I have one question though, how do you intercept TLS. Let’s say i would connect my phone to your proxy, and try to search something on the web. Wouldn't the connection not be trusted?
Thanks! The tool has a built in certificate authority (CA) to generate TLS certificates. So to intercept TLS traffic from a phone, you export the CA's root certificate and import it onto your phone. If you're on PC, you can also launch a browser preconfigured to intercept traffic.
This is the standard pattern for these kinds of tools.
Won't work with certificate pinning. Although if you have root, you can even work around that. See this recently on HN mentioned article by Kaspersky [1], using mitmproxy.
I'm not entirely sure if it is the case here, but many tools that intercept TLS have you trust a certificate in the OS or browser level that they then use as a MITM on the proxy to be able to decrypt the requests
I previously used Proxyman [1] on iOS to the http requests send over TLS. It worked rather nicely. Proxyman in this case starts a VPN which handles all the traffic. It uses custom certificate to decrypt the messages.
This is the standard pattern for these kinds of tools.
As it's not always a straightforward process for people who haven't done it before, there's instructions for a variety of platforms in the documentation: https://docs.pakikiproxy.com/#/getting_started/intercepting