- Go 1.24 or higher (only if building from source)
- OpenSSL (for generating CA certificates using Option 1)
- mkcert (for generating CA certificates using Option 2)
Option 1: Download from GitHub Releases
For macOS Intel (AMD64):
curl -L https://github.com/eugene-ivanov-hash/mitm-proxy/releases/latest/download/mitm-proxy-darwin-amd64 -o mitm-proxy
chmod +x mitm-proxyFor macOS Apple Silicon (ARM64):
curl -L https://github.com/eugene-ivanov-hash/mitm-proxy/releases/latest/download/mitm-proxy-darwin-arm64 -o mitm-proxy
chmod +x mitm-proxyFor Linux:
curl -L https://github.com/eugene-ivanov-hash/mitm-proxy/releases/latest/download/mitm-proxy-linux-amd64 -o mitm-proxy
chmod +x mitm-proxyFor Windows (using PowerShell):
Invoke-WebRequest -Uri https://github.com/eugene-ivanov-hash/mitm-proxy/releases/latest/download/mitm-proxy-windows-amd64.exe -OutFile mitm-proxy.exeOption 2: Build from Source
- Clone the repository:
git clone https://github.com/eugene-ivanov-hash/mitm-proxy.git
cd mitm-proxy- Build the application:
go build -o mitm-proxyTo intercept HTTPS traffic, the proxy needs a CA certificate that will be used to sign dynamically generated certificates.
Option 1: Using OpenSSL
For macOS/Linux:
openssl genrsa -out ca.key 2048
openssl req -new -x509 -days 3650 -key ca.key -out ca.crt -subj "/CN=MITM Proxy CA"For Windows:
# Using OpenSSL in Windows (requires OpenSSL installation)
openssl genrsa -out ca.key 2048
openssl req -new -x509 -days 3650 -key ca.key -out ca.crt -subj "/CN=MITM Proxy CA"Option 2: Using mkcert (Recommended for development)
For macOS/Linux:
# Install mkcert
# macOS: brew install mkcert
# Linux: apt install mkcert
# Generate and install certificate
mkcert -install
mkcert -cert-file ca.crt -key-file ca.key localhost 127.0.0.1 ::1For Windows:
# Install mkcert (requires Chocolatey)
choco install mkcert
# Generate and install certificate
mkcert -install
mkcert -cert-file ca.crt -key-file ca.key localhost 127.0.0.1 ::1For macOS/Linux:
# Option 1: Using generated certificate files
./mitm-proxy -cacertfile ca.crt -cakeyfile ca.key
# Option 2: Using mkcert's root CA (if you used mkcert)
./mitm-proxy -cacertfile "$(mkcert -CAROOT)/rootCA.pem" -cakeyfile "$(mkcert -CAROOT)/rootCA-key.pem"For Windows:
# Option 1: Using generated certificate files
.\mitm-proxy.exe -cacertfile ca.crt -cakeyfile ca.key
# Option 2: Using mkcert's root CA (if you used mkcert)
$CAROOT = mkcert -CAROOT
.\mitm-proxy.exe -cacertfile "$CAROOT\rootCA.pem" -cakeyfile "$CAROOT\rootCA-key.pem"For the proxy to work with HTTPS connections, you need to add the generated CA certificate to your system or browser's trusted certificate authorities.
-
Add the certificate to the Keychain:
sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain ca.crt
Note: If you used mkcert, this step is already done for you by the
mkcert -installcommand.
-
Double-click the CA certificate file
-
Click "Install Certificate"
-
Select "Place all certificates in the following store"
-
Browse and select "Trusted Root Certification Authorities"
-
Click "Next" and "Finish"
Note: If you used mkcert, this step is already done for you by the
mkcert -installcommand.
-
Copy the certificate to the trusted CA directory:
sudo cp ca.crt /usr/local/share/ca-certificates/ sudo update-ca-certificates
Note: If you used mkcert, this step is already done for you by the
mkcert -installcommand.
Firefox uses its own certificate store:
- Open Firefox Preferences
- Go to Privacy & Security
- Scroll down to Certificates and click "View Certificates"
- In the Authorities tab, click "Import" and select your CA certificate
- Check "Trust this CA to identify websites" and click "OK"