Inspecting Claude Code’s Network Traffic with Linux Namespaces and MITM Proxying (Part 4) 0 ▲ blog 2 hours ago · Tech · hide · 0 comments In part 3, we explored pulling hostnames from an encrypted session. In this post, we’ll crack some TLS. Decrypting HTTPS with a MITM proxy The hostname extraction helped us discover where scraping is launching from. WebFetch connects directly to target websites from your machine. But hostnames alone don’t reveal what Claude sends in those requests: the HTTP headers, the User-Agent string, the exact URL paths, or the response bodies it receives. To see the full content of Claude’s network traffic — and to understand exactly what target servers receive and what data flows back — we need to decrypt the TLS. How MITM proxying works We use a Man-in-the-Middle (MITM) proxy to read the plaintext content of claude’s HTTPS requests and responses. The proxy sits between claude and the target server, terminating TLS on both sides so it can read the traffic in between: claude ──TLS──► mitmproxy ──TLS──► example.com ▲ │ │ reads plaintext │ request & response │ trusts proxy's CA… No comments yet. Log in to reply on the Fediverse. Comments will appear here.