Transparent proxy mode

[nihaals]

Description

It would be great if there was a way to proxy programs that don't use the system proxy.

Why this feature/change is important?

Proxyman currently has automatic setup which covers common CLI cases but doesn't cover everything. A transparent proxy mode would be able to cover the remaining cases.

See:

• Node.js requests don't display in Proxyman #236
• Burp Suite's invisible proxy mode (older guide)
• mitmproxy's transparent proxy docs
• Surge's enhanced mode

[NghiaTranUIT]

Thanks @nihaals I've tried but I hit the wall:

• mitmproxy transparent proxy mode: Unfortunately, it's required to open the mitmproxy with noby user (sudo -u nobody mitmproxy), which is impossible to achieve on Proxyman app. => Apple doesn't allow to start macOS app with this mode.
• Surge's Enhanced Mode: I don't have much knowledge to create a virtual network interface (VIF).

I will spend more time to research and find a better solution.

[nihaals]

I don't know about the trade-offs, but my experience with Surge's approach was positive and would make the toggle/launch experience as smooth as it is currently, but I also don't really know how it works.

[marcelocecin]

https://www.txthinking.com/talks/articles/mobile-capture-en.article

[NghiaTranUIT]

Thanks @marcelocecin for the link. Unfortunately, it's the same approach that we're currently using for Proxyman iOS (By using a Network Extension): https://apps.apple.com/us/app/proxyman-network-debug-tool/id1551292695

For the macOS, Transparent Mode with Virtual Network interface is completely different, and I'm not sure how to tackle it : /

[jtg]

Would really like this feature. Some apps are not proxy aware and are quite a pain to try and get through proxyman. I am currently using a workaround by using Burp's transparent proxy mode. This requires many steps to make DNS work correctly, but could all be done in proxyman. Burp requires no permissions, but features may be more limited than the others - I'm not sure what the difference is. Here is what I'm doing.

Enable Burp in transparent proxy mode on port 443.

Edit /etc/hosts to have the domains that the target app is reaching (example: 127.0.0.1 api.mytestapp.com)

Configure Burp to use an upstream proxy. Set this upstream proxy to the proxyman server and port. Burp would normally then allow interception, but otherwise transparently redirect any incoming requests based on the Host: header for non-proxy aware apps, to the correct destination. However, to avoid this, you also configure Burp itself to use an upstream http proxy. This essentially rewrites the non-proxy aware app's request to be proxy aware before passing to proxyman.

Configure proxyman to use DNS Spoofing. This isn't actually to spoof the DNS, but to UNSPOOF what you did with /etc/hosts. Otherwise, when proxyman attempts to send it back out, it would also be fooled by /etc/hosts, and send it back to localhost on 443 where Burp is listening.

I would have used Burp for the whole thing, but proxyman offers options that Burp doesn't have, such as response mapping. Proxyman could be updated to include the same functionality that Burp offers and that could be skipped. Still unfortunate that pre-defining every host in /etc/hosts is required, but better than nothing.