Capture Traffic from Non-Proxy-Aware Apps Using ProxyMan

[pfedotovsky]

I would like to use ProxyMan to capture traffic from non-proxy-aware apps. ProxyMan has a very user-friendly UI and works perfectly with proxy-aware apps, where I can set up an HTTP proxy on a mobile device and view traffic on a ProxyMan instance running on a macOS PC.

Current Setup:

iOS App: Does not honor HTTP proxy settings. macOS: Running ProxyMan to capture traffic.

Steps Taken:

1. Connect iPhone to MacBook via USB.
2. Set up internet sharing on macOS to route all iOS traffic through macOS.
3. Use pfctl to redirect traffic to ProxyMan running locally on port 9000:

rdr proto tcp from any to any port 80 -> 127.0.0.1 port 9000
rdr proto tcp from any to any port 443 -> 127.0.0.1 port 9000

4. Install ProxyMan certificate as per instructions.

Observations: HTTP Traffic: Successfully captured and displayed in ProxyMan. HTTPS Traffic: Browser shows "can't establish a secure connection to the website."

Comparison with Burp Proxy: Using Burp Proxy in invisible mode, HTTPS traffic is successfully captured and displayed. It appears that Burp Proxy handles HTTPS traffic differently, even though the approach seems similar.

Request: I understand that ProxyMan is primarily designed for HTTP proxying. However, I would like to understand what Burp Proxy does differently to handle HTTPS traffic successfully. It's also unclear why HTTP works successfuly, while HTTPS does not

Links:

• https://portswigger.net/burp/documentation/desktop/tools/proxy/invisible
• https://github.com/ProxymanApp/Proxyman/issues/1701