Thanks for the responses. Not looking to break SSL security for NSA's sake. Funny though.
I intend to generate bogus CA, install into kids browser, etc, etc...
My main question has to do with the "Perl" side of this, and whether or not HTTP::Proxy can be used as the proxy for this need? I want to know if anyone knows if it will support SSL? If not, is there another module someone recommends for this?
I haven't ever written anything with HTTP::Proxy but it looks very flexible so you might be able to convince it to work with SSL. On the other hand, HTTP::Proxy isn't really designed for MITM attacks so it'll want to add the proper headers and such.
One way to do this would be to use POE. You can do something based on the Cookbook example of a simple Web Proxy.
I don't know about SSL, but HTTP::Proxy lends itself very nicely for monitoring/modifying things by being man-in-the-middle. I use it to allow special commands to be run by the proxy when a user requests specific URLs. I created a filter that monitors URLs, and breaks them apart. I can use this filter to modify what someone is asking for, change what is fed back to a user, and if I need the system to take an action and create a complete HTML page on the fly. Again, I do all of this with HTTP, not SSL. I don't know if HTTP::Proxy supports SSL, never tried it. Anyone try to get SSL to work with HTTP::Proxy? Good question.
Something like this is actually done in big institutions.
Some year ago I did a project in a big bank in Switzerland. Pretty much everybody there was using the "official" Internet Explorer. The funny thing was that when you used Firefox you got warnings on ssl-secured sites that the certificate did not match the domain-name. In fact it turned out that their proxy just returned a self-signed certificate and the "official" Internet Explorer had been modified so that it would silently accept this certificate.
So in effect they had a man-in-the-middle with hardly anybody noticing it.
So if you want to do it yourself the important thing is that you must be able to control the browser (and I assume that if you can force your users to use IE you're already halfway there).
And as an aside: Never trust the browsers that are rolled out by the IT-departments of big organisations.