and "sherlock start" on two terminals and everything that claude sends in that session then it will be stored. So no proxy set up or anything, just simple terminal commands. :)
  • an hour ago
    undefined
  • 4 hours ago
    undefined