https://mitmproxy.org/

installation

Just download the tar, it contains 3 binaries you can throw in ~/bin/.

configuration

mitmproxy starts itself as a regular http proxy listening on http://localhost:8080.

You probably need to do something like this...

# save tables
iptables-save > /tmp/urldump.iptables

# Redirect local http & https requests to proxy
iptables -t nat -A OUTPUT  -p tcp -m owner --uid-owner $user -j ACCEPT
iptables -t nat -A OUTPUT  -p tcp --dport 80 -j REDIRECT --to-port 8080
iptables -t nat -A OUTPUT  -p tcp --dport 443 -j REDIRECT --to-port 8080
# block udp ...
iptables -A OUTPUT  -p udp --dport 80 -j REJECT
iptables -A OUTPUT  -p udp --dport 443 -j REJECT

Later restore your original iptables with this...

iptables-restore /tmp/urldump.iptables

I've created scripts named mitm and unmitm for myself. Once you've setup the proxy run sudo mitmproxy and visit http://mitm.it.

certs

That page gives you a cert to download, move it into /usr/local/share/ca-certificates/ (creating the directory if it's missing). Then run sudo update-ca-certificates. This is a similar process to mkcert which is another great tool.