pimterry
commented
1 month ago Hi @foosly. It's definitely possible to intercept QUIC in theory, but right now it's extremely challenging in practice, primarily because very few libraries and tools support QUIC. Most notably OpenSSL support is limited (last I saw, they supported it only client side, not server side - mitm tooling requires both) and because of this the support many in downstream languages & platforms (in our case, Node.js) is non-existent.
We're talking about QUIC here, but really HTTP/3 is what HTTP Toolkit would support (and related protocols like WebTransport) - I'm not currently planning on supporting raw QUIC traffic (in much the same way we don't currently support raw TLS connections or anything else similar).
As soon as Node.js has support for HTTP/3 (which is in progress, but not imminent as far as I'm aware) then it'll also be supported here ASAP afterwards. You're welcome to contribute to Node.js to help make that happen!
Is there a particular reason you're interested in this?
Hi, do you have plans to support QUIC connections as it appears that mitm is possible too ?