It is a common practice to test a network device by replaying network traffic onto it and observe its reactions. Many replay tools support Transmission Control Protocol/Internet Protocol stateful traffic replay and hence can be used to test switches, routers, and gateway devices. However, they often fail if the device under test (DUT) is an application level proxy. In this paper, we design and implement ProxyReplay to replay application-layer traffic for network proxies. As many application proxies have built-in security functions, the main purpose of this tool is to evaluate the security functionalities of DUTs using payloads constructed from real network traces. ProxyReplay modifies requests and responses and maintains queues for request-response pairs to resolve the issues of protocol dependency, functional dependency, concurrent replay, and error resistance. The solution provides two replay modes, that is, the preprocess mode and the concurrent mode. Depending on the benchmark scenario, we show that the preprocess mode is better for benchmarking the performance capability of a DUT. In contrast, the concurrent mode is used when the replayed trace file is extremely large. Our experiments show 99% accuracy. In addition, the replay performance exceeds 320 Mbps by running the benchmark with an off-the-shelf personal computer in the preprocess mode. Copyright © 2014 John Wiley & Sons, Ltd.