A cross platform SOCKS5 proxy for TLS/SSL traffic inspection and manipulation

---

InterceptSuite is a cross-platform network traffic interception tool engineered for comprehensive TLS/SSL inspection, analysis, and manipulation at the network level. Unlike traditional tools such as Burp Suite or OWASP ZAP that focus specifically on HTTP/HTTPS traffic, InterceptSuite provides unprecedented visibility into any TLS-encrypted protocol, operating seamlessly at the TCP/TLS layer.

The original inspiration behind InterceptSuite was to address a critical gap in application penetration testing. Security professionals often struggle with limited options for intercepting network traffic from native applications, making it challenging to perform comprehensive packet or traffic analysis of thick clients and custom protocols.

InterceptSuite bridges this gap by providing a universal TLS interception engine that works with any protocol, giving security researchers the tools they need to analyze, understand, and test encrypted communications effectively.

Component Windows Linux macOS

Core Library	✅	✅	✅
GUI Interface	✅	✅	✅

• 🌟 Overview
• ✨ Features
• 🚀 Getting Started
• 📖 Usage
• 🔧 Proxy Configuration
• ⚠️ Current Limitations
• 🤔 When to Use InterceptSuite vs. HTTP-Specific Tools
• 🖼️ Screenshots
• 🛠️ Development
• 📄 License
• 🙏 Acknowledgments

• 🌐 Protocol-Agnostic TLS Interception: Intercept TLS/SSL traffic from any application or protocol
• 🔌 SOCKS5 Proxy Integration: Uses SOCKS5 proxy protocol for versatile connection handling
• ⚡ Real-time Traffic Analysis: View decrypted traffic as it flows through the proxy
• 🎛️ Connection Management: Track active connections and view their details
• 🔐 Certificate Authority Management: Automatic generation of CA certificates with platform-specific storage
• 🔧 Traffic Manipulation: Modify intercepted traffic before forwarding
• ⚡ High-Performance C Core: Optimized C engine for maximum speed and minimal memory footprint
• 📚 Custom Integration: Embed TLS interception capabilities into your own applications with our DyLib, So and DLL
• 🎨 Modern GUI: Built with Tauri + Rust frontend and high-performance C core
• 📝 Detailed Logging: Comprehensive logging with automatic rotation and cleanup

• Windows 10/11 (64-bit), Linux (x64), or macOS (Apple Silicon)

1. Download the platform-specific installer from the Releases page
   • Windows: .exe installer or .msi package
   • Linux: .deb (Ubuntu/Debian) or .rpm (RedHat/Fedora) package
   • macOS: .dmg disk image
2. Run the installer and follow the setup wizard
3. Launch InterceptSuite from your applications menu or desktop shortcut

Note: Platform-specific native installers are available for seamless installation on all supported operating systems.

• 🐧 Linux: No security issues expected. Unsigned binaries run normally.

• 🪟 Windows:

  • Windows Defender SmartScreen may display warnings about "unknown application"
  • You may see prompts like "Windows protected your PC"
  • Click "More info" → "Run anyway" to proceed with installation
  • Some antivirus software may flag unsigned executables as potentially unwanted

• 🍎 macOS:

  • Gatekeeper will prevent execution of unsigned applications
  • You may see "cannot be opened because it is from an unidentified developer" or "Interceptsuite is damaged and can't be opened."
  • Recommended Solution: Remove quarantine attributes: xattr -dr com.apple.quarantine /Applications/interceptsuite.app
  • Alternative Method 1: Right-click the application → "Open" → Confirm in dialog
  • Alternative Method 2: Temporarily disable Gatekeeper: sudo spctl --master-disable
  • Note: After removing quarantine attributes, the app will launch normally from both command line and GUI

💖 Support Code Signing: If you'd like to help us obtain code signing certificates, you can support the project through:

• ₿ Bitcoin: bc1qusxngf2w5gl2g8hw82ggct59227k4963f9fwhm
• 💎 GitHub Sponsor: https://github.com/sponsors/Anof-cyber
• ☕ Buy Me a Coffee: https://www.buymeacoffee.com/AnoF

For comprehensive setup and usage instructions, see our detailed Usage Guide.

1. Launch InterceptSuite application
2. Start the proxy server (default: 127.0.0.1:4444)
3. Install the generated CA certificate as a trusted root
4. Configure your client application to use the SOCKS5 proxy
5. Begin intercepting and analyzing TLS traffic

Important: InterceptSuite generates a unique CA certificate on first run that must be installed as a trusted root certificate authority for TLS interception to work.

Configure your client application to use the SOCKS5 proxy at 127.0.0.1:4444.

For detailed platform-specific configuration instructions, see the Usage Guide.

• Windows: Use Proxifier for system-wide SOCKS5 support
• Linux: Multiple options including ProxyCap, tsocks, Proxychains, or iptables
• macOS: Proxifier for Mac or Proxychains-ng for terminal applications

Understanding InterceptSuite's current limitations helps you choose the right tool for your specific use case.

Current Limitation: InterceptSuite cannot bypass TLS for protocols that do not use standard TLS handshake as the initial packet after TCP handshake.

• 🐘 PostgreSQL - TLS sessions
• 🐬 MySQL - TLS sessions
• 🔧 SmartTLS - Similar technologies
• 🔌 Custom Protocols - Non-standard handshakes

🔜 Future Release: This functionality is planned for future releases.

Current Limitation: The tool does not support protocol dissection, meaning it cannot decode protocol-specific binary formats or encodings regardless of whether TLS is used.

Format Type Examples Description

Binary Protocols	Protocol Buffers, MessagePack	Structured binary encodings
Custom Encodings	Application-specific formats	Proprietary data structures
Compressed Data	Obfuscated data streams	Compressed or encoded payloads

💡 Important Note: If a protocol doesn't transmit data in plain text (even after TLS decryption), InterceptSuite will show the raw bytes but not interpret them.

🔜 Future Release: Protocol dissection functionality is planned for future releases.

Choose the right tool for your security testing needs with our comprehensive comparison guide.

• 🌐 Working with non-HTTP TLS-encrypted protocols
• 🔍 Analyzing network traffic at the TCP/TLS layer
• 🛠️ Debugging custom TLS-encrypted protocols
• 📱 Testing thick client applications
• 🎮 Analyzing game or IoT protocols
• 🔧 Developing protocol-specific security tools

• 🌍 Working specifically with HTTP/HTTPS traffic
• 🖥️ Testing web applications
• 🔒 Performing web security assessments
• 🔄 When HTTP-specific features are needed:
  • Request repeating
  • Vulnerability scanning
  • Session management
  • Authentication testing

Scenario InterceptSuite Burp/ZAP Reason

🌐 Web App Testing	❌	✅	HTTP-specific features needed
📱 Mobile App API	🤔	✅	Depends on protocol (HTTP vs custom)
🔌 IoT Device Comms	✅	❌	Custom TLS protocols
🖥️ Desktop App Traffic	✅	🤔	Protocol-dependent
🔒 Database TLS	⚠️	❌	Limited support (future feature)

Legend: ✅ Recommended • 🤔 Depends • ⚠️ Limited • ❌ Not suitable

Explore InterceptSuite's intuitive interface through our comprehensive screenshot gallery showcasing each major feature.

The Intercept tab allows you to view and modify network packets in real-time, providing granular control over TLS traffic flow.

The Proxy History tab shows all messages that have passed through the SOCKS5 proxy with comprehensive logging and filtering capabilities.

The Settings tab provides configuration options for the proxy server, logging, interception rules, and certificate management. Use the Export Certificate feature to save certificates in different formats.

The Connections tab displays TCP connection details and allows for exporting connection data with real-time monitoring of active sessions.

Join the InterceptSuite development community and contribute to the future of TLS traffic analysis tools.

InterceptSuite now supports building on Windows, Linux, and macOS with native library generation for each platform.

Platform Library Format Build Tool Status

🪟 Windows	.dll	Visual Studio / CMake	✅ Ready
🐧 Linux	.so	GCC / CMake	✅ Ready
🍎 macOS	.dylib	Clang / CMake	✅ Ready

🚀 Getting Started with Development:

For detailed instructions on building InterceptSuite for each platform, see the Build Guide. This guide includes platform-specific prerequisites, build commands, and troubleshooting tips.

• 🐛 Bug Reports - Found an issue? Report it on our GitHub Issues page with detailed reproduction steps.
• ✨ Feature Requests - Have an idea for improvement? We welcome feature requests and enhancement suggestions.
• 🔧 Pull Requests - Ready to contribute code? Check our contribution guidelines before submitting PRs.
• 📚 Documentation - Help improve our documentation, examples, and tutorials for better user experience.

InterceptSuite is open source software, committed to transparency and community collaboration.

This project is licensed under the GNU Affero General Public License v3.0 (AGPL-3.0)

The AGPL-3.0 license ensures that InterceptSuite remains free and open source, while requiring that any network-based services using this code also provide their source code to users.

---

Special thanks to the amazing open source communities and technologies that make InterceptSuite possible.

Providing robust TLS/SSL functionality and cryptographic operations

High-performance C core engine with modern Tauri + Rust GUI for optimal performance and user experience

Enabling cross-platform build system management and compilation

InterceptSuite is built with love by the cybersecurity community, for the cybersecurity community. Thank you to all contributors, testers, and users who help make this project better every day!

---

🛡️ Secure by Design • 🌍 Cross-Platform • 🔓 Open Source