This repo contains a small setup that aids local interception of HTTPs traffic. The concept is old, but I figured it be helpful for me to have a place to put such a setup.
The idea is to run two proxies:
- The first one is called
reverse
in the config, and will terminate HTTPS and forward it to the second as HTTP locally. - The second one is called
proxy
(yay, naming 👌) in the config and will accept HTTP and forward it as HTTPS to the intendedtarget
.
This enables us to capture the plain HTTP traffic locally.
You'll need:
- mkcert
- docker and docker-compose
- tcpdump/wireshark something like that
In proxy/default.conf
adjust the following:
- Substitute
server www.target.tld:443;
with the target IP address you want to use- You can use a DNS entry, too - but that makes it necessary to pay attention to altering your local
/etc/hosts
at the right time.
- You can use a DNS entry, too - but that makes it necessary to pay attention to altering your local
- Adjust the lines for
server_name
andproxy_set_header
to the appropriate domain.
In reverse/default.conf
adjust the following:
- If not on MacOS pay attention to the
server host.docker.internal:27374;
line.- You may need to put a different host here.
- Use
mkcert www.target.tld
to generate a cert for your target- Use
mkcert -install
to install the certificate into your trust store - Put the appropriate files in
ssl_certificate
andssl_certificate_key
entries
- Use
- Adjust
server_name
andproxy_set_header
as fitting
- Start containers using
docker-compose up
- Redirect local traffic to
reverse
container by putting127.0.0.1 $target
in/etc/hosts
or similar - Capture traffic on local loopback
- In
reverse
execute:mkcert -uninstall
- From
/etc/hosts
remove127.0.0.1 $target