I'm looking for a network monitor in a top-like interface, but I would like to be able to inspect all requests / responses, not just the IP addresses that are being connected to. I've found several tools [1] that seems to sort of fit what I'm looking for, with iptraf seeming to be closest in ui and httpry seeming to be the closest in functionality.
The problem with httpry (apart from interface) is that it can only show http requests, not https -- which is intuitive, because of what the s in https stands for. But, for example, in my browser, I can monitor all requests that are made and their responses, regardless of whether they are https or not. Presumably, this is because the browser is the owner of the key used in the request, so they can decrypt the messages, while outside the browser one can't. But at least in theory, it seems like with root access on my machine I should be able to do this outside the browser, too, for obvious reasons. Is the only reason other tools aren't able to do this that they don't know the location of the keys the browser is using, in the case of responses, and that they don't see the request prior to encryption and sending, in the case of requests? ie a pragmatic issue.
My intuition is that I could set up a proxy on my own computer that provides a singular key for encrypting requests made to the proxy from within my computer, then can decrypt the request, make it available to me to read, and re-encrypt and pass along to the actual target server, then do more-or-less the same in reverse. Does something like this exist that can be monitored from a TUI and isn't a glaring security vulnerability?
If the tool is also able to monitor all types of traffic on the interface and present it in some readable / usable format, that is a plus -- something like ssh bob@bobserver | ip 123.456.789.101 | port 22 | proc 12345 | user bob | 2024-01-01 12:24:46.
[1] nethogs jnettop chitose iftop iptstate nagios iptraf httpry
mitmproxy:) mitmproxy.org