Building a Go MITM Proxy: Inspecting and Controlling Network Traffic with gyxy

Jul 4, 2025

Building a Go MITM Proxy: Inspecting and Controlling Network Traffic with gyxy

A while ago, I found myself bored and itching to build something new in Go. I'd already made my fair share of REST APIs (and let's be honest, they can get a little repetitive). I wanted a challenge—something different, something that would teach me more about how the internet really works under the hood.

That's when the idea hit me: Why not build a network proxy? Not just any proxy, but one that could handle both HTTP and HTTPS, inspect traffic, and even block certain sites. It sounded both useful and, more importantly, totally different from anything I'd done before. And so, i named it gyxy.

Why a Proxy?

Proxies are everywhere, but most people never think about them. They're the gatekeepers of the web, filtering, logging, and sometimes even rewriting traffic. I wanted to see what it would take to build one from scratch—and maybe learn a few secrets of the internet along the way.

What Makes gyxy Cool?

  • Handles HTTP and HTTPS: Not just the easy stuff—gyxy can peek inside encrypted traffic, too.
  • MITM Inspection: It can act as a (friendly!) man-in-the-middle, decrypting HTTPS so you can see what's really going on.
  • Domain Blocking: Want to block distracting sites? Just add them to a file and gyxy will handle the rest.
  • Colorful Logging: Because plain logs are boring, and I like a little color in my terminal.

The Journey: From Boredom to Bytes

I started out thinking, "How hard can it be to log some network traffic?" For HTTP, it was a breeze. But as soon as I tried to log HTTPS responses, all I got was a stream of random, unreadable bytes. At first, I thought I'd made a mistake in my code. But then it hit me: this is what encrypted traffic looks like when you don't have the keys!

So, I dove into the world of MITM proxies. I learned that to actually read HTTPS traffic, I'd need to:

  1. Create my own root CA certificate and convince my computer (and browser) to trust it.
  2. Intercept connections and generate a fake certificate for each site the client wanted to visit.
  3. Do a TLS handshake with the client using my fake cert, so the browser would think it was talking to the real site.
  4. Open a separate TLS connection to the real server and shuttle data back and forth.

Once I got this working, those random bytes turned into readable HTTP responses. I could see (and even modify) everything passing through my proxy. It was a real "aha!" moment.

A Peek Under the Hood

MITM for HTTPS

Here's a (simplified) snippet of how gyxy sets up its MITM tunnel:

// MITM tunnel setup (simplified)
rootCA, _ := tls.LoadX509KeyPair("certs/rootCA.pem", "certs/rootCA.key")
fakeCert, _ := generateCertificate(domain, &rootCA)
tlsConfig := &tls.Config{Certificates: []tls.Certificate{fakeCert}}
clientTLS := tls.Server(clientConn, tlsConfig)
clientTLS.Handshake()

Blocking Annoying Domains

Want to block a site? Just add it to the blocked file:

example.com
www.tiktok.com

Colorful Logging

Logs are structured and colorized using uber-go/zap and fatih/color:

logg, _ := logger.InitLogger()
proxy := proxy.New(logg)
proxy.Start(":8080")

How to Try It Yourself

Prerequisites

  • Go 1.24+
  • OpenSSL (for certificate generation)

Installation & Setup

  1. Clone and build:
git clone https://github.com/mohamedbeat/gyxy.git
cd gyxy
go build -o gyxy .
  1. Generate a root CA certificate:
openssl genrsa -out certs/rootCA.key 2048
openssl req -x509 -new -nodes -key certs/rootCA.key -sha256 -days 3650 -out certs/rootCA.crt
openssl x509 -in certs/rootCA.crt -out certs/rootCA.pem -outform PEM
  1. Install the certificate as trusted (Linux example):
sudo cp certs/rootCA.pem /usr/share/ca-certificates/mitm-proxy-ca.crt
sudo trust anchor --store /usr/share/ca-certificates/mitm-proxy-ca.crt
  1. Start the proxy:
./gyxy

  1. Configure your browser/system to use localhost:8080 as the HTTP/HTTPS proxy.

  2. Block domains: Add domains (one per line) to the blocked file.

What Can You Use It For?

  • Parental Control: Block distracting or unsafe sites for kids
  • Network Debugging: Inspect and debug HTTP/HTTPS traffic
  • Security Research: Get a simplified idea of how MITM proxies work

What I Learned (and Why It Was Fun)

This project was a wild ride from start to finish. I learned:

  • How MITM proxies actually work (and why HTTPS is so important!)
  • That encrypted traffic is just noise until you have the right keys
  • How to generate and use certificates, and how TLS handshakes really work
  • That Go's standard library is awesome for network programming, but encryption is always a little tricky
  • Most importantly: building something new, weird, and a little bit challenging is way more fun than just another CRUD API

If you ever find yourself bored, I highly recommend picking a project that's outside your comfort zone. You'll learn a ton—and you might even build something cool along the way.

Wrapping Up

gyxy was a fun, educational project that gave me a much deeper understanding of Go, networking, and security. The code is open source—feel free to check it out, contribute, or use it for your own experiments!

View the source on GitHub

mohammed.go