v3.x How to config https proxy
After configuring rootCA, AnyProxy could help to decrypt https requests, whose approach is also called Man-In-The-Middle(MITM).
Here is the guide to config your https proxy and using it to intercept your https requests. If you don't what to deal with https requests, i.e. just let them go as normal, you don't have to do any configuration.
- since v3.10.0, openssl is no longer needed
- execute
sudo anyproxy --root - start anyproxy by
anyproxy, fetch rootCA.crt via http://localhost:8002/fetchCrtFile, then open and trust it. - an qr code for rootCA.crt will be available via http://localhost:8002/qr_root, you may need it when installing certificate on mobile devices.
- you should trust this rootCA on all of your clients. Otherwise, you will get a warning like UNAUTHORIZED_CERTIFICATE.
- once rootCA is correctly trusted, you don't need to re-generate it from then on.
- screenshots of trusting rootCA
- Windows
- Mac
- Windows
- start your anyproxy by
anyproxy --intercept. When rootCA exists, it will intercept(decrypt) all the https requests for you. - again, if you meet with a warning like UNAUTHORIZED_CERTIFICATE, please check if the root CA is correctly trusted by your operation system.
- you can view all decrypted https data via http://localhost:8002 ,and decrypted https requests will carry a lock icon with its id.
- to clear all the temperary certificates
anyproxy --clear - https features may be unstable in windows
anyproxy --type https --host my.domain.com- the param
hostis required with https proxy and it should be kept exactly what it it when you config your browser. Otherwise, you may get some warning about security.
- intercepting https requests means decrypting the https traffice. This does NOT require an https proxy.
- using https proxy means your request towards the proxy server will be encrypted, no matter the request is http or https.