The downside to using mitmproxy for this is that mitmproxy uses eBPF which requires (temporary) root privileges to set up. This tool works without root access on most distros (you do need TUN write access).
That’s interesting. Tailscale userspace mode does not require tun write access as (I believe) is implemented within the process that runs the gvisor stack (tailscaled). I am wondering if httptap could use the same approach?
Yeah mitmproxy is great. The main difference with httptap is that it's an HTTP proxy server, so you have to configure your program to use a proxy server. When I wrote httptap I wanted to be able to run `httptap <command>` and see the httptraces right there in standard output. There is an absolute ton of cool things that mitmproxy can do that httptap is not even close to, like interactively modifying HTTP requests and such. Very cool project.
The downside to using mitmproxy for this is that mitmproxy uses eBPF which requires (temporary) root privileges to set up. This tool works without root access on most distros (you do need TUN write access).
That’s interesting. Tailscale userspace mode does not require tun write access as (I believe) is implemented within the process that runs the gvisor stack (tailscaled). I am wondering if httptap could use the same approach?
Yeah mitmproxy is great. The main difference with httptap is that it's an HTTP proxy server, so you have to configure your program to use a proxy server. When I wrote httptap I wanted to be able to run `httptap <command>` and see the httptraces right there in standard output. There is an absolute ton of cool things that mitmproxy can do that httptap is not even close to, like interactively modifying HTTP requests and such. Very cool project.
> so you have to configure your program to use a proxy server.
That's not true for local capture mode: https://mitmproxy.org/posts/local-capture/linux/. :)