Transparent Proxying on a single machine - iptables

Hi :smiley:

Iā€™d like to proxy trasparent on a single system ( run mitmproxy -T)
on a ubuntu while sending traffic out of the same system.

The problem is the ip tables settings. I used
sudo iptables -t nat -A OUTPUT -p tcp -m owner ! --uid-owner root --dport 443 -j REDIRECT --to-port 8080
sudo iptables -t nat -A OUTPUT -p tcp -m owner ! --uid-owner root --dport 80 -j REDIRECT --to-port 8080
but this requires mitmproxy to be run as root and processes to be proxied as non root. I would like to proxy
packets from both root AND non-root processes

Unfortunately
sudo iptables -t nat -A OUTPUT -p tcp -m owner ! --pid-owner pid--dport 443 -j REDIRECT --to-port 8080
sudo iptables -t nat -A OUTPUT -p tcp -m owner ! --pid-owner pid --dport 80 -j REDIRECT --to-port 8080
does not work as pid-owner is not longer part of the iptables.

I also tried
sudo iptables -t nat -A OUTPUT -p tcp ! --sport 8080 --dport 443 -j REDIRECT --to-port 8080
sudo iptables -t nat -A OUTPUT -p tcp ! --sport 8080 --dport 80 -j REDIRECT --to-port 8080
but ended into a routing loop.

Has anybody any idea how to configure iptables to achieve my goal?

One way to fix this would be to create your own user for mitmproxy and run mitmproxy as that user. What do you think?

Of course you are right, thanks :smiley:
Just too obvious^^