I want to use mitmproxy to monitor Mac desktop application communication.

Asked 2 years ago, Updated 2 years ago, 294 views

I was able to check the communication of Chrome by installing the certificate on the Mac by referring to the following site, but I cannot check the HTTPS/HTTP communication sent by the desktop application.I would also like to debug communication when a container built with Docker accesses an external API.

Charles and others seem to be able to do the same thing, but does anyone know how to set it up?
Thank you for your cooperation.

Setup Reference Site
Use mitmproxy to check the app's communication

I think I can use it in transparent mode here, but I don't know how to pass packets.
transparent Proxy mode

Other than Chrome, you can monitor communication by specifying a proxy.I was able to monitor it at the terminal with the following command, so I think other apps can monitor it by specifying the proxy as localhost:8888.

 curl-X GET'https://www.apple.com/' --proxy localhost:8888

However, there is no way that all apps have proxy settings, so all Mac communications can be directed to the proxy.

charles proxy

Then, not all communication is suitable because only HTTP/HTTPS proxies are used when booting.Nevertheless, I don't understand why there is a difference between mitmproxy passing through the same proxy.Is it a difference in the certificate? mitmproxy does not open the AppStore, but charles proxy does.
I would like to use this, but mitmproxy can stop the request once, change the contents, and send it, or play Python scripts, so I would like to use this one if possible.

Add

mitmproxy--listen-port8888 allowed the proxy server to run with the port number the same as the charles proxy and set the proxy server setting to 127.0.0.1:8888 to check HTTP/HTTPS for proxy.(Https was denied connection because the handshake was not successful due to only http communication.) I used to use 192.168.xx.xx:8080.I wish I could do the AppStore as well, but it didn't work because it didn't connect.

However, I don't understand why the IP address (192.168.xx.xx) that was dumped locally is the same as 127.0.0.1 and localhost.Any port number seems to be fine.

Compare Certificates

Comparing the certificates, mitmproxy was like an Ore certificate, and the charles proxy was written.Was this the reason why you were denied access to other apps or AppStore?

You can use transparent mode.

Now you can turn all the networks on your mac to the mitproxy settings.

However, there are some things I don't understand about this setting.
Transparent Proxying

You may want to enter the following command to direct the mac to mitproxy.

Turn on port forward.

 sudo sysctl-wnet.inet.ip.forwarding=1

When finished, revert to 0 to restore it.

 sudo sysctl-wnet.inet.ip.forwarding=0

I'm not sure if this is a command.It looks like I'm going to change the settings of the file, but I don't know how to turn it back after doing this.

 rdr pass on en0inet protocol to any port {80,443}->127.0.0.1 port 8080

This is probably adding the above settings or something, but I'm not sure.

 sudo pfctl-ffpf.conf

Enable the above settings??

 sudo pfctl-e

I don't know what this means.

ALL ALL=NOPASSWD:/sbin/pfctl-state

Finally, run mitproxy

mitmproxy --mode transparent --showhost

If you run them in order, you'll probably be able to see all the desktop applications communicating, but if you don't understand the meaning of each command, could you tell me how to run them and how to undo them?
Thank you for your cooperation.

macos network http https debugging

2022-09-30 22:03

1 Answers

I think I can do it if I direct all Mac communications to the proxy.

After mitmproxy acts as a SOCKS proxy, you can specify it as a proxy in the Mac system configuration.

Modes of Operation #SOCKSProxy|mitmproxy docs

mitmdump --mode socks5

I wanted to try any application via SOCKS proxy on my Mac, so I tried

On the Mac, you can configure SOCKS proxy settings in Network Preferences > Wi-Fi > Advanced > Proxy.On the other hand, this setting essentially applies proxies to all applications that reference Mac network settings.(Some CLI applications on the terminal, such as ssh and curl, or Google Chrome, do not apply)


2022-09-30 22:03

If you have any answers or tips


© 2024 OneMinuteCode. All rights reserved.