[GH-ISSUE #1701] Transparent proxy mode #1694

New issue

Open

opened 2026-03-03 19:53:33 +03:00 by kerem · 6 comments

kerem commented 2026-03-03 19:53:33 +03:00

Owner

Copy link

Originally created by @nihaals on GitHub (Jul 2, 2023).
Original GitHub issue: https://github.com/ProxymanApp/Proxyman/issues/1701

Description

It would be great if there was a way to proxy programs that don't use the system proxy.

Why this feature/change is important?

Proxyman currently has automatic setup which covers common CLI cases but doesn't cover everything. A transparent proxy mode would be able to cover the remaining cases.

See:

• #236
• Burp Suite's invisible proxy mode (older guide)
• mitmproxy's transparent proxy docs
• Surge's enhanced mode

Originally created by @nihaals on GitHub (Jul 2, 2023). Original GitHub issue: https://github.com/ProxymanApp/Proxyman/issues/1701 ## Description It would be great if there was a way to proxy programs that don't use the system proxy. ## Why this feature/change is important? Proxyman currently has [automatic setup](https://docs.proxyman.io/automatic-setup/automatic-setup) which covers common CLI cases but doesn't cover everything. A transparent proxy mode would be able to cover the remaining cases. See: - #236 - Burp Suite's [invisible proxy mode](https://portswigger.net/burp/documentation/desktop/tools/proxy/invisible) ([older guide](https://portswigger.net/support/using-burp-suites-invisible-proxy-settings-to-test-a-non-proxy-aware-thick-client-application)) - mitmproxy's [transparent proxy docs](https://docs.mitmproxy.org/stable/howto-transparent/) - Surge's [enhanced mode](https://manual.nssurge.com/others/enhanced-mode.html)

kerem added the

enhancement

label 2026-03-03 19:53:33 +03:00

kerem commented 2026-03-03 19:53:34 +03:00

Author

Owner

Copy link

@NghiaTranUIT commented on GitHub (Jul 3, 2023):

Thanks @nihaals I've tried but I hit the wall:

• mitmproxy transparent proxy mode: Unfortunately, it's required to open the mitmproxy with noby user (sudo -u nobody mitmproxy), which is impossible to achieve on Proxyman app. => Apple doesn't allow to start macOS app with this mode.
• Surge's Enhanced Mode: I don't have much knowledge to create a virtual network interface (VIF).

I will spend more time to research and find a better solution.

<!-- gh-comment-id:1617668185 --> @NghiaTranUIT commented on GitHub (Jul 3, 2023): Thanks @nihaals I've tried but I hit the wall: - mitmproxy transparent proxy mode: Unfortunately, it's required to open the `mitmproxy` with noby user (sudo -u nobody mitmproxy), which is impossible to achieve on Proxyman app. => Apple doesn't allow to start macOS app with this mode. - Surge's Enhanced Mode: I don't have much knowledge to create a virtual network interface (VIF). I will spend more time to research and find a better solution.

kerem commented 2026-03-03 19:53:34 +03:00

Author

Owner

Copy link

@nihaals commented on GitHub (Jul 3, 2023):

I don't know about the trade-offs, but my experience with Surge's approach was positive and would make the toggle/launch experience as smooth as it is currently, but I also don't really know how it works.

<!-- gh-comment-id:1617710598 --> @nihaals commented on GitHub (Jul 3, 2023): I don't know about the trade-offs, but my experience with Surge's approach was positive and would make the toggle/launch experience as smooth as it is currently, but I also don't really know how it works.

kerem commented 2026-03-03 19:53:34 +03:00

Author

Owner

Copy link

@marcelocecin commented on GitHub (Jul 7, 2024):

https://www.txthinking.com/talks/articles/mobile-capture-en.article

<!-- gh-comment-id:2212405062 --> @marcelocecin commented on GitHub (Jul 7, 2024): https://www.txthinking.com/talks/articles/mobile-capture-en.article

kerem commented 2026-03-03 19:53:34 +03:00

Author

Owner

Copy link

@NghiaTranUIT commented on GitHub (Jul 8, 2024):

Thanks @marcelocecin for the link. Unfortunately, it's the same approach that we're currently using for Proxyman iOS (By using a Network Extension): https://apps.apple.com/us/app/proxyman-network-debug-tool/id1551292695

For the macOS, Transparent Mode with Virtual Network interface is completely different, and I'm not sure how to tackle it : /

<!-- gh-comment-id:2212733249 --> @NghiaTranUIT commented on GitHub (Jul 8, 2024): Thanks @marcelocecin for the link. Unfortunately, it's the same approach that we're currently using for Proxyman iOS (By using a Network Extension): https://apps.apple.com/us/app/proxyman-network-debug-tool/id1551292695 For the macOS, Transparent Mode with Virtual Network interface is completely different, and I'm not sure how to tackle it : /

kerem commented 2026-03-03 19:53:34 +03:00

Author

Owner

Copy link

@jtg commented on GitHub (Aug 17, 2024):

Would really like this feature. Some apps are not proxy aware and are quite a pain to try and get through proxyman. I am currently using a workaround by using Burp's transparent proxy mode. This requires many steps to make DNS work correctly, but could all be done in proxyman. Burp requires no permissions, but features may be more limited than the others - I'm not sure what the difference is. Here is what I'm doing.

Enable Burp in transparent proxy mode on port 443.

Edit /etc/hosts to have the domains that the target app is reaching (example: 127.0.0.1 api.mytestapp.com)

Configure Burp to use an upstream proxy. Set this upstream proxy to the proxyman server and port. Burp would normally then allow interception, but otherwise transparently redirect any incoming requests based on the Host: header for non-proxy aware apps, to the correct destination. However, to avoid this, you also configure Burp itself to use an upstream http proxy. This essentially rewrites the non-proxy aware app's request to be proxy aware before passing to proxyman.

Configure proxyman to use DNS Spoofing. This isn't actually to spoof the DNS, but to UNSPOOF what you did with /etc/hosts. Otherwise, when proxyman attempts to send it back out, it would also be fooled by /etc/hosts, and send it back to localhost on 443 where Burp is listening.

I would have used Burp for the whole thing, but proxyman offers options that Burp doesn't have, such as response mapping. Proxyman could be updated to include the same functionality that Burp offers and that could be skipped. Still unfortunate that pre-defining every host in /etc/hosts is required, but better than nothing.

<!-- gh-comment-id:2294624075 --> @jtg commented on GitHub (Aug 17, 2024): Would really like this feature. Some apps are not proxy aware and are quite a pain to try and get through proxyman. I am currently using a workaround by using Burp's transparent proxy mode. This requires many steps to make DNS work correctly, but could all be done in proxyman. Burp requires no permissions, but features may be more limited than the others - I'm not sure what the difference is. Here is what I'm doing. Enable Burp in transparent proxy mode on port 443. Edit /etc/hosts to have the domains that the target app is reaching (example: 127.0.0.1 api.mytestapp.com) Configure Burp to use an upstream proxy. Set this upstream proxy to the proxyman server and port. Burp would normally then allow interception, but otherwise transparently redirect any incoming requests based on the Host: header for non-proxy aware apps, to the correct destination. However, to avoid this, you also configure Burp itself to use an upstream http proxy. This essentially rewrites the non-proxy aware app's request to be proxy aware before passing to proxyman. Configure proxyman to use DNS Spoofing. This isn't actually to spoof the DNS, but to UNSPOOF what you did with /etc/hosts. Otherwise, when proxyman attempts to send it back out, it would also be fooled by /etc/hosts, and send it back to localhost on 443 where Burp is listening. I would have used Burp for the whole thing, but proxyman offers options that Burp doesn't have, such as response mapping. Proxyman could be updated to include the same functionality that Burp offers and that could be skipped. Still unfortunate that pre-defining every host in /etc/hosts is required, but better than nothing.

kerem commented 2026-03-03 19:53:34 +03:00

Author

Owner

Copy link

@marcelocecin commented on GitHub (Feb 3, 2026):

perhaps this could be achievable with the help of an LLM specializing in programming

<!-- gh-comment-id:3841616641 --> @marcelocecin commented on GitHub (Feb 3, 2026): perhaps this could be achievable with the help of an LLM specializing in programming

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

6.9.0

6.8.0

6.7.0

6.6.0

6.5.0

6.4.0

6.3.0

6.2.0

6.1.0

6.0.2

6.0.0

6.0.1

5.25.0

5.24.0

5.23.0

5.23.1

5.22.0

5.20.0

5.21.0

5.19.0

5.18.0

5.17.0

5.16.0

5.15.0

5.14.0

5.12.2

5.12.1

5.12.0

5.11.0

5.10.0

5.8.0

5.9.0

5.7.0

5.6.1

5.6.0

5.5.0

5.4.0

5.2.0

5.3.0

5.1.1

5.0.0

4.16.0

4.15.0

4.14.0

4.13.0

4.12.0

4.11.0

4.10.0

4.9.1

4.9.0

4.8.2

4.8.1

4.8.0

4.7.1

4.7.0

4.6.1

4.6.0

4.5.0

4.4.0

4.3.1

4.3.0

4.2.1

4.2.0

4.1.0

4.0.0

3.15.0

3.14.0

3.13.0

3.12.0

3.11.0

3.10.0

3.9.0

3.8.0

3.7.0

3.6.2

3.6.1

3.6.0

3.5.2

3.5.1

3.5.0

3.4.0

3.3.0

3.2.0

3.1.0

3.0.0

2.35.4

2.35.3

2.35.2

2.35.1

2.35.0

2.34.1

2.34.0

2.33.0

2.32.1

2.32.0

2.31.0

2.30.0

2.29.0

2.28.0

2.27.0

2.26.0

2.25.0

2.24.0

2.23.0

2.22.0

2.21.1

2.21.0

2.20.0

2.19.0

2.18.0

2.17.0

2.16.1

2.16.0

2.15.2

2.15.1

2.15.0

2.14.2

2.14.1

2.14.0

2.13.0

2.12.0

2.11.1

2.11.0

2.10.0

2.9.1

2.9.0

2.8.0

2.7.0

2.6.0

2.5.3

2.5.2

2.5.1

2.5.0

2.4.2

2.4.1

2.4.0

2.3.0

2.2.0

2.1.1

2.1.0

2.0.1

2.0.0

1.24.0

1.23.0

1.22.0

1.21.0

1.20.0

1.19.0

1.18.1

1.18.0

1.17.1

1.17.0

1.16.0

1.15.0

1.14.1

1.14.0

1.13.1

1.13.0

1.12.0

1.11.0

1.10.0

1.9.3

1.9.2

1.9.1

1.9.0

1.8.0

1.7.2

1.7.1

1.7.0

1.6.2

1.6.1

1.6.0

1.5.1

1.5.0

1.4.7

1.4.6

1.4.5.1

1.4.5

1.4.4.1

1.4.4

1.4.3

1.4.2

1.4.1.1

1.4.1

1.4

1.3.9

1.3.8

1.3.7

1.3.6

1.3.5

1.3.4.3

1.3.4.2

1.3.4.1

1.3.4

1.3.3

1.3.2

1.3.1

1.3

1.2

1.1.2

1.1.1

1.1

1.0.3

1.0.2

1.0

0.8.1

0.8

0.7

0.6

0.5.1

0.5

v0.4.1

Labels

Clear labels   

Discussion

  

Feature request

  

In Progress...

  

Plugins

  

Waiting response

  

Windows

  

Windows

  

bug

  

duplicate

  

enhancement

  

feature

  

good first issue

  

iOS

  

macOS 10.11

  

question

  

wontfix

  

✅ Done

No labels

Discussion

Feature request

In Progress...

Plugins

Waiting response

Windows

Windows

bug

duplicate

enhancement

feature

good first issue

iOS

macOS 10.11

question

wontfix

✅ Done

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/Proxyman#1694

No description provided.