LinuxCommandLibrary

intercept

Intercept and process device events

TLDR

Read and output raw input events from a given input device file (the system will not see any key presses)

$ sudo intercept -g [/dev/input/eventX]
copy

Read and output raw input events from a given input device file (the system can see key presses and does not block other programs from reading them)
$ sudo intercept [/dev/input/eventX]
copy

SYNOPSIS

intercept [OPTIONS]

PARAMETERS

--ports <ports>
    Comma-separated ports to listen on (default: 8080)

--target <host:port>
    Upstream target to forward traffic to

--cert <path>
    Path to CA certificate for HTTPS interception

--key <path>
    Path to CA private key

--script <path>
    Lua script for modifying requests/responses

--threads <int>
    Number of worker threads (default: 100)

--read-timeout <duration>
    Timeout for reading from upstream (default: 30s)

--write-timeout <duration>
    Timeout for writing to upstream (default: 30s)

--log-http
    Log all HTTP requests and responses

--log-traffic
    Log all TCP traffic

-h, --help
    Show help and exit

DESCRIPTION

Intercept is a lightweight tool that acts as a transparent proxy for HTTP and HTTPS traffic between clients and upstream servers. It enables real-time inspection, logging, and modification of requests and responses using Lua scripts. Written in Go, it supports high concurrency and is ideal for debugging web applications, API testing, security analysis, and reverse engineering.

To use, redirect traffic with iptables (e.g., iptables -t nat -A OUTPUT -p tcp --dport 80 -j REDIRECT --to-ports 8080), then run intercept --ports 8080 --target example.com:80. For HTTPS, provide a CA certificate with --cert and --key; clients must trust it. Lua scripts can rewrite headers, bodies, or inject responses dynamically. Features include traffic logging, timeouts, and multi-threading for performance.

CAVEATS

Requires root for transparent mode via iptables REDIRECT/TPROXY.
Clients must trust the CA cert for HTTPS.
Not suitable for production due to single-target limitation.

LUA API

Scripts access req/res objects with methods like req:header("Host"), res:body():gsub(...). See docs for full API.

INSTALLATION

Via Go: go install github.com/waisbrot/intercept@latest.
Or build from source; no distro packages widely available.

HISTORY

Created by Jason Waisbrot in 2015 as an open-source Go project on GitHub (waisbrot/intercept). Evolved for easier HTTP debugging; last major updates around 2020 with Lua support enhancements.

SEE ALSO

mitmproxy(1), socat(1), sslsplit(1), nginx(8)

Copied to clipboard