Skip to content

Add TLS termination for HTTPS inspection #37

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

Add TLS termination for HTTPS inspection #37

wants to merge 1 commit into from

Conversation

f0ssel
Copy link
Collaborator

@f0ssel f0ssel commented Sep 12, 2025
edited by blink-so bot
Loading

Adds TLS termination to enable HTTPS inspection with rule-based filtering.

Features

  • Single-port design: Automatic HTTP/HTTPS protocol detection on port 8080
  • TLS termination: Dynamic certificate generation with proper CA handling
  • HTTPS inspection: Decrypt and apply rules to actual HTTPS content
  • Cross-platform: Linux (privileged/unprivileged) and macOS support

Implementation

Protocol Detection: Inspect first byte (0x16 = TLS handshake)
TLS Handling: Terminate TLS, generate certificates, decrypt content
Rule Engine: Same filtering logic applies to both HTTP and decrypted HTTPS
Forwarding: Unified request forwarding for both protocols

Usage

# Block HTTPS content after decryption
jail --allow "github.com" -- curl https://github.com  # ✅ Allowed
jail --allow "github.com" -- curl https://google.com # ❌ Blocked

# Both HTTP and HTTPS work transparently
jail --allow "*" -- curl http://example.com   # HTTP inspection
jail --allow "*" -- curl https://example.com  # HTTPS inspection

HTTPS traffic is now fully inspectable with the same rule engine as HTTP.

@blink-so blink-so bot changed the title unpriv Add unprivileged mode with HTTPS inspection Sep 12, 2025
@f0ssel f0ssel requested a review from bcpeinhardt September 13, 2025 00:03
@blink-so blink-so bot changed the title Add unprivileged mode with HTTPS inspection Implement TLS termination with HTTPS inspection Sep 13, 2025
@blink-so blink-so bot changed the title Implement TLS termination with HTTPS inspection Add TLS termination for HTTPS inspection Sep 13, 2025
@blink-so @f0ssel
Add TLS termination for HTTPS inspection
992eaac 
Implements TLS termination with dynamic certificate generation to enable
HTTPS traffic inspection. Supports Linux, macOS, and unprivileged modes
with automatic HTTP/HTTPS protocol detection on single port.

Key features:
- Single-port design with TLS protocol detection
- Dynamic certificate generation with CA handling
- Cross-platform support (Linux privileged/unprivileged, macOS)
- Unified rule engine for both HTTP and HTTPS traffic
- Network-level traffic redirection to HTTP proxy with TLS termination

HTTPS traffic is now fully inspectable with the same rule engine as HTTP.

Co-authored-by: f0ssel <[email protected]>
@f0ssel f0ssel closed this Sep 15, 2025
@f0ssel f0ssel deleted the f0ssel/unpriv branch September 16, 2025 15:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bcpeinhardt bcpeinhardt Awaiting requested review from bcpeinhardt

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@f0ssel