Hey HN — I’ve built BlankTrace, a cross-platform (Linux/macOS) Rust CLI/daemon that acts as a local HTTP/HTTPS MITM proxy to anonymize your browser traffic.

## What it does / Why you might use it

Randomizes browser fingerprint: rotates User‑Agent (via rand_agents) and Accept‑Language headers.

- Strips or blocks cookies on requests/responses.

- Regex‑based tracker / domain blocking with whitelist support.

- Runs as a MITM proxy on localhost:8080 with full TLS interception (generates its own CA) for HTTPS.

- Logs proxy activity asynchronously into SQLite (requests, blocked domains, fingerprint rotations, cookie behavior).

- Provides a CLI interface: view stats, manage whitelist/blocklist, export data, etc.

## Technical details

- Written in Rust.

- Uses: hudsucker (for the MITM proxy), rand_agents (for realistic UA rotation), rusqlite (logging), tokio, clap etc.

- Configuration via config.yaml, allowing you to tune rotation mode, block patterns, retention policy, and more.

- Logging schema includes tables for domains, IPs, cookie attempts, fingerprint rotations, etc.

Requires trusting the generated CA certificate in your browser / OS for HTTPS interception.

MIT‑licensed.

## Current status

- Proxy is fully functional: HTTP/HTTPS interception works.

- Fingerprint randomization is working across requests.

- Cookie stripping and domain blocking are implemented.

- Async logging to SQLite is operational.

- Graceful shutdown, CA persistence, and log cleanup are supported.

- Known limitation: manual installation of the CA cert is required to intercept HTTPS.

## Why I built this

I wanted a lightweight, performant, and configurable proxy for browsing with more privacy — without relying on heavyweight browser extensions. BlankTrace gives you control over fingerprinting, cookies, and trackers, all under your own daemon.

## Get started

- GitHub repo: https://github.com/mrorigo/blanktrace

- Project homepage / docs: https://mrorigo.github.io/blanktrace/

- Build: cargo build --release → run ./target/release/blanktrace

Trust the generated CA certificate in your system / browser to enable HTTPS interception.

Use CLI: blanktrace stats, domains, whitelist, export, etc.

## Feedback / Help Wanted

I’d love feedback on configuration UX (are the defaults sane? what settings do you want exposed?)

It's new — testing on different platforms / browsers would help ensure stability.

Contributions (code, documentation, detection rules) are very welcome.

If you care about privacy, fingerprint randomization, or want to better understand your browser’s network behavior — I’d appreciate you checking it out.