intercept localhost traffic

[GuinGuinGuin]

Hi, I am trying to use sslsplit as a transparent proxy to intercept localhost traffic. I tried to send outgoing traffic (en0) to lo0 and subsequently redirect to sslsplit, but it didn't work. Anyone has any advice?

pf.conf:

scrub-anchor "com.apple/"
nat-anchor "com.apple/"
rdr-anchor "com.apple/"
rdr pass log on lo0 proto tcp from en0 to any port 443 -> 127.0.0.1 port 8080
dummynet-anchor "com.apple/"
anchor "com.apple/*"
load anchor "com.apple" from "/etc/pf.anchors/com.apple"
pass out on en0 route-to lo0 proto tcp from en0 to any port 443 keep state

sslsplit:

sudo sslsplit -D -k ca.key -c ca.crt https 127.0.0.1 8080

[sonertari]

On OpenBSD/pf I'd try the following divert rule:

pass out log quick on en0 proto tcp to port www divert-to lo port 8080

But,

• I guess your OS and the version of pf are different. (FreeBSD? macOS?)
• I don't remember the details, but I think I had tried a rule like that long ago, and it did not work, because, if I recall correctly, it was too late to divert outgoing packets like that. In short, I may be wrong.