Grasscutters/mitmproxy
3
0
Fork 0
mirror of https://github.com/Grasscutters/mitmproxy.git synced 2025-02-02 00:05:27 +00:00
Code Issues Projects Releases Wiki Activity

Workaround for MacOS transparent proxy

Browse Source 
This workaround (adopted from #1261) allows MacOS users to redirect their machine's outgoing traffic to mitmproxy transparently.
This commit is contained in:
Miheer Dewaskar 2018-03-11 18:55:53 -04:00 committed by GitHub
parent 0bc3f1fbf1
commit 6f802274c1
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 37 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
docs/src/content/howto-transparent.md
View File

@ -262,8 +262,43 @@ inbound traffic. **This means that they will NOT redirect traffic coming
from the box running pf itself.** We can't distinguish between an from the box running pf itself.** We can't distinguish between an
outbound connection from a non-mitmproxy app, and an outbound connection outbound connection from a non-mitmproxy app, and an outbound connection
from mitmproxy itself - if you want to intercept your OSX traffic, you from mitmproxy itself - if you want to intercept your OSX traffic, you
should use an external host to run mitmproxy. Nonetheless, pf is should use an external host to run mitmproxy or see the work-around below.
flexible to cater for a range of creative possibilities, like PF is flexible to cater for a range of creative possibilities, like
intercepting traffic emanating from VMs. See the **pf.conf** man page intercepting traffic emanating from VMs. See the **pf.conf** man page
for more. for more.
{{% /note %}} {{% /note %}}
### Work-around to redirect traffic origination from the machine itself
Follow the steps **1, 2** as above. In step **3** change the file **pf.conf** to
{{< highlight none >}}
#The ports to redirect to proxy
redir_ports = "{http, https}"
#The address the transparent proxy is listening on
tproxy = "127.0.0.1 port 8080"
tproxy_user = "nobody"
#The users whose connection must be redirected.
#
#This cannot involve the user which runs the
#transparent proxy as that would cause an infinite loop.
#
#Here we redirect for all users which don't run transparent proxy.
redir_users = "{ !=" $tproxy_user "}"
#If you only wish to redirect traffic for particular users
#you may also do:
#redir_users = "{= john, = jane}"
rdr pass proto tcp from any to any port $redir_ports -> $tproxy
pass out route-to (lo0 127.0.0.1) proto tcp from any to any port $redir_ports user $redir_users
{{< / highlight >}}
Follow steps **4-6** above. This will redirect all the packets originating from all users other than `nobody` on the machine to mitmproxy. To avoid circularity, the we must run mitmproxy as the user `nobody`. Hence step **7** should look like:
{{< highlight bash >}}
sudo -u nobody mitmproxy --mode transparent --showhost
{{< / highlight >}}