The problem is that JS Fonts and other CDNed stuff won't load and websites will hang or work weird - particularly Stackoverflow. Bc it's all over https you can't MITM it and inject your own with OpenWRT/piholes. Decentraleyes (a Firefox browser extension) fixes some of this, but not all. If anyone has any additional suggestions, please let me know (it makes life bearable in China without a VPN)

You can create a self-signed certificate for Google domains and trust it on your machines. Then you can MITM. This won't work well if you want to do it at a scale, with a number of 3rd party users, but if the only user is you or your family, it should do the trick.

inetknght

> You can create a self-signed certificate for Google domains and trust it on your machines. Then you can MITM.

Can you point to or write up a blog post with a proof of concept?

cpach

mkcert[1] is probably the easiest way to generate root certificate and leaf certificate(s). Then you can use a proxy like Squid to intercept the traffic[2]. You’d also need a local DNS server to point hosts like fonts.googleapis.com to your own web server.

https://github.com/FiloSottile/mkcert

https://turbofuture.com/internet/Intercepting-HTTPS-Traffic-...

[Edit: Now that I think of it, I’m not sure if Squid is really required...]