Docs / Getting started / First capture
Your first capture
The short version. Launch Crusader and the CA wizard appears. Fastest path: click Open test browser — it opens a Chromium session that trusts Crusader with zero install and works even on HSTS sites. Prefer your own browser? Click Install certificate for one-click OS trust, then set that browser's HTTP and HTTPS proxy to 127.0.0.1:8080. Either way, browse an authorized target and every request lands in History — all traffic is captured there regardless of intercept mode. Then flip interception to Hold to pause and edit a request, and set a Target scope so you only store what matters.
01Install and launch
Download Crusader from the install page and launch it. No account, no email, no telemetry — the proxy, History, and request interception are Free forever. On first run you land on a one-step CA wizard titled "Trust the Crusader certificate" (pill STEP 1 OF 1 · SETUP). That's the whole setup.
Crusader's proxy listens on 127.0.0.1:8080, loopback only. If something already holds 8080, Crusader doesn't fail — it probes nearby ports and starts on the first free one, reporting something like started on 127.0.0.1:8081 (preferred port 8080 was busy). Note the port it actually picked; you'll point your browser at that exact number. You can change it later in Settings → Proxy listener (edit the value, press Enter, and the proxy live-restarts).
The interception engine is a native HTTP/2 MITM: it ALPN-negotiates h2 and falls back to h1. There is no HTTP/3 (h3) support, and the engine is locked on — there's nothing to configure here.
On an Apple-Silicon Mac, run the osx-x64 build under Rosetta 2 — the native osx-arm64 build doesn't ship (a WebView dependency doesn't build for arm64). The proxy and CA work fine under Rosetta.
02Trust the CA (or skip it)
To read HTTPS, your browser has to trust Crusader's certificate authority. The wizard gives you two buttons. The first needs no install at all.
Fastest: Open test browser (zero install)
Click Open test browser. Crusader launches an installed Chromium-family browser — Chrome, Chromium, Edge, or Brave — in an isolated, throwaway profile, already pointed at the proxy and already trusting Crusader's root by SHA-256 pin. Nothing is added to your OS or your daily browser's trust store. It even works on HSTS-preloaded sites (banks, Google, and the like) that reject a normally-trusted user CA. If the proxy is off, this starts it for you. This is the recommended path for your first capture.
The test browser is Chromium-only. Despite some UI copy, Firefox is not actually supported here — if you want to use Firefox, install the certificate and route it manually instead.
Or: Install certificate (one-click OS trust)
Click Install certificate to add Crusader's root to your operating system's trust store so any browser using it trusts intercepted HTTPS. It's one click, and what happens under the hood differs by OS:
| OS | What happens |
|---|---|
| Windows | Adds the root to CurrentUser\Root. Shows the standard Windows trust prompt. No admin rights needed. |
| macOS | Adds the root to your login keychain and prompts for your login password. No admin rights needed. |
| Linux | System trust needs admin (via pkexec/sudo). Chrome, Chromium, and Firefox keep their own stores, so Crusader also updates the browser NSS database — and tells you whether it did. Restart the browser afterward. |
On Linux, remember that system-trusted is not the same as browser-trusted; Crusader surfaces a note saying whether the browser store was actually updated.
There is no "Export CA" button. If a tool needs the public root certificate as a file, point it at ~/.crusader/ca/crusader-root.cer (the DER-encoded public cert). The matching private key lives in crusader-root.pfx and never leaves your machine.
When trust is in place the wizard confirms "You're ready to intercept HTTPS"; click Continue.
03Route a browser through the proxy
If you used Open test browser, skip this — that window is already routed. To use your own browser, point its HTTP and HTTPS proxy at Crusader. The address is 127.0.0.1 on the port the proxy reported (8080 unless it auto-healed to another).
Crusader gives you the exact string to paste. Open the intercept setup overlay ("Make interception predictable."), find step 02 Browser proxy — "Set your browser HTTP and HTTPS proxy to 127.0.0.1:{port}" — and click Copy address. Paste that into your browser or OS proxy settings for both HTTP and HTTPS.
Crusader never changes your system proxy for you, and there's no upstream-proxy or SOCKS chaining — it's the listener, nothing upstream of it. So undo the proxy setting in your browser when you're done, or that browser stops loading pages once Crusader isn't listening.
Confirm the proxy is up: the status pill reads green "Proxy active" with 127.0.0.1:{port}. If it says "Proxy off", start it from Settings → Proxy listener with Start capture.
04Read your first request in History
With the browser routed, load a page on your authorized target. Open the History screen from the sidebar. Each request you make appears as a row — method, URL, host, status, timing — and selecting one shows the full exchange in tabbed views: Raw, Headers, Params, and Body. That's your first intercepted HTTPS request, captured and decrypted.
If History is empty, you'll see "Start the proxy and browse through it. This project has no captures yet." — that means traffic isn't reaching the proxy. Re-check the browser's proxy setting and that the status pill is green.
Everything you browse lands in History — every time, in every mode. Intercept mode (next section) only decides whether requests pause; it never decides what gets recorded. So you can leave interception off and still have a complete, searchable capture of the session.
WebSocket connections are captured and bridged too, with frames decoded — not just plain HTTP requests.
05Pause a request with Hold mode
Capturing is passive. When you want to stop a request mid-flight to read or edit it before it goes out, switch interception to Hold. Crusader has three modes:
| Mode | Behavior |
|---|---|
| Off | Nothing pauses. Traffic still flows and is still captured to History. |
| Watch | Surfaces matching requests without blocking them. |
| Hold | Pauses matching requests so you can edit and forward them. |
Open the Intercept screen, set the mode to Hold (the intercept setup overlay's step 04 has a "Use Hold" shortcut), then reload your target. The next matching request pauses there for you to edit and forward. Smart Intercept skips the obvious noise by default — static assets, CORS preflight OPTIONS, prefetch, polling and heartbeats — so you stop on requests that matter, not page furniture.
Hold pauses requests, not responses. Response interception is not implemented — Crusader shows it as UNAVAILABLE. Responses are still captured in full to History; you just can't pause and rewrite them in flight.
06Set your target scope
By default, an empty scope means everything is in scope — fine for a first look, noisy for real work. Define a Target scope so Crusader only stores, scans, and surfaces the hosts in your engagement. Open Settings → Target scope.
Paste plain URLs or host patterns — no regex required — into the separate include and exclude boxes. Lines starting with ! (or exclude: / out:) are exclusions; allow: overrides the blocklist. For finer control the rule syntax accepts host globs like *.example.com, plus path:, host:, domain:, url:, CIDR ranges, and regex:. Already have a Burp engagement? Paste its Target scope JSON straight in.
Scope then drives the rest of the workstation: History storage ("Show out-of-scope in History" is off by default), out-of-scope response bodies, the scanner, Repeater's out-of-scope warning, and whether interception is restricted to in-scope traffic. A built-in tracker and telemetry blocklist always hides analytics hosts — Google Analytics, Segment, Sentry, Datadog, and the like — so they never clutter your capture.
That's a full first loop: trust, route, capture, pause, scope. From here you can replay anything you've captured, or tighten scope before you go deeper.
Want a guide that isn't here yet? Email hello@crusaderproxy.com.