Enable HTTPS Decryption with Surge on Apple TV

· 2 min read · 219 Words · -Views -Comments

Enabling MITM on Mac or iPhone with Surge is straightforward. How do you do it on Apple TV? Here’s the process I use.

Option 1: Mac Gateway Mode

If Surge on macOS runs in gateway mode with MITM enabled, every Apple TV request routed through the Mac is decrypted automatically—even if Surge on tvOS is off.

Option 2: Direct MITM on Apple TV

  1. Export the certificate from Surge on macOS/iOS (whichever device generated the tvOS profile). Use the same device that created the config to avoid mismatched certificate settings.

    https://static.1991421.cn/2024/2024-06-16-230836.jpeg

  2. Upload the certificate to a cloud service (e.g., Dropbox) to obtain a direct download link. I use Dropbox with dl=1, such as https://www.dropbox.com/scl/fi/aaa.crt?rlkey=xxx&e=1&dl=1.

  3. On Apple TV: Settings → General → Privacy & Security. Under “Share Apple TV Analytics,” press the Play button to add a profile. Enter the certificate URL, then complete the installation.

    https://static.1991421.cn/2024/2024-06-16-232418.jpg

  4. Go to Settings → General → About → Certificate Trust and trust the certificate.

  5. Add MITM rules to the Surge tvOS profile just as you would on macOS or iOS.

  6. MITM is now active—you can inspect traffic via Surge Dashboard on Mac or iPhone.

Some services (Spotify, Apple, etc.) use SSL pinning. Don’t MITM those hosts or the apps will fail.

Final Thoughts

That’s all it takes to enable MITM on Apple TV.

References

Networking Apple Ecosystem
Authors
Developer, digital product enthusiast, tinkerer, sharer, open source lover

Related