Grasscutters/mitmproxy
3
0
Fork 0
mirror of https://github.com/Grasscutters/mitmproxy.git synced 2024-11-22 15:37:45 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #3600 from king6cong/master

Browse Source 
fix pf.conf on macOS
This commit is contained in:
Thomas Kriechbaumer 2019-09-28 11:33:32 +02:00 committed by GitHub
commit 079374dec8
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 5 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
docs/src/content/howto-transparent.md
View File

@ -50,7 +50,7 @@ a newly created `/etc/sysctl.d/mitmproxy.conf` (see [here](https://superuser.com
sysctl -w net.ipv4.conf.all.send_redirects=0 sysctl -w net.ipv4.conf.all.send_redirects=0
{{< / highlight >}} {{< / highlight >}}
If your test device is on the same physical network, your machine shouldn't inform the device that If your test device is on the same physical network, your machine shouldn't inform the device that
there's a shorter route available by skipping the proxy. there's a shorter route available by skipping the proxy.
If you want to persist this across reboots, see above. If you want to persist this across reboots, see above.
@ -83,7 +83,7 @@ The `--mode transparent` option turns on transparent mode, and the `--showhost`
### 5. Finally, configure your test device. ### 5. Finally, configure your test device.
Set the test device up to use the host on which mitmproxy is running as the default gateway and Set the test device up to use the host on which mitmproxy is running as the default gateway and
[install the mitmproxy certificate authority on the test device]({{< relref "concepts-certificates" >}}). [install the mitmproxy certificate authority on the test device]({{< relref "concepts-certificates" >}}).
@ -132,7 +132,7 @@ mitmproxy to use the value of the Host header for URL display.
### 6. Finally, configure your test device. ### 6. Finally, configure your test device.
Set the test device up to use the host on which mitmproxy is running as the default gateway and Set the test device up to use the host on which mitmproxy is running as the default gateway and
[install the mitmproxy certificate authority on the test device]({{< relref "concepts-certificates" >}}). [install the mitmproxy certificate authority on the test device]({{< relref "concepts-certificates" >}}).
@ -213,7 +213,7 @@ mitmproxy to use the value of the Host header for URL display.
### 7. Finally, configure your test device. ### 7. Finally, configure your test device.
Set the test device up to use the host on which mitmproxy is running as the default gateway and Set the test device up to use the host on which mitmproxy is running as the default gateway and
[install the mitmproxy certificate authority on the test device]({{< relref "concepts-certificates" >}}). [install the mitmproxy certificate authority on the test device]({{< relref "concepts-certificates" >}}).
{{% note %}} {{% note %}}
@ -246,15 +246,9 @@ tproxy_user = "nobody"
#This cannot involve the user which runs the #This cannot involve the user which runs the
#transparent proxy as that would cause an infinite loop. #transparent proxy as that would cause an infinite loop.
# #
#Here we redirect for all users which don't run transparent proxy.
redir_users = "{ !=" $tproxy_user "}"
#If you only wish to redirect traffic for particular users
#you may also do:
#redir_users = "{= john, = jane}"
rdr pass proto tcp from any to any port $redir_ports -> $tproxy rdr pass proto tcp from any to any port $redir_ports -> $tproxy
pass out route-to (lo0 127.0.0.1) proto tcp from any to any port $redir_ports user $redir_users pass out route-to (lo0 127.0.0.1) proto tcp from any to any port $redir_ports user { != $tproxy_user }
{{< / highlight >}} {{< / highlight >}}
Follow steps **3-5** above. This will redirect the packets from all users other than `nobody` on the machine to mitmproxy. To avoid circularity, run mitmproxy as the user `nobody`. Hence step **6** should look like: Follow steps **3-5** above. This will redirect the packets from all users other than `nobody` on the machine to mitmproxy. To avoid circularity, run mitmproxy as the user `nobody`. Hence step **6** should look like: