A hands-on walkthrough showing how to intercept and decode Claude Code's live API calls using mitmproxy. By routing Claude Code's HTTPS traffic through a man-in-the-middle proxy, you can inspect the full 80 KB payload sent to Anthropic on every request. The payload breaks down into four sections: system prompt, tool definitions, CLAUDE.md content, and conversation history. Key findings include that CLAUDE.md is injected verbatim into every request (a compliance concern), the agent operates as a while loop that grows the conversation history cumulatively, and prompt caching keeps costs from scaling quadratically. The post also covers using JSONL session logs with tools like claude-replay and cclogviewer for auditing and debugging.
Table of contents
What is Claude Code?What is mitmproxy?PrerequisitesStep 1: Install and Start the ProxyStep 2: Route Claude Code Through the ProxyStep 3: Intercept Your First RequestStep 4: Decode the 80 KB PayloadStep 5: Watch the Agent Loop GrowStep 6: Understand the Cost EconomicsStep 7: Replay Sessions From Local JSONL LogsSee the Full DemoSummarySort: