Traffic control, TLS inspection, and host-based protection.
Right now this is just an early prototype built to experiment with:
- HTTPS/TLS interception
- domain blocking
- local traffic control
- policy-based filtering
The long-term goal is .... IDK, we'll see.
- Things will break.
- TLS interception is messy.
- Browser behavior varies.
- The architecture will likely change a lot.
- Local HTTPS/TLS interception
- Domain blocking
- TOML-based configuration
- Embedded mitmproxy runtime
Requirements
- Linux
- Python 3.12+
- uv
Install dependencies:
uv syncStart ssctl
uv run python -m ssctl.main startThis won't work yet because ssctl uses local TLS interception for HTTPS filtering. You must trust the generated CA certificate or browsers will reject HTTPS traffic.
Install the CA certificate:
sudo cp ~/.mitmproxy/mitmproxy-ca-cert.pem /etc/ca-certificates/trust-source/anchors/ssctl.crtRefresh trust store:
sudo trust extract-compatInstall the CA certificate:
sudo cp ~/.mitmproxy/mitmproxy-ca-cert.pem /usr/local/share/ca-certificates/ssctl.crtRefresh trust store:
sudo update-ca-certificatesFor now, browsers must use the local proxy manually.
Temporary shell setup:
export http_proxy=http://127.0.0.1:8080
export https_proxy=http://127.0.0.1:8080Launch browser from the same terminal session:
chromeTransparent system-wide interception without proxy exports will come later. Firefox-based browsers may ignore system certificates by default.
To fix Firefox, Go to:
about:config
Set:
security.enterprise_roots.enabled = true
Then restart the browser.