Successful mitmproxy-3.7 setup tested on OS X 10.13.6 and iPhone X running 12.1.4
Enable IP forwarding and disable ICMP redirects to keep the iPad sending traffic to the proxy
sudo sysctl -w net.inet.ip.forwarding=1
sudo sysctl -w net.inet.ip.redirect=0
net.inet.ip.forwarding
Enable IP forwarding between interfacesIP forwarding is the process of forwarding internet packets from one network to another. By default the FreeBSD system will not forward IP packets between various network interfaces. In other words, routing functions (also known as gateway functions) are disabled.
type: boolean, default: off
net.inet.ip.redirect
Enable sending IP redirectsAllow (1) or disallow (0) send ICMP redirections when forwarding. This option is ignored unless the host is routing IP packets. Normally, this option should be enabled on all systems.
type: boolean, dafault: 1
Create a new file with the following pf rules. Replace ext_if and ext_ip with the appropriate values for your network configuration.
ext_if = "en0"
ext_ip = "192.168.1.141"
rdr on $ext_if inet proto tcp from any to any port 80 -> $ext_ip port 8080
rdr on $ext_if inet proto tcp from any to any port 443 -> $ext_ip port 8080
Load your file with pfctl and then enable pf
sudo pfctl -vf pf.conf
sudo pfctl -e
Add pfctl to /etc/sudoers
ALL ALL=NOPASSWD: /sbin/pfctl -s state
Start mitmproxy
mitmproxy --mode transparent --listen-port 8080 --showhost
Statically configure the IP address of the machine running mitmproxy as a router on the iPad, make sure both devices are on the same network and any AP isolation mode is disabled. You can also get creative with DHCP, ARP spoofing, DNS spoofing, DNAT on your router or what have you.
Install the CA cert on the iPad by visiting http://mitm.it in clicking the Apple and following the prompts. After it's installed, you must perform an additional step to enable full trust for the mitmproxy root certificate.
Navigate to: Settings > General > About > Certificate Trust Settings. Toggle the switch for mitmproxy under the, "ENABLE FULL TRUST FOR ROOT CERTIFICATES" heading.
If you fail to do this, you will see the following error in the mitmproxy capture window:
Client Handshake failed. The client may not trust the proxy's certificate ...
[1] http://www.cisco.com/c/en/us/support/docs/ip/routing-information-protocol-rip/13714-43.html
[2] http://docs.mitmproxy.org/en/stable/transparent/osx.html
[3] https://notroot.wordpress.com/2010/10/22/freebsd-net-inet-ip-sysctls-explained/
@wimbledon settings -> wi-fi -> (network) -> static -> router = mitmproxy machine