Get the Rust Forward Proxy running in minutes with full HTTP/HTTPS interception capabilities.
# Clone and start basic HTTP proxy
git clone <your-repo-url>
cd rust-forward-proxy
make dev
# Test immediately
curl -x http://127.0.0.1:8080 http://httpbin.org/get# Generate root CA certificate
make setup-ca
# Configure browser proxy: 127.0.0.1:8080
# Install ca-certs/rootCA.crt in browser trust store
# Browse to https://httpbin.org/get
# Check proxy logs - complete HTTPS content visible!Perfect for HTTP traffic interception and HTTPS tunneling.
make devWhat you get:
- ✅ Full HTTP request/response interception
- ✅ HTTPS CONNECT tunneling (encrypted passthrough)
- ✅ Production-grade logging
- ✅ Health monitoring
Test it:
# HTTP interception (see full content)
curl -x http://127.0.0.1:8080 http://httpbin.org/get
# HTTPS tunneling (encrypted passthrough)
curl -x http://127.0.0.1:8080 https://httpbin.org/getDecrypt and inspect HTTPS traffic content.
# Setup root certificate
make setup-ca
# Start proxy with interception
make dev
# Configure browser (see Browser Setup section)What you get:
- ✅ Everything from Option 1
- ✅ HTTPS content interception - see encrypted data!
- ✅ Certificate generation and caching
- ✅ Complete request/response visibility
Use Securly CA certificates for enterprise environments.
# Place Securly CA files in ca-certs/
# securly_ca.crt and securly_ca.key (if available)
# Start with Securly CA
CERT=securly make dev
# or
make dev-securlyRedis caching, Docker containerization, production logging.
# Docker with Redis
make prod-docker
# Local production
make prodmake setup-caThis creates:
ca-certs/rootCA.crt- Root certificate (install in browser)ca-certs/rootCA.key- Private key (keep secure)
- Open the certificate:
open ca-certs/rootCA.crt - macOS Keychain will open
- Add certificate to keychain
- Find "Rust Proxy Root CA" in Keychain Access
- Double-click → Expand "Trust" section
- Set "When using this certificate" to "Always Trust"
- Save changes
- Chrome → Settings → Privacy and Security → Security → Manage certificates
- Go to "Trusted Root Certification Authorities" tab
- Click "Import" → Select
ca-certs/rootCA.crt - Place in "Trusted Root Certification Authorities" store
- Restart browser
- Firefox → Settings → Privacy & Security → Certificates → View Certificates
- Go to "Authorities" tab
- Click "Import" → Select
ca-certs/rootCA.crt - Check "Trust this CA to identify websites"
- OK and restart Firefox
- Settings → Advanced → System → "Open your computer's proxy settings"
- Manual proxy setup:
- HTTP Proxy:
127.0.0.1:8080 - HTTPS Proxy:
127.0.0.1:8080 - Check "Use proxy for all protocols"
- HTTP Proxy:
- Settings → Network Settings → "Settings" button
- Select "Manual proxy configuration"
- HTTP Proxy:
127.0.0.1Port:8080 - SSL Proxy:
127.0.0.1Port:8080 - Check "Use this proxy server for all protocols"
- Browse to https://httpbin.org/get
- Check proxy console logs
- You should see complete HTTPS request/response content!
✅ INTERCEPTED HTTPS: GET https://httpbin.org/get
📋 Request Headers:
user-agent: Mozilla/5.0...
cookie: session=abc123...
📤 Upstream HTTPS response: 200 OK
📄 Response Body: {"args": {}, "headers": {...}}# Basic Configuration
PROXY_LISTEN_ADDR=127.0.0.1:8080 # HTTP proxy address
HTTPS_LISTEN_ADDR=127.0.0.1:8443 # HTTPS proxy address (when TLS enabled)
# TLS Configuration
TLS_ENABLED=false # Enable HTTPS server
TLS_INTERCEPTION_ENABLED=true # Decrypt HTTPS traffic
TLS_CA_CERT_PATH=ca-certs/rootCA.crt
TLS_CA_KEY_PATH=ca-certs/rootCA.key
# Logging
RUST_LOG=info # Production: clean logs
RUST_LOG=debug # Development: verbose logs
# Redis (Certificate Caching)
REDIS_URL=redis://redis:6379# Default: rootCA certificates
make dev
# Securly CA certificates
CERT=securly make dev
# Custom certificate paths
TLS_CA_CERT_PATH=/path/to/ca.crt TLS_CA_KEY_PATH=/path/to/ca.key make dev# Clean production logs (default)
make dev
# Verbose development logs
RUST_LOG=debug make dev
# Trace level (very verbose)
RUST_LOG=trace make dev# Start with Redis caching
make dev-docker
# Background mode
make dev-docker-detached# Production deployment
make prod-docker
# Custom environment
cp env.example .env
# Edit .env with your settings
make prod-docker# In .env file
PROXY_PORT=8080
PROXY_LISTEN_ADDR=0.0.0.0:8080
REDIS_URL=redis://redis:6379
REDIS_PASSWORD=your_secure_password
RUST_LOG=info# Test HTTP interception
curl -x http://127.0.0.1:8080 http://httpbin.org/get
# Test HTTPS tunneling
curl -x http://127.0.0.1:8080 https://httpbin.org/get
# Test POST with data
curl -x http://127.0.0.1:8080 -X POST http://httpbin.org/post \
-H "Content-Type: application/json" \
-d '{"test": "data"}'# Test HTTPS interception (requires browser setup)
curl -x http://127.0.0.1:8080 https://httpbin.org/get --proxy-insecure
# Test with various HTTPS sites
curl -x http://127.0.0.1:8080 https://api.github.com/users/octocat --proxy-insecure# Run all tests
make test-all
# Test local proxy
make test-local
# Test HTTPS interception
make test-intercept
# Test Docker deployment
make test-docker📥 GET http://httpbin.org/get from 127.0.0.1
🔄 Forwarding GET to upstream
📤 Upstream response: 200 (156ms)
✅ GET /get → 200 OK (158ms)
🔐 CONNECT tunnel to httpbin.org:443
✅ Tunnel established to httpbin.org:443 (45ms)
🔌 Tunnel completed for httpbin.org:443
🔍 CONNECT httpbin.org:443 - INTERCEPTING
💾 Generating new certificate for httpbin.org (5ms)
🔒 Connection upgraded, starting TLS handshake
✅ TLS handshake successful
📥 INTERCEPTED HTTPS: GET https://httpbin.org/get
📋 Complete request/response details logged
# Check if proxy is running
curl http://127.0.0.1:8080/health
# Check logs for errors
RUST_LOG=debug make dev- Certificate not trusted: Install rootCA.crt in browser trust store
- Browser warnings: Normal for some sites with certificate pinning
- Connection errors: Restart browser after certificate installation
# Check Redis connection (for Docker)
make test-redis
# Monitor certificate cache performance
# Look for "Using cached certificate" vs "Generating new certificate"
# Clear certificate cache if needed
make cache-clear-redis# Remove from macOS Keychain
# Keychain Access → Find "Rust Proxy Root CA" → Delete
# Remove from browser
# Chrome: Settings → Security → Manage certificates → Delete
# Firefox: Settings → Certificates → Authorities → Delete- API Testing: Intercept your application's HTTP/HTTPS requests
- Security Analysis: Examine encrypted traffic for vulnerabilities
- Network Debugging: Troubleshoot mysterious connection issues
- Certificate Management - Custom CAs, certificate validation
- Performance Tuning - Caching, connection pooling, optimization
- Deployment Guide - Production deployment patterns
- CI/CD Testing: Automated API testing with traffic interception
- Load Testing: Monitor application behavior under load
- Security Auditing: Log and analyze all network communications
You now have a powerful HTTP/HTTPS proxy that can:
- ✅ Intercept all HTTP traffic with complete visibility
- ✅ Decrypt HTTPS traffic for security analysis
- ✅ Generate certificates dynamically for any domain
- ✅ Cache certificates for high performance
- ✅ Scale to production with Docker and Redis
Ready to explore encrypted traffic? Check out our Browser Setup Guide for complete HTTPS interception!