diff options
| author | Thomas Kriechbaumer <Kriechi@users.noreply.github.com> | 2019-09-28 11:33:32 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2019-09-28 11:33:32 +0200 |
| commit | 079374dec845e9faff64868bf8c8a85dd23ee26e (patch) | |
| tree | ccea7e8ab00949ee130ca8c2cd6b69f036983e67 /docs | |
| parent | 56b993ea26bf5c06629c6ffbd377f928267ad36e (diff) | |
| parent | 586f8d2044e18f66b2a8ce531f94b659abfb8a1e (diff) | |
| download | mitmproxy-079374dec845e9faff64868bf8c8a85dd23ee26e.tar.gz mitmproxy-079374dec845e9faff64868bf8c8a85dd23ee26e.tar.bz2 mitmproxy-079374dec845e9faff64868bf8c8a85dd23ee26e.zip | |
Merge pull request #3600 from king6cong/master
fix pf.conf on macOS
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/src/content/howto-transparent.md | 16 |
1 files changed, 5 insertions, 11 deletions
diff --git a/docs/src/content/howto-transparent.md b/docs/src/content/howto-transparent.md index 3915e4b7..5f7c189a 100644 --- a/docs/src/content/howto-transparent.md +++ b/docs/src/content/howto-transparent.md @@ -50,7 +50,7 @@ a newly created `/etc/sysctl.d/mitmproxy.conf` (see [here](https://superuser.com sysctl -w net.ipv4.conf.all.send_redirects=0 {{< / highlight >}} -If your test device is on the same physical network, your machine shouldn't inform the device that +If your test device is on the same physical network, your machine shouldn't inform the device that there's a shorter route available by skipping the proxy. If you want to persist this across reboots, see above. @@ -83,7 +83,7 @@ The `--mode transparent` option turns on transparent mode, and the `--showhost` ### 5. Finally, configure your test device. -Set the test device up to use the host on which mitmproxy is running as the default gateway and +Set the test device up to use the host on which mitmproxy is running as the default gateway and [install the mitmproxy certificate authority on the test device]({{< relref "concepts-certificates" >}}). @@ -132,7 +132,7 @@ mitmproxy to use the value of the Host header for URL display. ### 6. Finally, configure your test device. -Set the test device up to use the host on which mitmproxy is running as the default gateway and +Set the test device up to use the host on which mitmproxy is running as the default gateway and [install the mitmproxy certificate authority on the test device]({{< relref "concepts-certificates" >}}). @@ -213,7 +213,7 @@ mitmproxy to use the value of the Host header for URL display. ### 7. Finally, configure your test device. -Set the test device up to use the host on which mitmproxy is running as the default gateway and +Set the test device up to use the host on which mitmproxy is running as the default gateway and [install the mitmproxy certificate authority on the test device]({{< relref "concepts-certificates" >}}). {{% note %}} @@ -246,15 +246,9 @@ tproxy_user = "nobody" #This cannot involve the user which runs the #transparent proxy as that would cause an infinite loop. # -#Here we redirect for all users which don't run transparent proxy. -redir_users = "{ !=" $tproxy_user "}" - -#If you only wish to redirect traffic for particular users -#you may also do: -#redir_users = "{= john, = jane}" rdr pass proto tcp from any to any port $redir_ports -> $tproxy -pass out route-to (lo0 127.0.0.1) proto tcp from any to any port $redir_ports user $redir_users +pass out route-to (lo0 127.0.0.1) proto tcp from any to any port $redir_ports user { != $tproxy_user } {{< / highlight >}} Follow steps **3-5** above. This will redirect the packets from all users other than `nobody` on the machine to mitmproxy. To avoid circularity, run mitmproxy as the user `nobody`. Hence step **6** should look like: |