diff options
| author | Aldo Cortesi <aldo@nullcube.com> | 2013-03-18 08:36:56 +1300 |
|---|---|---|
| committer | Aldo Cortesi <aldo@nullcube.com> | 2013-03-18 08:36:56 +1300 |
| commit | 6614498744a45138adc770ef6e5882366b96b25e (patch) | |
| tree | 7ab6f5364b96cba1c4f4f11bd0fbf7e24dc39ccc /doc-src/transparent/osx.html | |
| parent | d2d3eb6490a6b342f8d205e26d04c913b8e2a5f7 (diff) | |
| download | mitmproxy-6614498744a45138adc770ef6e5882366b96b25e.tar.gz mitmproxy-6614498744a45138adc770ef6e5882366b96b25e.tar.bz2 mitmproxy-6614498744a45138adc770ef6e5882366b96b25e.zip | |
Update styling, GameCenter highscore tutorial.
Diffstat (limited to 'doc-src/transparent/osx.html')
| -rw-r--r-- | doc-src/transparent/osx.html | 68 |
1 files changed, 68 insertions, 0 deletions
diff --git a/doc-src/transparent/osx.html b/doc-src/transparent/osx.html index e69de29b..20158873 100644 --- a/doc-src/transparent/osx.html +++ b/doc-src/transparent/osx.html @@ -0,0 +1,68 @@ + + +OSX Lion integrated the [pf](http://www.openbsd.org/faq/pf/) packet filter from +the OpenBSD project, which mitmproxy uses to implement transparent mode on OSX. +Note that this means we don't support transparent mode for earlier versions of +OSX. + +<ol class="tlist"> + + <li> <a href="@!urlTo("ssl.html")!@">Install the mitmproxy + certificates on the test device</a>. </li> + + <li> Enable IP forwarding: + + <pre class="terminal">sudo sysctl -w net.inet.ip.forwarding=1</pre> + </li> + + <li> Place the following two lines in a file called, say, <b>pf.conf</b>: + +<pre class="terminal">rdr on en2 inet proto tcp to any port 80 -> 127.0.0.1 port 8080 +rdr on en2 inet proto tcp to any port 443 -> 127.0.0.1 port 8080 +</pre> + + These rules tell pf to redirect all traffic destined for port 80 or 443 + to the local mitmproxy instance running on port 8080. You should + replace <b>en2</b> with the interface on which your test device will + appear. + + </li> + + <li> Configure pf with the rules: + + <pre class="terminal">sudo pfctl -f pf.conf</pre> + + </li> + + <li> And now enable it: + + <pre class="terminal">sudo pfctl -e</pre> + + </li> + + <li> Configure your test device to use the host on which mitmproxy is + running as the default gateway.</li> + + <li> Configure sudoers to allow mitmproxy to access pfctl. Edit the file + <b>/etc/sudoers</b> on your system as root. Add the following line to the end + of the file: + + <pre>ALL ALL=NOPASSWD: /sbin/pfctl -s state</pre> + + Note that this allows any user on the system to run the command + "/sbin/pfctl -s state" as root without a password. This only allows + inspection of the state table, so should not be an undue security risk. If + you're special feel free to tighten the restriction up to the user running + mitmproxy.</li> + + <li> Finally, fire up mitmproxy. You probably want a command like this: + + <pre class="terminal">mitmproxy -T --host</pre> + + The <b>-T</b> flag turns on transparent mode, and the <b>--host</b> + argument tells mitmproxy to use the value of the Host header for URL + display. + + </li> + +</ol> |