I'll start with the biggest difference between NEAppProxyProvider and NETransparentProxyProvider; NETransparentProxyProvider is only available on macOS 11.0+ while NEAppProxyProvider is available 10.11+, and iOS as well. Using NEAppProxyProvider assumes that if you are handed a flow, that you will proxy it, otherwise if returning NO or false your flow will be discarded. NEAppProxyProvider is excellent for proxying very focused traffic. NETransparentProxyProvider can be used to encompass all system traffic and gives you the option to selectively handle a flow or return NO or false and let the OS handle the flow for you.Also, what is the difference between those two classes?
There is nothing technically stopping you from doing this, as this can be one function of a system proxy, however this will be something that you need to research on your own.I was wondering if it was possible to intercept requests of any app running on my mac and modify the headers or even add new ones.
Great! Given that i don't want to redirect the flow and only modify the headers i think NETransparentProxyProvider might be the better option for me.There is nothing technically stopping you from doing this
I didn't find any information on how to do this. Do you know if there is a function from the NETransparentProxyProvider that can give me access to the headers?however this will be something that you need to research on your own
There is not a API that can be called to extract this information. You must build a flow copier and extract this information out of the proxied flows.Do you know if there is a function from the NETransparentProxyProvider that can give me access to the headers?
Code Block let flow: NEAppProxyTCPFlow let connection: NWConnection // Reads from the flow and writes to the remote connection. func outboundCopier() { flow.readData { (data, error) in if error == nil, let readData = data, !readData.isEmpty { connection.send(content: readData, completion: .contentProcessed( { connectionError in // Handle completion success or error. // Set up another read if there is no error. if connectionError == nil { self.outboundCopier() } })) } else { // Handle error case or the read that contains empty data. } } }
In this case you should still return true here to claim the flow so that you can take control of the remote connection.Given that i only want to modify the headers of this requests flowing through my proxy
and not re-route them i should return false in handleNewFlow ?
For TCP based connections you should create the NWConnection first when you have the remote endpoint, create your outbound copier, and then open the flow with your inbound copier.Where should i create that NWConnection? Should i initialize one with the endpoint data contained in the flow i receive?
I will leave the modifying part up to you, but essentially you should be able to see the request, if HTTP, coming from the flow's read, and then copied into the NWConnection's write.Also I asume the headers i want are contained in the data from readData but how can interpret this data and modify it?
So no matter the direction of the flow (inbound/outbound) I need to use both inboundCopier and outboundCopier correct?create your outbound copier, and then open the flow with your inbound copier.
Yes, both sides need to be able to read and write data from between the flow and connection.So no matter the direction of the flow (inbound/outbound) I need to use both inboundCopier and outboundCopier correct?
There is no official sample projects out there, but if you get stuck on this, open a TSI and either myself or Quinn can help you work through this.do you guys have a sample project using NETransparentProxyProvider