Intercept outgoing traffic and send it to local proxy on mac

I was missing “fiddler” like traffic interception on OS X, but luckily you can do something similar with the pf firewall, it’s similar to iptables on linux and allows for doing transparent proxying, but we a few limits. PF can only do matching on users and groups and not pids like iptables, so the proxy has to run under a another user to be able to access the server you are proxying.
First install “man in the middle proxy” to handle the local proxying:

brew install mitmproxy

Create pf.conf file and enable and load the firewall with “sudo pfctl -evf pf.conf”, note that this will overwrite any firewall rules you already have loaded.

# Second redirect now incoming traffic to localhost 8080 for all traffic that matches our host and port filter
rdr on lo0 proto tcp from en0 to <IP to redirect to proxy> port { 80, 443 } -> 127.0.0.1 port 8080
# First route all outgoing traffic from en0 to lo0 that matches our host and port filter and user
pass out on en0 route-to lo0 proto tcp from en0 to <IP to redirect to proxy> port { 80, 443 } keep state user { <user id you are running your browser under> }

Allow nobody to run “/sbin/pfctl -s state” as this is used by the mitmproxy:
/etc/sudoers:

nobody ALL=(root) NOPASSWD: /sbin/pfctl -s state

Run mitmweb once as your own user to create ssl certificates in “.mitmproxy”:

mitmweb

Start web interface for the proxy under user nobody:

sudo -u nobody mitmweb -T --host

Go to http://localhost:8081/ where the web interface is running.
Example on how to overwrite the request path and also overview the response:

sudo -u nobody mitmdump -T --host -s rewrite.py

rewrite.py:s

from mitmproxy.models import HTTPResponse
from netlib.http import Headers

def request(context, flow):
    flow.request.oldpath = flow.request.path;
    if flow.request.path.endswith("/fakepage.html"):
        flow.request.path = "/existingpage.html"

def response(context, flow):
    if flow.request.oldpath.endswith("/fakepage.html"):
        text_file = open("/tmp/fakepage.html", "r")
        flow.response.reason = "OK";
        flow.response.status_code = 200;
        flow.response.content = text_file.read() 

from http://tlbdk.github.io/mac/proxy/mitmproxy/fiddler/2016/04/14/redirect-outgoing-traffic-for-user-on-mac.html