When you run httptap – <command>, httptap runs <command> in an isolated network namespace, injecting a certificate authority created on-the-fly in order to decrypt HTTPS traffic. Here is the process in detail:

In linux, there is a kernel API for creating and configuring network interfaces. Conventionally, a network interface would be a physical ethernet or WiFi controller in your computer, but it is possible to create a special kind of network interface called a TUN device. A TUN device shows up to the system in the way that any network interface shows up, but any traffic written to it will be delivered to a file descriptor held by the process that created it. Httptap creates a TUN device and runs the subprocess in an environment in which all network traffic is routed through that device.

Requires using its custom certificate authority. Nice for scraping without root access, but it won’t work for all programs. Openssl injection/ebpf is more flexible, but I’m not sure if there’s a tool that can do that.

If you want a more comprehensive overview of your traffic and the ability to set firewall rules to block specific sites, I found Safing Portmaster to be a great option.

You also get filter lists, ability to tweak connections made by different apps, and, as a paid option, connect to a Tor-like network where every app van be designated its own exit node, at the speed of about 60mbits/s last time I checked (currently not using this option).

Sounds very handy!

Thanks for sharing. On Windows I always liked Fiddler for this. But I haven’t found a decent alternative yet.