I'd like to implement a mitmproxy for a single application on my mac. Pfctl doesn't natively have (from what I can see) support to set rules based on the application source/dest of the packets, but the Application Level Filter (ALF) does. Is there a way to combine the two? From what I can see, the only rules you can apply to ALF is a simple accept/deny flag, nothing more. I'd ideally like to apply a 'rdr' rule within alf
Way to do per-application rules in pfctl/alf
firewallipfw
Related Solutions
Firewall iP
Firewall iP lets you block connections from apps on your jailbroken iOS device. You can set up custom rules to block/allow certain TCP & UDP connections.
iOS 7
In response to your comment about 3G data, in iOS 7 you can specifically set certain apps/services through your 3G data connection:
MacOS – way to permanently “Deny” an application incoming network connections (i.e. no more prompts)
No not really, when you open a program whatever core process it calls into action are run every time. One of which will, in your case, checks on the various permissions it has to make or accept outgoing/incoming connections. The act of double clicking and opening the application (even after choosing to deny such privileges) will overwrite/trash your past decisions to DENY incoming/outgoing connections simply because you gave it permission to open (not when you ACCEPT though - in this case any previously accepting connections will not continue to ask for your permission).
Unless there is a setting within the application's "Preferences" or you change some code within the "Contents" of its bundle then it is highly likely that it will prompt you every time.
BTW these permissions requests are meant to alert and pop up every time to keep users from making "permanent decisions" (AKA turning off popup notification and permission requests). Without the popup requests, switching permissions settings back and forth would become a much more difficult task and more than likely need the help of a genius bar rep to switch them back and forth (for the not-so-savvy users at least).
Related Question
- MacOS – How to limit the bandwidth on a per-application (or per-process) basis in OS X Yosemite
- macOS – Fix Application Firewall Not Enabling pfctl
- pfctl – Add Rules at Runtime Without Editing /etc/pf.conf
- MacOS – use `pf` to allow TCP traffic on specific port (from specific subnet)
- MacOS – How to debug macOS firewall? My application layer firewall (ALF) is not logging or blocking
- Starting `pf` Firewall at System Startup
Best Answer
Have you looked at this post (see comment dated 30 Aug from user mhils)? Basically, running in mitmproxy in transparent mode can be accomplished with the -T argument. It appears that this is supposed to provide access to the PID of the source process, but I am not sure that the destination process id is captured.
I am not a user of mitmproxy, so please let me know if this helps.
Cheers, Byron