This is only a problem if a client application has a server certificate pinned in source code. Otherwise, you can create a cert with a privacy CA and add it to a desktop OS trusted cert store.
Adding a CA cert to the OS trust store only works if the application uses it. I've encountered apps that don't use the OS trust store or networking stack; even then it's possible to reverse engineer the traffic though[0].
K0nserv|1 year ago
0: https://hugotunius.se/2020/08/07/stealing-tls-sessions-keys-...