ZeroTrace OSINT
Proxy Viewer
Send a request through a proxy and inspect the full response — status, headers, body preview, redirects, exit IP, attempts.
The proxy viewer is the "preview what happens when I send this through a proxy" tool. You give it a target URL and a proxy; it sends the request and shows you the full response.
For investigations where you need to see what a target sees when traffic comes from a proxied IP — geo-restricted content checks, cloaking detection, regional A/B testing visibility — this is the right tool.
What you get
For a target URL through a proxy:
| Section | What it surfaces |
|---|---|
| Final status | The HTTP status of the terminal response |
| Response headers | Full set, with security-header analysis |
| Body preview | First N kilobytes of the response body, with content-type-aware rendering |
| Redirect chain | Per-hop status / location / timing |
| Exit IP | The IP the target saw the request coming from |
| Cookies | Any cookies the target set on the response |
| Comparison fetch | Optional side-by-side fetch without the proxy, for diffing |
| TLS info (HTTPS targets) | Auto-composed TLS inspector result |
Comparison: proxied vs. direct
A toggle issues the same request twice — once through the proxy, once directly — and shows the difference:
- Status code differences.
- Header differences (geographic content-language headers, geographic cookies, geo-redirects).
- Body length differences (often signal cloaking — different content for proxied vs. direct visitors).
For sites that geo-target content, the diff is often dramatic and immediately useful.
"Cloaking" — serving different content to different visitors based on signals like IP geolocation, user-agent, or referer — is detectable from a proxied vs. direct comparison. A site that serves a clean page to a US-IP visitor and an SEO-spam page to a different-region visitor is doing exactly that.
Body preview
The viewer renders the response body with content-type awareness:
- HTML — pretty-printed, with options to view rendered or source.
- JSON — formatted with collapsible objects.
- Text — plain text.
- Image — inline preview.
- Binary — hex dump of the first kilobytes.
The preview is capped at a sensible size; a "download full body" affordance saves the complete response to disk if you need it.
Set-Cookie inspection
Cookies set by the response are parsed and shown with:
- Name, domain, path.
Secure/HttpOnly/SameSiteflags.- Expiry / max-age.
For tracking-cookie reconnaissance via a proxied connection, this is the central output.
Redirect chain
If the target redirects, every hop appears with status / location / timing. A proxy that fails on a particular hop (TLS termination quirk, CONNECT method rejection) surfaces as a chain that does not complete.
TLS info for HTTPS
For https:// targets, the viewer auto-runs the TLS inspector on the connection. Useful for spotting TLS interception by the proxy itself — a proxy that re-signs TLS exposes its own cert rather than the target's.
Pivots
| Click on... | Pivot to |
|---|---|
| Target URL | Site analysis, redirect analyzer, Wayback |
| Exit IP | IP geolocation, ASN, IP reputation, reverse DNS |
| Response cookies | (no pivot — copy and inspect) |
| Final TLS subject | TLS inspector |
Sources
- The proxy viewer's only source is the target URL itself, fetched through the configured proxy.
- TLS inspection auto-composes the TLS inspector tool against the same target.
- Exit-IP geolocation auto-composes the IP geolocation tool against the exit IP.