Magic-Mirror/mitmproxy
1
0
Fork 0
mirror of https://github.com/mitmproxy/mitmproxy.git synced 2024-11-23 13:19:48 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merge pull request #3603 from tomsaleeba/patch-1

Browse Source 
Transparent proxy on Linux for local originating traffic
This commit is contained in:
Thomas Kriechbaumer 2019-09-28 11:38:30 +02:00 committed by GitHub
commit 16bc62bd77
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 25 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
docs/src/content/howto-transparent.md
View File

@ -86,6 +86,31 @@ The `--mode transparent` option turns on transparent mode, and the `--showhost`
Set the test device up to use the host on which mitmproxy is running as the default gateway and
[install the mitmproxy certificate authority on the test device]({{< relref "concepts-certificates" >}}).
### Work-around to redirect traffic originating from the machine itself
Follow steps **1, 2** as above, but *instead* of the commands in step **3**, run the following
Create a user to run the mitmproxy
{{< highlight bash >}}
sudo useradd --create-home mitmproxyuser
sudo -u mitmproxyuser bash -c 'cd ~ && pip install --user mitmproxy'
{{< / highlight >}}
Then, configure the iptables rules to redirect all traffic from our local machine to mitmproxy. **Note**, as soon as you run these, you won't be able to perform successful network calls *until* you start mitmproxy. If you run into issues, `iptables -t nat -F` is a heavy handed way to flush (clear) *all* the rules from the iptables `nat` table (which includes any other rules you had configured).
{{< highlight bash >}}
iptables -t nat -A OUTPUT -p tcp -m owner ! --uid-owner mitmproxyuser --dport 80 -j REDIRECT --to-port 8080
iptables -t nat -A OUTPUT -p tcp -m owner ! --uid-owner mitmproxyuser --dport 443 -j REDIRECT --to-port 8080
ip6tables -t nat -A OUTPUT -p tcp -m owner ! --uid-owner mitmproxyuser --dport 80 -j REDIRECT --to-port 8080
ip6tables -t nat -A OUTPUT -p tcp -m owner ! --uid-owner mitmproxyuser --dport 443 -j REDIRECT --to-port 8080
{{< / highlight >}}
This will redirect the packets from all users other than `mitmproxyuser` on the machine to mitmproxy. To avoid circularity, run mitmproxy as the user `mitmproxyuser`. Hence step **4** should look like:
{{< highlight bash >}}
sudo -u mitmproxyuser bash -c '$HOME/.local/bin/mitmproxy --mode transparent --showhost --set block_global=false'
{{< / highlight >}}
## OpenBSD