Yesterday I was in the situation where I wanted to debug an iOS deviceand what network calls it would make. Normally the trivial step is tojust define an HTTP proxy server in the wifi settings but that will onlywork for as long as you have

Yesterday I was in the situation where I wanted to debug an iOS deviceand what network calls it would make. Normally the trivial step is tojust define an HTTP proxy server in the wifi settings but that will onlywork for as long as you have something that actually honors this proxyserver. But there are better ways to transparently proxy connections froma device connected via Wifi which does not require any changes on theactual device.

The Tools

In order for this to work you need a device running OS X which isconnected to the same network as the Wifi. Then you need to convince theWifi device to see you as the gateway instead of the actual gateway. Theeasiest way is just to go to the settings and change the gateway to yourcomputer's IP. The second ingredient is an HTTP proxy, ideally one thatcan also decrypt and reencrypt SSL traffic. Personally I can recommendCharles for that. Lastly you will needanother proxy that can work transparently which sits between your deviceand Charles. On OS X redsocks getsthis job done.

If you don't want to spend the money on Charles or you want to rewritetraffic with Python you can use mitmproxy.

The Setup

The first thing you will notice is that when you point your Wifi device toyour computer it will loose network connectivity. That's because bydefault your computer won't forward packets. This can easily be changedthrough sysctl:

$ sudo sysctl -w net.inet.ip.forwarding=1

After that you should be able to browse the internet again on your Wifidevice.

The second step is installing redsocks. If you have brew that's a very trivial operation:

$ brew install redsocks

Once installed you will need to create a config file for it. Call itredsocks.conf and place it in a folder from which you run redsocks:

base {
    log_debug = on;
    log_info = on;
    log = stderr;
    daemon = off;
    redirector = generic;
}
redsocks {
    local_ip = 0.0.0.0;
    local_port = 12345;
    ip = 127.0.0.1;
    port = 8889;
    // known types: socks4, socks5, http-connect, http-relay
    type = socks5;
}

Since I'm using Charles I take advantage of it's socks5 support and pointit to where Charles normally starts up if configured asSocks5 proxy. If you're using a regular HTTP proxy you can usehttp-connect as proxy type. The local_port defines where theactual transparent redsocks proxy opens.

All you have to do then is to start it:

$ redsocks

After that you will need to point all the traffic that is not from yourcomputer and from port 80 and 443 of your Wifi through redsocks.On OS X the firewall canbe controlled through ipfw. In my case thewifi device is en1:

$ sudo ipfw add fwd 127.0.0.1,12345 tcp from not me to any 80 in via en1
$ sudo ipfw add fwd 127.0.0.1,12345 tcp from not me to any 443 in via en1

Working around OS X Bugs

Now currently if you finish that above setup you will notice that nothingactually works. The cause for this is a Bug in the OS X kernel thatrequires flipping the net.inet.ip.scopedroute flag to 0. I am notentirely sure what it does, but the internet reports that it breaksnetwork sharing through the user preferences. In any case it fixesipfw based forwarding so you can flip it with sysctl:

$ sudo sysctl -w net.inet.ip.scopedroute=0

Unfortunately in OS X Lion this flag can actually not be flipped fromuserspace so you need to set it as boot parameter and then restart yourcomputer. You can do this by editing the/Library/Preferences/SystemConfiguration/com.apple.Boot.plist file:

Installing SSL Certificates

After all that your HTTP traffic should show up in your SSL interceptionproxy. SSL will only work if the application on your Wifi device istrusting your SSL interception proxy's CA. For browsers for instancethat's trivial to change. The Charles Certificate can be added to thetrust store by following this link: charles.crt. Note that this will not workwith applications that don't use the system's CA trust store. In thatcase you will need to recompile your application so that it trusts theCharles CA.

原文地址：OSX as Transparent Wifi MITM Proxy, 感谢原作者分享。