Grasscutters/mitmproxy
3
0
Fork 0
mirror of https://github.com/Grasscutters/mitmproxy.git synced 2025-02-01 15:55:28 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #2986 from miheerdew/patch-1

Browse Source 
Workaround for MacOS transparent proxy
This commit is contained in:
Thomas Kriechbaumer 2018-05-06 12:24:24 +02:00 committed by GitHub
commit 44d788ff96
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 36 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
docs/src/content/howto-transparent.md
View File

@ -221,13 +221,47 @@ Note that the **rdr** rules in the pf.conf given above only apply to
inbound traffic. **This means that they will NOT redirect traffic coming
from the box running pf itself.** We can't distinguish between an
outbound connection from a non-mitmproxy app, and an outbound connection
from mitmproxy itself - if you want to intercept your OSX traffic, you
should use an external host to run mitmproxy. Nonetheless, pf is
from mitmproxy itself. If you want to intercept your own macOS traffic, see the work-around below or use an external host to run mitmproxy. In fact, PF is
flexible to cater for a range of creative possibilities, like
intercepting traffic emanating from VMs. See the **pf.conf** man page
for more.
{{% /note %}}
### Work-around to redirect traffic originating from the machine itself
Follow the steps **1, 2** as above. In step **3** change the contents of the file **pf.conf** to
{{< highlight none >}}
#The ports to redirect to proxy
redir_ports = "{http, https}"
#The address the transparent proxy is listening on
tproxy = "127.0.0.1 port 8080"
#The user the transparent proxy is running as
tproxy_user = "nobody"
#The users whose connection must be redirected.
#
#This cannot involve the user which runs the
#transparent proxy as that would cause an infinite loop.
#
#Here we redirect for all users which don't run transparent proxy.
redir_users = "{ !=" $tproxy_user "}"
#If you only wish to redirect traffic for particular users
#you may also do:
#redir_users = "{= john, = jane}"
rdr pass proto tcp from any to any port $redir_ports -> $tproxy
pass out route-to (lo0 127.0.0.1) proto tcp from any to any port $redir_ports user $redir_users
{{< / highlight >}}
Follow steps **4-6** above. This will redirect the packets from all users other than `nobody` on the machine to mitmproxy. To avoid circularity, run mitmproxy as the user `nobody`. Hence step **7** should look like:
{{< highlight bash >}}
sudo -u nobody mitmproxy --mode transparent --showhost
{{< / highlight >}}
## "Full" transparent mode on Linux