aboutsummaryrefslogtreecommitdiffstats
path: root/docs/src
diff options
context:
space:
mode:
authorTom Saleeba <tom.saleeba@gmail.com>2019-08-01 15:37:25 +0930
committerGitHub <noreply@github.com>2019-08-01 15:37:25 +0930
commitba848e2040a50bc63fd14d79939df53869d9dcdb (patch)
treef3fd55fb4960cf89ac672756ff3926b66ca9ad80 /docs/src
parent0b0b4ccba6ac8a85e5ab4555af3df9dc80a81380 (diff)
downloadmitmproxy-ba848e2040a50bc63fd14d79939df53869d9dcdb.tar.gz
mitmproxy-ba848e2040a50bc63fd14d79939df53869d9dcdb.tar.bz2
mitmproxy-ba848e2040a50bc63fd14d79939df53869d9dcdb.zip
docs: add instructions for transparent proxy on Linux for traffic originating from the mitmproxy host itself
Diffstat (limited to 'docs/src')
-rw-r--r--docs/src/content/howto-transparent.md23
1 files changed, 23 insertions, 0 deletions
diff --git a/docs/src/content/howto-transparent.md b/docs/src/content/howto-transparent.md
index 3915e4b7..5b4b5dd8 100644
--- a/docs/src/content/howto-transparent.md
+++ b/docs/src/content/howto-transparent.md
@@ -86,6 +86,29 @@ The `--mode transparent` option turns on transparent mode, and the `--showhost`
Set the test device up to use the host on which mitmproxy is running as the default gateway and
[install the mitmproxy certificate authority on the test device]({{< relref "concepts-certificates" >}}).
+### Work-around to redirect traffic originating from the machine itself
+
+Follow steps **1, 2** as above, but *instead* of the commands in step **3**, run the following
+
+Create a user to run the mitmproxy
+{{< highlight bash >}}
+sudo useradd --create-home mitmproxyuser
+sudo -u mitmproxyuser 'cd ~ && pip install --user mitmproxy'
+{{< / highlight >}}
+
+Then, configure the iptables rules to redirect all traffic from our local machine to mitmproxy. **Note**, as soon as you run these, you won't be able to perform successful network calls *until* you start mitmproxy. If you run into issues, `iptables -t nat -F` is a heavy handed way to flush (clear) *all* the rules from the iptables `nat` table (which includes any other rules you had configured).
+{{< highlight bash >}}
+iptables -t nat -A OUTPUT -p tcp -m owner ! --uid-owner mitmproxyuser --dport 80 -j REDIRECT --to-port 8080
+iptables -t nat -A OUTPUT -p tcp -m owner ! --uid-owner mitmproxyuser --dport 443 -j REDIRECT --to-port 8080
+ip6tables -t nat -A OUTPUT -p tcp -m owner ! --uid-owner mitmproxyuser --dport 80 -j REDIRECT --to-port 8080
+ip6tables -t nat -A OUTPUT -p tcp -m owner ! --uid-owner mitmproxyuser --dport 443 -j REDIRECT --to-port 8080
+{{< / highlight >}}
+
+This will redirect the packets from all users other than `mitmproxyuser` on the machine to mitmproxy. To avoid circularity, run mitmproxy as the user `mitmproxyuser`. Hence step **4** should look like:
+{{< highlight bash >}}
+sudo -u mitmproxyuser bash -c '$HOME/.local/bin/mitmproxy --mode transparent --showhost --set block_global=false'
+{{< / highlight >}}
+
## OpenBSD