Hello,
I have sslsplit listening on 127.0.0.1 port 10443 and I want redirect
all my outgoing desktop web traffic to sslsplit, then localhost port
10443. SSLSPLIT is just a kind of transparent proxy but cannot be used
as a conventional proxy (set up on the browser config). Reading the
pf.conf man seems that there isn't a way to do that.
For example rdr-to does not support redirection to localhost.
man:
rdr-to is usually applied inbound. If applied outbound, rdr-to to a
local IP address is not supported.
Divert-to does not support outgoing traffic ("pass out" or "match out").
Also I tried to make an IF alias like this
ifconfig em0 inet 192.168.0.6 255.255.255.0
ifconfig em0 inet alias 192.168.0.7 255.255.255.0
my gw is 192.168.0.1
I put listening the sslsplit on 192.168.0.7 (the alias) port 10443 and I
make a pf rule like this:
pass out log on em0 proto tcp from 192.168.0.6 to port 443 rdr-to
192.168.0.7 port 10443
pass out log on em0 proto tcp from 192.168.0.6 to port 80 rdr-to
192.168.0.7 port 10080
even this does not work... I suspect that even 192.168.0.7 is local ip.
Any help ?
