

distrib > Mageia > 4 > i586 > by-pkgid > afa0e7c59554a6ec33ced1a95f14102d > files > 233


<!DOCTYPE html>
<html xmlns=""><head><meta  content="text/html; charset=utf-8" http-equiv="Content-Type"/>

<link  href="../01-bootstrap.min.css" type="text/css" rel="StyleSheet"/>
<link  href="../02-docstyle.css" type="text/css" rel="StyleSheet"/>
<link  href="../syntax.css" type="text/css" rel="StyleSheet"/>
<title>mitmproxy 0.9 - OSX</title></head><body><div class="navbar navbar-fixed-top">
  <div class="navbar-inner">
    <div class="container">
      <a class="btn btn-navbar" data-toggle="collapse" data-target=".nav-collapse">
        <span class="icon-bar"></span>
        <span class="icon-bar"></span>
        <span class="icon-bar"></span>
      <a class="brand" href="../index.html">mitmproxy 0.9 docs</a>
      </div><!--/.nav-collapse -->

<div class="container">
  <div class="row">
    <div class="span3">
      <div class="well sidebar-nav">
        <ul class="nav nav-list">
            <li><a href="../index.html">Introduction</a></li>
            <li><a href="../install.html">Installation</a></li>
            <li><a href="../howmitmproxy.html">How mitmproxy works</a></li>

            <li class="nav-header">Tools</li>
                <li><a href="../mitmproxy.html">mitmproxy</a></li>
                <li><a href="../mitmdump.html">mitmdump</a></li>

            <li class="nav-header">Features</li>
                <li><a href="../features/anticache.html">Anticache</a></li>
                <li><a href="../features/clientreplay.html">Client-side replay</a></li>
                <li><a href="../features/filters.html">Filter expressions</a></li>
                <li><a href="../features/proxyauth.html">Proxy Authentication</a></li>
                <li><a href="../features/replacements.html">Replacements</a></li>
                <li><a href="../features/serverreplay.html">Server-side replay</a></li>
                <li><a href="../features/setheaders.html">Set Headers</a></li>
                <li><a href="../features/sticky.html">Sticky cookies and auth</a></li>
                <li><a href="../features/reverseproxy.html">Reverse proxy mode</a></li>
                <li><a href="../features/upstreamcerts.html">Upstream Certs</a></li>

            <li class="nav-header">Installing Certificates</li>
                <li><a href="../ssl.html">Overview</a></li>
                <li><a href="../certinstall/firefox.html">Firefox</a></li>
                <li><a href="../certinstall/osx.html">OSX</a></li>
                <li><a href="../certinstall/windows7.html">Windows 7</a></li>
                <li><a href="../certinstall/ios.html">IOS</a></li>
                <li><a href="../certinstall/ios-simulator.html">IOS Simulator</a></li>
                <li><a href="../certinstall/android.html">Android</a></li>

            <li class="nav-header">Transparent Proxying</li>
                <li><a href="../transparent.html">Overview</a></li>
                <li><a href="linux.html">Linux</a></li>
                <li class="active"><a href="osx.html">OSX</a></li>

             <li class="nav-header">Tutorials</li>
                <li><a href="../tutorials/30second.html">Client playback: a 30 second example</a></li>
                <li><a href="../tutorials/gamecenter.html">Setting highscores on Apple's GameCenter</a></li>

            <li class="nav-header">Scripting mitmproxy</li>
                <li><a href="../scripting/inlinescripts.html">Inline Scripts</a></li>
                <li><a href="../scripting/libmproxy.html">libmproxy</a></li>

            <li class="nav-header">Hacking</li>
                <li><a href="../dev/testing.html">Testing</a></li>


    <div class="span9">
        <div class="page-header">
        <p>OSX Lion integrated the <a href="">pf</a> packet filter from
the OpenBSD project, which mitmproxy uses to implement transparent mode on OSX.
Note that this means we don't support transparent mode for earlier versions of

<ol class="tlist">

    <li> <a href="../ssl.html">Install the mitmproxy
    certificates on the test device</a>. </li>

    <li> Enable IP forwarding:

    <pre class="terminal">sudo sysctl -w net.inet.ip.forwarding=1</pre>

    <li>  Place the following two lines in a file called, say, <b>pf.conf</b>:

<pre class="terminal">rdr on en2 inet proto tcp to any port 80 -&gt; port 8080
rdr on en2 inet proto tcp to any port 443 -&gt; port 8080

        These rules tell pf to redirect all traffic destined for port 80 or 443
        to the local mitmproxy instance running on port 8080. You should
        replace <b>en2</b> with the interface on which your test device will


    <li> Configure pf with the rules:

        <pre class="terminal">sudo pfctl -f pf.conf</pre>


    <li> And now enable it:

        <pre class="terminal">sudo pfctl -e</pre>


    <li> Configure sudoers to allow mitmproxy to access pfctl. Edit the file
    <b>/etc/sudoers</b> on your system as root. Add the following line to the end
    of the file:

    <pre>ALL ALL=NOPASSWD: /sbin/pfctl -s state</pre>

    Note that this allows any user on the system to run the command
    "/sbin/pfctl -s state" as root without a password. This only allows
    inspection of the state table, so should not be an undue security risk. If
    you're special feel free to tighten the restriction up to the user running

    <li> Fire up mitmproxy. You probably want a command like this:

        <pre class="terminal">mitmproxy -T --host</pre>

        The <b>-T</b> flag turns on transparent mode, and the <b>--host</b>
        argument tells mitmproxy to use the value of the Host header for URL


    <li> Finally, configure your test device to use the host on which mitmproxy is
    running as the default gateway.</li>




    <p>© mitmproxy project, 2013</p>