InterceptSuite is a cross-platform network traffic interception tool for comprehensive TLS/SSL inspection, analysis, and manipulation at the network level. Unlike traditional tools such as Burp Suite or ZAP that focus on HTTP/HTTPS traffic, InterceptSuite operates at the TCP/TLS layer, providing visibility into any TLS-encrypted protocol.
- Protocol-Agnostic: Intercepts TLS traffic from any application or protocol
- Universal Interception: Works with thick clients, custom protocols, and non-HTTP applications
- Python Extensions: Add custom protocol dissection capabilities tailored to your needs
- Cross-Platform: Native support for Windows, Linux, and macOS
- π Overview
- β¨ Features
- π Getting Started
- π Usage
- π§ Proxy Configuration
- π Protocol Dissection & Python Extensions
- π€ When to Use InterceptSuite
- πΌοΈ Screenshots
- π License
- π Acknowledgments
- Protocol-Agnostic TLS Interception β Intercept TLS/SSL traffic from any application or protocol
- SOCKS5 Proxy Integration β Versatile connection handling via SOCKS5 protocol
- Real-time Traffic Analysis β View decrypted traffic as it flows through the proxy
- Connection Management β Track active connections and view detailed information
- Certificate Authority Management β Automatic CA certificate generation and platform-specific storage
- Traffic Manipulation β Modify intercepted traffic before forwarding
- High-Performance C Core β Optimized engine for maximum speed and minimal memory footprint
- Custom Integration β Embed TLS interception capabilities into your applications (DyLib/So/DLL)
- Modern GUI β Cross-platform native performance with Avalonia .NET
- Python Extension Support β Add custom protocol dissection with Python plugins
Note
PRO version is available with additional features including DTLS support, STARTTLS support, PCAP export, and universal TLS upgrade detection.
- Windows 10/11 (64-bit), Linux (x64), or macOS 13+ (Apple Silicon)
- Download the platform-specific installer from the Releases page
- Windows:
.exeinstaller - Linux:
.deb(Ubuntu/Debian) or.rpm(RedHat/Fedora) - macOS:
.pkginstaller
- Windows:
- Run the installer and follow the setup wizard
- Launch InterceptSuite from your applications menu
- Launch InterceptSuite application
- Start the proxy server (default:
127.0.0.1:4444) - Install the generated CA certificate as a trusted root
- Configure your client application to use the SOCKS5 proxy
- Begin intercepting and analyzing TLS traffic
Important: InterceptSuite generates a unique CA certificate on first run that must be installed as a trusted root certificate authority for TLS interception to work.
For comprehensive documentation, visit doc.interceptsuite.com
Configure your client application to use the SOCKS5 proxy at 127.0.0.1:4444.
- Windows β Use Proxifier for system-wide SOCKS5 support
- Linux β Use ProxyCap, tsocks, Proxychains, or iptables
- macOS β Use Proxifier for Mac or Proxychains-ng for terminal applications
For detailed configuration instructions, see the Documentation
Note
While InterceptSuite can handle HTTP/HTTPS traffic, it is strongly recommended to use HTTP-specific tools like Burp Suite or ZAP for web application testing. These tools provide specialized features optimized for HTTP-based protocols.
- Non-HTTP TLS-encrypted protocols
- TCP/TLS layer traffic analysis
- UDP/DTLS traffic analysis
- Custom TLS-encrypted protocols
- Thick client applications
- Game or IoT protocols
- Protocol-specific security tools
- HTTP/HTTPS traffic
- Web application testing
- Web security assessments
- HTTP-specific features (request repeating, vulnerability scanning, session management)
| Scenario | InterceptSuite | Burp/ZAP |
|---|---|---|
| Web Application Testing | Limited | β |
| Mobile App API (HTTP) | Limited | β |
| IoT Device Communications | β | Limited |
| Desktop App (Custom Protocol) | β | Limited |
| Database TLS Connections | β | Limited |
View and modify network packets in real-time
View all messages that have passed through the SOCKS5 proxy
Configure proxy server, logging, interception rules, and certificate management
Monitor TCP connection details and active sessions
InterceptSuite does not include built-in protocol dissection by design. Instead, it provides a Python Extension API that allows you to write custom protocol dissection according to your specific needs.
- Flexibility β Write dissectors for any protocol you encounter
- Performance β Load only the dissectors you need
- Customization β Tailor protocol parsing to your use cases
- Community-Driven β Share and collaborate on protocol dissectors
- Extensibility β Add new protocols without waiting for updates
- Raw decrypted traffic viewing
- TCP-level connection information
- Timestamp analysis
For documentation and examples, visit doc.interceptsuite.com
Contributions are welcome:
- Bug Reports β Report issues on our GitHub Issues page
- Feature Requests β Submit enhancement suggestions
- Pull Requests β Check contribution guidelines before submitting
- Documentation β Help improve documentation and examples
This project is licensed under the GNU Affero General Public License v3.0 (AGPL-3.0)
The AGPL-3.0 license ensures that InterceptSuite remains free and open source, while requiring that any network-based services using this code also provide their source code to users.
Built with:
- OpenSSL β TLS/SSL functionality and cryptographic operations
- Avalonia .NET β Cross-platform GUI framework
- CMake β Cross-platform build system
Thank you to all contributors, testers, and users who help make this project better.
Secure by Design β’ Cross-Platform β’ Open Source