SSL Proxying

Decrypt HTTPS only for the hosts you choose — never silently.

SSL decoding is strictly opt-in per host. By default MinPin tunnels HTTPS without decrypting it (you'll see CONNECT entries but no readable body). You explicitly enable decoding for the domains you care about.

Enable SSL decode for a host

• Right-click a domain in the sidebar or a request in the list → Enable SSL Proxying (or use the Response tab's "Enable for This Domain" button).
• Or add hosts in Settings → SSL.

Once enabled, MinPin mints a per-host leaf certificate from your root CA on the fly and decrypts that host's traffic. Disable it the same way to go back to tunneling.

How it works

• Root CA: RSA-4096. Per-host leaf certificates: RSA-2048, random serials.
• Outbound TLS to the real server is still fully verified by default, so a network attacker can't MITM the connection between MinPin and the origin.