Last active
August 23, 2016 12:11
-
-
Save smj10j/29213cc03b7f656bde3bd63ea06e0721 to your computer and use it in GitHub Desktop.
Create an ad-hoc http/https proxy on OSX
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| ################################################################################## | |
| ## Change extension to .command to allow execution by double-clicking in Finder ## | |
| ################################################################################## | |
| # activate debugging | |
| #set -x | |
| # fail on any errors | |
| set -e | |
| INTERFACE=Wi-Fi | |
| HOST=localhost | |
| PORT=10024 | |
| REMOTEHOSTS=( "proxyhost:proxyport" ) | |
| SHELL_GLOBAL_PROFILE=/etc/zprofile | |
| ################################## | |
| ##### DO NOT EDIT BELOW HERE ##### | |
| ################################## | |
| TUNNEL_ALREADY_OPENED=0 | |
| REMOTEHOST=${REMOTEHOSTS[$RANDOM % ${#REMOTEHOSTS[@]}]} | |
| LSOF_OUTPUT=$(lsof -bw -S5 -ac ssh -i:$PORT | (grep -E "^ssh\s*[0-9]*\s*$(whoami)" || echo "")) | |
| [ -n "${LSOF_OUTPUT}" ] && TUNNEL_ALREADY_OPENED=1 | |
| # Ask for the administrator password upfront | |
| sudo -v | |
| function disable_proxy() { | |
| echo -n "$(tput setaf 136)" # orange | |
| echo "Disabling HTTP/HTTPS proxy..." | |
| sudo networksetup -setwebproxystate $INTERFACE off | |
| sudo networksetup -setsecurewebproxystate $INTERFACE off | |
| unset http_proxy && unset https_proxy | |
| sudo sed -i ':a;N;$!ba;s/export https\?_proxy=.*//g' $SHELL_GLOBAL_PROFILE | |
| sudo sed -i ':begin;$!N;$!N;s/\n\n$//;tbegin;P;D' $SHELL_GLOBAL_PROFILE # Remove double newlines from file | |
| echo -n "$(tput setaf 64)" #green | |
| echo "HTTP/HTTPS proxy disabled." | |
| if [[ $TUNNEL_ALREADY_OPENED -eq 0 ]]; then | |
| echo -n "$(tput setaf 136)" # orange | |
| echo "Closing all opened SSH tunnels..." | |
| lsof -bwt -S5 -ac ssh -i:$PORT | xargs -L1 -I% kill % | |
| echo -n "$(tput setaf 64)" #green | |
| echo "Closed all opened SSH tunnels." | |
| else | |
| echo -n "$(tput setaf 136)" # orange | |
| lsof -bw -S5 -ac ssh -i:$PORT | egrep "^ssh\s+[0-9]+\s+$(whoami)" | |
| echo "Not closing the SSH tunnel that was created previously." | |
| fi | |
| echo -n "$(tput sgr0)" # color reset | |
| exit 0 | |
| } | |
| #This function is used to cleanly exit any script. It does this displaying a | |
| # given error message, and exiting with an error code. | |
| function error_exit { | |
| echo -n "$(tput setaf 1)" # red | |
| echo "$@" | |
| echo -n "$(tput sgr0)" # color reset | |
| disable_proxy | |
| exit 1 | |
| } | |
| #Trap the killer signals so that we can exit with a good message. | |
| trap "error_exit 'Received signal SIGHUP'" SIGHUP | |
| trap "error_exit 'Received signal SIGINT'" SIGINT | |
| trap "error_exit 'Received signal SIGTERM'" SIGTERM | |
| trap "error_exit 'Received signal SIGKILL'" SIGKILL | |
| trap "error_exit 'Received signal ERR'" ERR | |
| #Alias the function so that it will print a message with the following format: | |
| #prog-name(@line#): message | |
| #We have to explicitly allow aliases, we do this because they make calling the | |
| #function much easier (see example). | |
| shopt -s expand_aliases | |
| alias die='error_exit "Error ${0}(@`echo $(( $LINENO - 1 ))`):"' | |
| # Let's roll | |
| echo -n "$(tput setaf 136)" # orange | |
| echo "Enabling HTTP proxy..." | |
| sudo networksetup -setwebproxy $INTERFACE $HOST $PORT | |
| sudo networksetup -setwebproxystate $INTERFACE on | |
| echo "export http_proxy=$HOST:$PORT" | sudo tee -a $SHELL_GLOBAL_PROFILE | |
| echo "Enabling HTTPS proxy..." | |
| sudo networksetup -setsecurewebproxy $INTERFACE ${REMOTEHOST%:*} ${REMOTEHOST#*:} | |
| sudo networksetup -setsecurewebproxystate $INTERFACE on | |
| echo "export https_proxy=${REMOTEHOST%:*}:${REMOTEHOST#*:}" | sudo tee -a $SHELL_GLOBAL_PROFILE | |
| echo -n "$(tput setaf 64)" # green | |
| echo "HTTP/HTTPS proxy $HOST:$PORT enabled." | |
| if [[ $TUNNEL_ALREADY_OPENED -eq 0 ]]; then | |
| echo -n "$(tput setaf 136)" # orange | |
| echo "Opening tunnel over SSH to $REMOTEHOST..." | |
| ssh-add -l || ssh-add | |
| #nohup bash -c 'ssh -fND $HOST:$PORT $REMOTEHOST' &>/dev/null & | |
| ssh -qfNL $PORT:$HOST:${REMOTEHOST#*:} ${REMOTEHOST%:*} 2>&1 | |
| echo -n "$(tput setaf 64)" # green | |
| echo "SSH tunnel opened at $HOST:$PORT." | |
| else | |
| echo -n "$(tput setaf 136)" # orange | |
| echo "An existing SSH tunnel has already been opened. We will not attempt to open another." | |
| #echo "${LSOF_OUTPUT}" | |
| fi | |
| echo -n "$(tput setaf 64)" # green | |
| echo "Proxying insecure HTTP requests via SSH tunnel available at $HOST:$PORT to ${REMOTEHOST#*:}:${REMOTEHOST%:*}." | |
| echo "Secured HTTPS requests proxied to ${REMOTEHOST#*:}:${REMOTEHOST%:*}." | |
| echo -n "$(tput sgr0)" # color reset | |
| ## Keep-alive: update existing `sudo` time stamp until finished | |
| while read -n1; do | |
| sleep 1 | |
| done 2>/dev/null # trap ctrl-c and call disable_proxy() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment