How to use whistle to intercept HTTPS requests and how to configure certificates?

Answer

To intercept HTTPS requests using whistle, you need to configure HTTPS certificates, which is a common requirement for HTTPS proxy tools.

Installation Steps

1. Install whistle

   bash
   npm install -g whistle

2. Start whistle

   bash
   w2 start

3. Access management interface Open browser and visit http://127.0.0.1:8899/

Configure HTTPS Certificate

1. Download root certificate

   • Click "HTTPS" tab in whistle management interface
   • Click "Download RootCA" to download root certificate file

2. Install root certificate to system

   Windows system:

   • Double-click the downloaded certificate file
   • Select "Install Certificate"
   • Select "Local Computer"
   • Place certificate in "Trusted Root Certification Authorities"

   Mac system:

   • Open "Keychain Access"
   • Double-click certificate file to import
   • Find the imported certificate and double-click to open
   • Set "Trust" to "Always Trust"

   Linux system:

   bash
   sudo cp rootCA.crt /usr/local/share/ca-certificates/
   sudo update-ca-certificates

3. Enable HTTPS interception

   • Check "Capture HTTPS" option in whistle management interface
   • Or enable via rule: pattern whistle.https://

Mobile HTTPS Configuration

1. Connect phone and computer to same Wi-Fi
2. Visit whistle proxy address in mobile browser
3. Download and install root certificate
4. Trust the certificate in phone settings
5. Configure mobile proxy to point to computer IP and whistle port

Notes

• HTTPS certificate is only valid on current device, mobile devices need separate installation
• Some apps use certificate pinning and may not be interceptable
• Restart browser after installing certificate
• Do not use this method to intercept HTTPS in production environment