httptap is a process-scoped http tracer that you can run without root priveleges. You can run httptap <command> where <command> is a linux program and you get a trace of http/https requests and responses in standard output.

It works by running <command> in an isolated network namespace. It has its own TCP/IP stack (for which it uses gVisor). It is not an HTTP proxy and so does not rely on <command> being configured to use an HTTP proxy. It decrypts TLS traffic by generating a CA on the fly. It won’t install any iptables rules or make other global system changes.

Apparently getting polled requests correctly is a li’l bit tricky. I do a li’l bit of scraping from cron and I didn’t know any of this stuff 😰

How to use SSLKEYLOGFILE and Wireshark to decrypt HTTPS traffic.

Illustrated introduction to HTTPS: what problems it solves, and how it works.