Mac OS X Force Internet Sharing Traffic Through Proxy

I have Internet Sharing set up on my Mac OS 10.9.5 machine, sharing my Ethernet connection to any devices connected to the created Wi-Fi hotspot. I'm looking for a way to force all that traffic through a proxy server so I can monitor the traffic using Charles.

Proxy Settings

I had assumed that, since Charles automatically sets up proxy settings (above) on the outgoing Ethernet connection that all the Wi-Fi traffic would already be proxied, but I was wrong. It seems Internet Sharing creates a new bridge (named "bridge100" at the moment) that does not run through the same network service even though the packets go out the same network interface.

I can see all the traffic generated by my machine in Charles, just not the traffic from other machines. Is there a way to set up the routing so my proxy settings for the Ethernet are also applied to the bridge? If not, is there any way to route the bridge's traffic to the same proxy?

Devunwired

Posted 2014-10-10T15:50:51.233

Reputation: 281

On Linux, a so-called “Transparent Proxy” can be realized with iptables, like this. I’m not familiar with OS X’ firewall, but this is basically what you’ll have to replicate.

– Daniel B – 2014-10-12T09:28:40.647

Answers

I expect this is not going to be simple, if possible.

When you have a proxy server, either running on the machine itself, or on a device on the network, the client apps (e.g. whatever is going out to the inet) needs to direct its traffic to the proxy server (not just directly to the relevant network interface). This is configured either in the client app settings or at the OS level. However, when you set up a proxy at the OS level, as you show in your screen shot, that is probably set for the user session, and may not affect daemons (not sure).

The hotspot is probably running at a daemon level, and may not respect that proxy setting.

It might make sense to think of the problem differently. E.g. perhaps run ethereal or other packet sniffer, and look at the traffic hitting the ethernet port (which would include traffic to/from the OSX-based hotspot). (A packet sniffer is lower level than Charles, but that may be the price of getting lower level access to traffic.)

Jonesome Reinstate Monica

Posted 2014-10-10T15:50:51.233

Reputation: 1 680

To add to Mr.Jones comment, Proxy servers generally proxy specific protocols. In the case of Charles it's HTTP and HTTPS traffic. Charles (at least according to the web site) was built for debugging, not general purpose proxying. It can probably do that, but squid is probably a sounder choice.

Also, it's not YOUR mac you need to configure. It's your clients . – Petro – 2017-07-14T21:46:04.543

Have you looked into OpenDNS? You would replace your DNS IPs on your router with their IPs and then you will be able to view a log of traffic on your network. You would do this by logging into your account on opendns.com.

You can also deny traffic to certain domains. There is a "Personal" free plan option.

Josh

Posted 2014-10-10T15:50:51.233

Reputation: 592

-1

Your question summary (force traffic sharing through proxy) does not match your intended purpose, which is to monitor traffic. And the screenshot you're showing is doing something entirely different yet.

To monitor traffic, you do not need to setup a proxy. Once you have forced all the other devices to route all their traffic through your machine, all you need to add to the mix is wireshark (running on your bridge) and you will get access to the traffic.

If you really do want to setup a proxy, have all the traffic be routed through it and have that logged, what you're looking for is called a transparent forward proxy.

The screenshot you're sharing is what you would configure if you wanted to setup a proxy for all the traffic originating from your machine. Which is what 'Charles' is showing you.

Manish

Posted 2014-10-10T15:50:51.233

Reputation: 1

Wireshark is a passive monitoring tool. It lacks some very very important features that tools like Charles Proxy include.

Charles is not able to monitor traffic on bridge100, which for some use cases is absolutely necessary.

The question summary perfectly matches the intended purpose. It was you who didn't understand the problem at hand. – Robotsushi – 2018-02-27T21:23:30.780