Story

I've released Derusted — a programmable HTTPS MITM proxy engine written in Rust.

This grew out of frustration with existing MITM and proxy tooling being: - unsafe or outdated - coupled to one runtime or protocol - hard to embed into other projects - not flexible for security/compliance use cases

Derusted is a library-first design, meant to be used inside other systems like: - browser automation tooling - secure proxies and gateway stacks - traffic inspection - network research - observability and incident response tooling

Highlights: - Written fully in safe Rust - Supports HTTP/1.1 & HTTP/2 MITM - Pluggable inspection pipeline - Certificate generation + pinned cert detection - Redaction support for sensitive data - No `unsafe` - ~150 tests

Links: Repo: https://github.com/kumarimlab/derusted Crate: https://crates.io/crates/derusted Docs: https://docs.rs/derusted/latest/derusted/

Still early, but I'd love feedback — especially around QUIC/H3, benchmarking, use cases, and potential improvements.

Happy to answer questions.