From fbfedbdc8f02bc36191d3fbf0f5cb7756331c89d Mon Sep 17 00:00:00 2001
From: smill <smill@cuckoo.sh>
Date: Sun, 4 Sep 2016 01:30:27 +0000
Subject: Improved error-handling / supplemented documention.

---
 docs/transparent.rst | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

(limited to 'docs/transparent.rst')

diff --git a/docs/transparent.rst b/docs/transparent.rst
index eb77c76c..dc41f40f 100644
--- a/docs/transparent.rst
+++ b/docs/transparent.rst
@@ -1,5 +1,6 @@
 .. _transparent:
 
+====================
 Transparent Proxying
 ====================
 
@@ -20,5 +21,20 @@ destination of the TCP connection.
 At the moment, mitmproxy supports transparent proxying on OSX Lion and above,
 and all current flavors of Linux.
 
+Fully transparent mode
+=======
+By default mitmproxy will use its own local ip address for its server-side connections.
+In case this isn't desired, the --spoof-source-address argument can be used to
+use the client's ip address for server-side connections.
+
+This mode does require root privileges though. There's a wrapper in the examples directory
+called 'mitmproxy_shim.c', which will enable you to use this mode with dropped priviliges.
+It can be used as follows:
+
+gcc examples/mitmproxy_shim.c -o mitmproxy_shim -lcap
+sudo chown root:root mitmproxy_shim
+sudo chmod u+s mitmproxy_shim
+./mitmproxy_shim $(which mitmproxy) -T --spoof-source-address
+
 .. _iptables: http://www.netfilter.org/
 .. _pf: https://en.wikipedia.org/wiki/PF_\(firewall\)
-- 
cgit v1.2.3