diff options
| author | Rouli <rouli.net@gmail.com> | 2013-03-18 14:24:13 +0200 |
|---|---|---|
| committer | Rouli <rouli.net@gmail.com> | 2013-03-18 14:24:13 +0200 |
| commit | c94aadcb0ee5e7aab8acc46a0e4ac7d02a28df6f (patch) | |
| tree | 1e62785d669d86f6e551a99b9debfe445389bd48 /doc-src/transparent/osx.html | |
| parent | b6cae7cd2d0105d6a6fe9d35864d0f9b7c5f8924 (diff) | |
| parent | 5c33f6784b4ba34dd9825ea7e3070cdf0b2b4621 (diff) | |
| download | mitmproxy-c94aadcb0ee5e7aab8acc46a0e4ac7d02a28df6f.tar.gz mitmproxy-c94aadcb0ee5e7aab8acc46a0e4ac7d02a28df6f.tar.bz2 mitmproxy-c94aadcb0ee5e7aab8acc46a0e4ac7d02a28df6f.zip | |
Merge remote-tracking branch 'upstream/master'
Diffstat (limited to 'doc-src/transparent/osx.html')
| -rw-r--r-- | doc-src/transparent/osx.html | 68 |
1 files changed, 68 insertions, 0 deletions
diff --git a/doc-src/transparent/osx.html b/doc-src/transparent/osx.html index e69de29b..20158873 100644 --- a/doc-src/transparent/osx.html +++ b/doc-src/transparent/osx.html @@ -0,0 +1,68 @@ + + +OSX Lion integrated the [pf](http://www.openbsd.org/faq/pf/) packet filter from +the OpenBSD project, which mitmproxy uses to implement transparent mode on OSX. +Note that this means we don't support transparent mode for earlier versions of +OSX. + +<ol class="tlist"> + + <li> <a href="@!urlTo("ssl.html")!@">Install the mitmproxy + certificates on the test device</a>. </li> + + <li> Enable IP forwarding: + + <pre class="terminal">sudo sysctl -w net.inet.ip.forwarding=1</pre> + </li> + + <li> Place the following two lines in a file called, say, <b>pf.conf</b>: + +<pre class="terminal">rdr on en2 inet proto tcp to any port 80 -> 127.0.0.1 port 8080 +rdr on en2 inet proto tcp to any port 443 -> 127.0.0.1 port 8080 +</pre> + + These rules tell pf to redirect all traffic destined for port 80 or 443 + to the local mitmproxy instance running on port 8080. You should + replace <b>en2</b> with the interface on which your test device will + appear. + + </li> + + <li> Configure pf with the rules: + + <pre class="terminal">sudo pfctl -f pf.conf</pre> + + </li> + + <li> And now enable it: + + <pre class="terminal">sudo pfctl -e</pre> + + </li> + + <li> Configure your test device to use the host on which mitmproxy is + running as the default gateway.</li> + + <li> Configure sudoers to allow mitmproxy to access pfctl. Edit the file + <b>/etc/sudoers</b> on your system as root. Add the following line to the end + of the file: + + <pre>ALL ALL=NOPASSWD: /sbin/pfctl -s state</pre> + + Note that this allows any user on the system to run the command + "/sbin/pfctl -s state" as root without a password. This only allows + inspection of the state table, so should not be an undue security risk. If + you're special feel free to tighten the restriction up to the user running + mitmproxy.</li> + + <li> Finally, fire up mitmproxy. You probably want a command like this: + + <pre class="terminal">mitmproxy -T --host</pre> + + The <b>-T</b> flag turns on transparent mode, and the <b>--host</b> + argument tells mitmproxy to use the value of the Host header for URL + display. + + </li> + +</ol> |