SSL Interception
Weproxa intercepts HTTPS traffic on a per-host basis. After installing the CA certificate, you need to tell Weproxa which hosts to decrypt by adding them to the SSL Interception Hosts list.
Why Per-Host?
Section titled “Why Per-Host?”Instead of blindly decrypting all HTTPS traffic, Weproxa lets you choose exactly which hosts to inspect. This gives you:
- Better performance — only decrypt the traffic you care about
- Less noise — your request list stays focused on relevant hosts
- More control — easily toggle interception on/off per host
Adding SSL Hosts
Section titled “Adding SSL Hosts”There are two ways to enable SSL interception for a host:
- Click the lock icon (Certificate) in the toolbar
- Type a hostname in the input field (e.g.,
api.example.com) - Press Enter or click the + button
- The host is added and SSL interception is enabled immediately
You can also use wildcard patterns like *.example.com to match all subdomains.
- Find a request in the request list from the host you want to inspect
- Right-click the request to open the context menu
- Click Enable SSL for {host}
- SSL interception is enabled immediately for that host
This is the quickest way to enable SSL for a host you’re already seeing traffic from.
Managing SSL Hosts
Section titled “Managing SSL Hosts”Open the Certificate Menu (lock icon in the toolbar) to see all your configured SSL hosts. From here you can:
- Toggle a host on/off using the checkbox
- Remove a host by clicking the trash icon
- Add new hosts using the input field
To disable SSL for a host via the context menu, right-click a request from that host and select Disable SSL for {host}.
SSL host configurations are saved automatically and persist between sessions.
Prerequisites
Section titled “Prerequisites”Before SSL interception can work, you must install and trust the WePROXA Root CA certificate. See Certificate Trust for instructions.
Troubleshooting
Section titled “Troubleshooting”HTTPS requests show as CONNECT tunnels
Section titled “HTTPS requests show as CONNECT tunnels”The host is not in your SSL Interception Hosts list. Add the host using one of the methods above.
Certificate errors after enabling SSL
Section titled “Certificate errors after enabling SSL”Make sure the WePROXA Root CA is installed and trusted in your macOS Keychain. See Certificate Trust.
Wildcard patterns
Section titled “Wildcard patterns”Use *.example.com to match all subdomains (e.g., api.example.com, cdn.example.com). The exact host example.com itself is not matched by a wildcard — add it separately if needed.