diff options
Diffstat (limited to 'doc-src')
| -rw-r--r-- | doc-src/certinstall/android.html | 7 | ||||
| -rw-r--r-- | doc-src/transparent/osx.html | 12 |
2 files changed, 15 insertions, 4 deletions
diff --git a/doc-src/certinstall/android.html b/doc-src/certinstall/android.html index e4efec1d..f215d91d 100644 --- a/doc-src/certinstall/android.html +++ b/doc-src/certinstall/android.html @@ -1,4 +1,3 @@ - The proxy situation on Android is [an embarrasment](http://code.google.com/p/android/issues/detail?id=1273). It's scarcely credible, but Android didn't have a global proxy setting at all until @@ -15,12 +14,12 @@ below - your device may differ, but the broad process should be similar. ## Getting the certificate onto the device First we need to get the __mitmproxy-ca-cert.cer__ file into the -__/sdcard/Downloads__ folder on the device. There are a number of ways to do +__/sdcard/Download__ folder on the device. There are a number of ways to do this. If you have the Android Developer Tools installed, you can use [__adb push__](http://developer.android.com/tools/help/adb.html) to accomplish this. Depending on your device, you could also transfer the file using external media like an SD Card. In this example, we're using wget from within a terminal -emulator to transfer the certificate from a local HTTP server: +emulator to transfer the certificate from a local HTTP server: <img src="android-shellwgetmitmproxyca.png"/> @@ -33,7 +32,7 @@ and select "Install from storage": <img src="android-settingssecuritymenu.png"/> -The certificate in /sdcard/Downloads is automatically located and offered for +The certificate in /sdcard/Download is automatically located and offered for installation. Installing the cert will delete the download file from the local disk: diff --git a/doc-src/transparent/osx.html b/doc-src/transparent/osx.html index 77eea63b..205e4c76 100644 --- a/doc-src/transparent/osx.html +++ b/doc-src/transparent/osx.html @@ -67,3 +67,15 @@ rdr on en2 inet proto tcp to any port 443 -> 127.0.0.1 port 8080 </ol> + +Note that the **rdr** rules in the pf.conf given above only apply to inbound +traffic. This means that they will NOT redirect traffic coming from the box +running pf itself. We can't distinguish between an outbound connection from a +non-mitmproxy app, and an outbound connection from mitmproxy itself - if you +want to intercept your OSX traffic, you should use an external host to run +mitmproxy. None the less, pf is flexible to cater for a range of creative +possibilities, like intercepting traffic emanating from VMs. See the +**pf.conf** man page for more. + + + |