Code review: terminal TLS MITM proxy in Rust (ratatui, tokio, rcgen, rustls)

โš“ Rust    ๐Ÿ“… 2026-06-30    ๐Ÿ‘ค surdeus    ๐Ÿ‘๏ธ 2      

surdeus

I've been building Cogitator, a terminal-based TLS MITM intercepting
proxy in Rust, primarily as a learning project for both network security
and the language itself. Would appreciate any feedback on architecture
and Rust-specific decisions.

Core stack:

  • tokio 1 (full) โ€” async runtime for the proxy core
  • ratatui 0.26 + crossterm โ€” TUI with 6 screens
  • rcgen 0.13 โ€” on-the-fly per-domain leaf certificate signing
  • rustls 0.23 + tokio-rustls 0.26 + webpki-roots โ€” TLS stack
  • hyper 1.0 + hyper-util + http-body-util โ€” HTTP layer
  • reqwest 0.12 โ€” outbound requests (brotli/gzip/deflate)
  • libloading + inventory โ€” external .so plugin system
  • tracing + tracing-subscriber (json) โ€” structured logging
  • hickory-client โ€” DNS queries

Decisions I'm unsure about and would love feedback on:

  • Coexisting the async proxy core with the synchronous ratatui event
    loop via block_in_place / spawn_blocking โ€” is there a cleaner
    pattern for this?
  • Per-domain TlsAcceptor cache behind Arc<Mutex<HashMap>> โ€”
    worth switching to DashMap?
  • Using hyper 1.0 directly alongside reqwest 0.12 (which uses
    hyper internally) โ€” is there redundancy here worth cleaning up?
  • SiteAnalyzer trait for DI in the proxy pipeline โ€” does this feel
    idiomatic or over-engineered for this scale?

What it does:

  • TLS MITM with ALPN/HTTP2, WebSocket interception (RFC 6455)
  • Frozen mode โ€” pause live requests, edit headers/body, forward/drop
  • Active scanner: SQLi (error-based), XSS (reflected/stored),
    Path Traversal
  • Repeater, Intruder (Sniper/BatteringRam/Pitchfork/ClusterBomb),
    BFS Spider
  • Plugin system with versioned ABI via cogitator-plugin-api crate

GitHub: GitHub - LeechoShoop/cogitator: Terminal TLS MITM intercepting proxy and web security toolkit written in Rust ยท GitHub

1 post - 1 participant

Read full topic

๐Ÿท๏ธ Rust_feed