Inspect decrypted HTTPS traffic from a macOS guest VM, with per-domain breakpoints and firewall control on the host.
Install on the host Mac before starting:
- Proxyman: proxyman.io
- Vallum: vallumfirewall.com
- VirtualBuddy (or any VM with NAT/user-mode networking)
In VirtualBuddy, make sure the guest uses NAT (user-mode networking). This routes all guest traffic through the host at 192.168.64.1, which is what makes interception possible.
If your VM software does not support NAT or user-mode networking, skip to the Fallback section first, then return here.
Or ask Claude on the host: "Configure VirtualBuddy to use NAT networking for my VM"
By default Proxyman only listens on 127.0.0.1. Change it to accept connections from the VM:
- Proxyman → Preferences → Proxy
- Enable Allow other devices to connect
- Note the port (default
9090) - Make sure the macOS firewall allows incoming connections to Proxyman
Or ask Claude on the host: "Configure Proxyman to accept connections from other devices and allow it through the macOS firewall"
Start the VM. As soon as it boots, Vallum will show popups for outgoing connections. Allow the basics so the guest can get online:
- DHCP (UDP port 67/68)
- DNS (UDP port 53)
*.apple.com(for macOS guest first-time setup)claude.ai(for Claude Code setup)
Block everything else by default. You will selectively allow more as needed.
Or ask Claude on the host: "Help me configure Vallum to allow only DHCP, DNS, and *.apple.com from VirtualBuddy, blocking everything else by default"
Inside the guest VM, enable SSH so you can control it from the host terminal:
- Guest → System Settings → General → Sharing
- Enable Remote Login
Or run inside the guest:
sudo systemsetup -setremotelogin onThen from the host, find the guest IP and SSH in:
ssh user@<guest-ip>Via SSH or directly in the guest terminal:
curl -fsSL https://claude.ai/install.sh | bashThen authenticate:
claudecurl -o proxyman-ca.pem http://192.168.64.1:9090/ssl
sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain proxyman-ca.pemThis allows Proxyman to decrypt HTTPS traffic without certificate errors.
Or ask Claude on the guest: "Install the MITM certificate from the proxy at 192.168.64.1:9090"
# Set system proxy
networksetup -setwebproxy Wi-Fi 192.168.64.1 9090
networksetup -setsecurewebproxy Wi-Fi 192.168.64.1 9090
# Set environment variables
export HTTP_PROXY=http://192.168.64.1:9090
export HTTPS_PROXY=http://192.168.64.1:9090Or ask Claude on the guest: "Set the system proxy and environment variables to point at 192.168.64.1:9090"
On the guest, make a test request:
curl https://api.anthropic.comYou should see the decrypted request appear in Proxyman on the host. If it does, continue to Step 9.
If nothing appears in Proxyman, the VM's traffic is not routing through the host — follow the Fallback section below, then return here.
Or ask Claude on the guest: "Make a test HTTPS request to api.anthropic.com and confirm it appears in Proxyman on the host"
In Proxyman on the host:
- Right-click any request → Breakpoint to pause future matching requests
- Inspect, modify, or drop the request/response body before it continues
- Set persistent rules under Tools → Breakpoint
You now have full visibility and control over everything the guest sends to the internet.
Or ask Claude on the host: "Set up a Proxyman breakpoint to intercept all requests to api.anthropic.com"
VallumES uses macOS Endpoint Security to control which binaries are allowed to run on the guest. This lets you whitelist only the tools you expect Claude to use — any attempt by Claude to execute an unknown or unexpected binary will be blocked and require explicit approval.
Download and install VallumES on the guest from vallumfirewall.com/endpointsecurity, then whitelist the binaries you trust (e.g. bash, curl, node). Any new binary Claude tries to run will trigger a popup for you to allow or deny.
Or ask Claude on the guest: "Install VallumES from https://www.vallumfirewall.com/endpointsecurity/ and help me set up a whitelist of allowed binaries"
If Vallum isn't showing popups or Proxyman isn't seeing traffic, the VM's networking is bypassing the host. Fix this by installing TrustTunnel — server on the host, client on the guest — to force all guest traffic through the host regardless of the VM's network mode.
curl -fsSL https://raw.githubusercontent.com/TrustTunnel/TrustTunnel/refs/heads/master/scripts/install.sh | sh -s -
cd /opt/trusttunnel/
sudo ./setup_wizardWhen the wizard asks for a listen address, use 0.0.0.0:443. Complete the wizard, then export a client config for the guest:
./trusttunnel_endpoint vpn.toml hosts.toml -c guestclient -a 192.168.64.1Copy the printed config to the guest.
Or ask Claude on the host: "Install and configure TrustTunnel server on this Mac, listening on 0.0.0.0:443, and export a client config for 192.168.64.1"
curl -fsSL https://raw.githubusercontent.com/TrustTunnel/TrustTunnelClient/refs/heads/master/scripts/install.sh | sh -s -
cd /opt/trusttunnel_client/
./setup_wizard --mode non-interactive \
--endpoint_config <exported_config.toml> \
--settings trusttunnel_client.toml
sudo ./trusttunnel_client -c trusttunnel_client.tomlOnce connected, all guest traffic routes through the host. Return to Step 2.
Or ask Claude on the guest: "Install TrustTunnel client, configure it using the exported config, and connect to the VPN"