Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

intercept localhost traffic #316

Open
GuinGuinGuin opened this issue Mar 17, 2023 · 1 comment
Open

intercept localhost traffic #316

GuinGuinGuin opened this issue Mar 17, 2023 · 1 comment

Comments

@GuinGuinGuin
Copy link

Hi, I am trying to use sslsplit as a transparent proxy to intercept localhost traffic. I tried to send outgoing traffic (en0) to lo0 and subsequently redirect to sslsplit, but it didn't work. Anyone has any advice?

pf.conf:

scrub-anchor "com.apple/"
nat-anchor "com.apple/"
rdr-anchor "com.apple/"
rdr pass log on lo0 proto tcp from en0 to any port 443 -> 127.0.0.1 port 8080
dummynet-anchor "com.apple/"
anchor "com.apple/*"
load anchor "com.apple" from "/etc/pf.anchors/com.apple"
pass out on en0 route-to lo0 proto tcp from en0 to any port 443 keep state

sslsplit:

sudo sslsplit -D -k ca.key -c ca.crt https 127.0.0.1 8080
@sonertari
Copy link
Collaborator

On OpenBSD/pf I'd try the following divert rule:

pass out log quick on en0 proto tcp to port www divert-to lo port 8080

But,

  • I guess your OS and the version of pf are different. (FreeBSD? macOS?)
  • I don't remember the details, but I think I had tried a rule like that long ago, and it did not work, because, if I recall correctly, it was too late to divert outgoing packets like that. In short, I may be wrong.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sonertari @GuinGuinGuin