使用 mitmproxy 设置全局透明代理

发布于 2020-03-27 22:28:11

安装并运行 mitmproxy

brew install mitmproxy
# listen on 127.0.0.1:8080 to proxy HTTP/HTTPS traffic
sudo -u nobody mitmproxy --mode transparent --showhost

使用 pf 转发全局流量到 mitmproxy

$ sudo pfctl -f pf.conf
pfctl: Use of -f option, could result in flushing of rules
present in the main ruleset added by the system at startup.
See /etc/pf.conf for further details.

No ALTQ support in kernel
ALTQ related functions disabled

$ sudo pfctl -e

pf.conf 内容如下,mitmproxy 运行在同一台机器上,

#The ports to redirect to proxy
redir_ports = "{http, https}"

#The address the transparent proxy is listening on
tproxy = "127.0.0.1 port 8080"

#The user the transparent proxy is running as
tproxy_user = "nobody"

#The users whose connection must be redirected.
#
#This cannot involve the user which runs the
#transparent proxy as that would cause an infinite loop.
#

rdr pass proto tcp from any to any port $redir_ports -> $tproxy
pass out route-to (lo0 127.0.0.1) proto tcp from any to any port $redir_ports user { != $tproxy_user }
# rdr pass on en0 inet proto tcp to any port {80, 443} -> 127.0.0.1 port 8080

串联使用各种代理

假想一条代理链如下

  1. TUN device globally
  2. -> break here, socks over HTTP is impossible
  3. mitmproxy in upstream mode, expose as HTTP proxy
  4. HTTP proxy exposed by SS-NG

那么只能牺牲第1条特性,剩下的特性就是梯子+HTTP抓包。

参考链接

comments powered by Disqus