intercept network traffic via NETransparentProxyProvider

Question

Created Aug ’24

Replies 3

Boosts 0

Participants 2

I need to intercept traffic (by port range) and need to have ability to modify it. If I understand correctly, the best way is to use NETransparentProxyProvider for this purpose. Is my understanding correct?

I am trying to figure out how to make system extension (NETransparentProxyProvider) intercept the traffic. Unfortunately I have not found any description or example (similar to Network Filter).

I am novice in Network Extension. Are there any guide, example or quick start how to implement app proxy?

Thank you!

Answered by DTS Engineer in 798682022

Is my understanding correct?

Yes. The key thing is the modification. If you just wanted to look at traffic, a content filter would work, but if you want to modify it then a transparent proxy is probably the best way forward.

Are there any guide, example or quick start how to implement app proxy?

I’m not aware of any official Apple sample code for this, but it’s generally not too bad to set up. There are three parts:

Packaging
Configuration
Provider

A provider must be packaged as a system extension, and then you need app code to install and activate it. This is very similar to the content filter setup illustrated by the Filtering Network Traffic sample, except:

The provider subclass is NETransparentProxyProvider instead of NEFilterDataProvider.
The provider type is app-proxy-provider instead of content-filter-provider.

On the configuration front, use NETransparentProxyManager instead of NEFilterManager.

As to what the provider looks like, here’s the basic outline of one that does nothing:

final class TransparentProxyProvider: NETransparentProxyProvider {
    
    override func startProxy(options: [String : Any]?, completionHandler: @escaping (Error?) -> Void) {
        let settings = self.makeSettings()
        self.setTunnelNetworkSettings(settings) { error in
            completionHandler(error)
        }
    }

    private func makeSettings() -> NETransparentProxyNetworkSettings {
        … this bit is up to you ;
    }

    override func stopProxy(with reason: NEProviderStopReason, completionHandler: @escaping () -> Void) {
        completionHandler()
    }
        
    override func handleNewFlow(_ flow: NEAppProxyFlow) -> Bool {
        return false
    }
    
    override func handleNewUDPFlow(_ flow: NEAppProxyUDPFlow, initialRemoteEndpoint remoteEndpoint: NWEndpoint) -> Bool {
        return false
    }
}

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Boost

Answer 1

DTS Engineer OP

Apple

Aug ’24

Accepted Answer

Recommended

Is my understanding correct?

Yes. The key thing is the modification. If you just wanted to look at traffic, a content filter would work, but if you want to modify it then a transparent proxy is probably the best way forward.

Are there any guide, example or quick start how to implement app proxy?

I’m not aware of any official Apple sample code for this, but it’s generally not too bad to set up. There are three parts:

Packaging
Configuration
Provider

A provider must be packaged as a system extension, and then you need app code to install and activate it. This is very similar to the content filter setup illustrated by the Filtering Network Traffic sample, except:

The provider subclass is NETransparentProxyProvider instead of NEFilterDataProvider.
The provider type is app-proxy-provider instead of content-filter-provider.

On the configuration front, use NETransparentProxyManager instead of NEFilterManager.

As to what the provider looks like, here’s the basic outline of one that does nothing:

final class TransparentProxyProvider: NETransparentProxyProvider {
    
    override func startProxy(options: [String : Any]?, completionHandler: @escaping (Error?) -> Void) {
        let settings = self.makeSettings()
        self.setTunnelNetworkSettings(settings) { error in
            completionHandler(error)
        }
    }

    private func makeSettings() -> NETransparentProxyNetworkSettings {
        … this bit is up to you ;
    }

    override func stopProxy(with reason: NEProviderStopReason, completionHandler: @escaping () -> Void) {
        completionHandler()
    }
        
    override func handleNewFlow(_ flow: NEAppProxyFlow) -> Bool {
        return false
    }
    
    override func handleNewUDPFlow(_ flow: NEAppProxyUDPFlow, initialRemoteEndpoint remoteEndpoint: NWEndpoint) -> Bool {
        return false
    }
}

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0

Answer 2

___Pavel___ OP

Aug ’24

Thank you for the help!

If I want to start NETransparentProxyProvider, I have to set VPN configurations which is described by NEVPNProtocol.

[NETransparentProxyManager sharedManager].protocolConfiguration

So, looks like, I have to have running VPN server locally if I want to intercept desired outgoing network traffic. Can it be done by Network Extension Framework?

Or I miss something.

0

Answer 3

___Pavel___ OP

Aug ’24

The application is using KEXT (Socket Filters) to intercept the traffic. I am looking for the way to implement new solution which is based on Network Extension. However, I have not found any obviously way how to intercept the outgoing traffic and have a possibility to modify it.

Is it possible? If yes, what is the best practices? What is the simplest way to implement it?

Thank you in advance.

0