From fbfedbdc8f02bc36191d3fbf0f5cb7756331c89d Mon Sep 17 00:00:00 2001 From: smill Date: Sun, 4 Sep 2016 01:30:27 +0000 Subject: Improved error-handling / supplemented documention. --- docs/transparent.rst | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) (limited to 'docs') diff --git a/docs/transparent.rst b/docs/transparent.rst index eb77c76c..dc41f40f 100644 --- a/docs/transparent.rst +++ b/docs/transparent.rst @@ -1,5 +1,6 @@ .. _transparent: +==================== Transparent Proxying ==================== @@ -20,5 +21,20 @@ destination of the TCP connection. At the moment, mitmproxy supports transparent proxying on OSX Lion and above, and all current flavors of Linux. +Fully transparent mode +======= +By default mitmproxy will use its own local ip address for its server-side connections. +In case this isn't desired, the --spoof-source-address argument can be used to +use the client's ip address for server-side connections. + +This mode does require root privileges though. There's a wrapper in the examples directory +called 'mitmproxy_shim.c', which will enable you to use this mode with dropped priviliges. +It can be used as follows: + +gcc examples/mitmproxy_shim.c -o mitmproxy_shim -lcap +sudo chown root:root mitmproxy_shim +sudo chmod u+s mitmproxy_shim +./mitmproxy_shim $(which mitmproxy) -T --spoof-source-address + .. _iptables: http://www.netfilter.org/ .. _pf: https://en.wikipedia.org/wiki/PF_\(firewall\) -- cgit v1.2.3