Intercept SSL Traffic

Run Internet Sharing on your host, gateway address is 10.0.2.1, client wifi address is 10.0.2.x

Run burpsuite
Assumes you want to intercept traffic to :

proxy listeners

 * local listener port: 8443
 * listen on loopback interface only: no
 * support invisible proxying for non-proxy-aware clients: yes
 * redirect to host: 
 * redirect to port: 

server SSL certificate

 * generate a CA-signed certification with a specific hostname: 

intercept client requests

 * intercept-if: yes
 * update Content-Length: yes

intercept server responses

 * intercept-if: yes
 * update Content-Length: yes

misc

 * unpack gzip / deflate: yes

On the device
iptables -t nat -A OUTPUT -p tcp --dst  --dport  -j DNAT --to-destination :

openssl s_client -connect : -showcerts

copy the PortSwigger server CA cert into /etc/ssl/certs/trustedcerts/PortSwigger.pem

link it into /etc/ssl/certs/trustedcerts/ and /var/ssl/trustedcerts/ as .0

openssl x509 -hash -noout < PortSwigger.pem