Web Proxy MCP Server

Instructions

Implementation Reference

• src/ssl/ssl-manager.js:215-227 (handler)

  Core handler implementation: reads the CA certificate file from disk, retrieves its content, and generates platform-specific installation instructions using _getInstallationInstructions helper.
  async getCACertificate() { const caCertPath = path.join(this.caDir, 'ca.crt'); try { const certContent = await fs.readFile(caCertPath, 'utf-8'); return { certPath: caCertPath, certContent, installationInstructions: this._getInstallationInstructions(caCertPath) }; } catch (error) { throw new Error(`CA certificate not found: ${error.message}`); } }
• src/tools/tool-handlers.js:116-123 (handler)

  MCP tool dispatch handler: invokes sslManager.getCACertificate() and formats the result as MCP content response with certificate path and instructions.
  case 'ssl_get_ca_certificate': const caCert = await this.sslManager.getCACertificate(); return { content: [{ type: "text", text: `📜 CA Certificate\n\n📁 Certificate Path: ${caCert.certPath}\n\n${caCert.installationInstructions}` }] };
• src/tools/tool-definitions.js:209-216 (schema)

  Tool schema definition: specifies the tool name, description, and empty input schema (no parameters required).
  ssl_get_ca_certificate: { name: "ssl_get_ca_certificate", description: "Get CA certificate and installation instructions", inputSchema: { type: "object", properties: {} } },
• src/ssl/ssl-manager.js:232-310 (helper)

  Helper method that generates detailed, platform-specific (Linux/macOS/Windows) installation instructions for trusting the CA certificate in browsers and system stores.
  _getInstallationInstructions(caCertPath) { const platform = os.platform(); const caName = this.currentCA; const instructions = { linux: [ `🐧 Linux Installation:`, ``, `1. Copy CA certificate to system store:`, ` sudo cp "${caCertPath}" /usr/local/share/ca-certificates/${caName}.crt`, ` sudo update-ca-certificates`, ``, `2. For browsers (Chrome/Chromium):`, ` chrome://settings/certificates → Authorities → Import`, ` Select: ${caCertPath}`, ``, `3. For Firefox:`, ` about:preferences#privacy → Certificates → View Certificates`, ` → Authorities → Import → Select: ${caCertPath}`, ``, `4. Verify installation:`, ` openssl verify -CAfile "${caCertPath}" <any_generated_cert>` ], darwin: [ `🍎 macOS Installation:`, ``, `1. Add to system keychain:`, ` sudo security add-trusted-cert -d -r trustRoot -k /System/Library/Keychains/SystemRootCertificates.keychain "${caCertPath}"`, ``, `2. Alternative (user keychain):`, ` security add-trusted-cert -d -r trustRoot -k ~/Library/Keychains/login.keychain "${caCertPath}"`, ``, `3. For browsers:`, ` - Chrome: Uses system keychain automatically`, ` - Firefox: Manual import required (same as Linux)`, ``, `4. Verify in Keychain Access app` ], win32: [ `🪟 Windows Installation:`, ``, `1. Import via Certificate Manager:`, ` certmgr.msc → Trusted Root Certification Authorities`, ` → Certificates → Import → Select: ${caCertPath}`, ``, `2. Command line (as Administrator):`, ` certutil -addstore -f "ROOT" "${caCertPath}"`, ``, `3. PowerShell (as Administrator):`, ` Import-Certificate -FilePath "${caCertPath}" -CertStoreLocation Cert:\\LocalMachine\\Root`, ``, `4. Verify installation:`, ` certutil -store root | findstr "${caName}"` ] }; const platformInstructions = instructions[platform] || instructions.linux; return [ `🔒 SSL Certificate Installation Instructions`, ``, `CA Name: ${caName}`, `CA Certificate: ${caCertPath}`, `Platform: ${platform}`, ``, ...platformInstructions, ``, `⚠️ Important Security Notes:`, `- This CA can decrypt ALL HTTPS traffic routed through the proxy`, `- Only install on development/testing systems`, `- Remove CA when proxy testing is complete`, `- Keep CA private key secure and never share it`, ``, `🔄 To remove CA later:`, `- Linux: sudo update-ca-certificates --fresh`, `- macOS: security delete-certificate -c "${caName}" (in Keychain Access)`, `- Windows: certmgr.msc → Remove from Trusted Root CAs` ].join('\n'); }