Setting up a simple proxy config to test geoblocking (or get around geoblocking)

This assumes you have 2 or more devices connected to the same network and that one of the machines is set up to run a proxy server such as Charles Proxy. This also serves as a simple tutorial on how to get devices to use a secure proxy/vpn/tunnel to either test or bypass IP based geo blocking / restriction services.

You will also need an ssh server such as a basic Linux instance in one of the Amazon regions.

1. On your OS X machine setup a ssh tunnel, note you need to replace the path to your .pem and also make sure you have the correct username and server address

ssh -D 8080 -C -N -i /path/to/your/server.pem

2. Now that you have a port forward running you need to configure your Charles Proxy to also forward it’s traffic via this config, do this using “External Proxy Settings”

Screen Shot 2014-09-03 at 3.02.55 pm


3. Your proxy should no be listening on the port you setup e.g. port 8888 by default on Charles. Now configure your iOS or other device to point to the OS X device setup in step 1 as the proxy server.

Debugging Smart TVs and other devices with a transparent proxy

If you are like me and do a lot of work on different devices and need to debug what is going on this little trick can be invaluable. This only takes 3 mins to setup and is invaluable.

Tools you will need:

  1. An OS X based machine (as all good multi device developers should have, could also be done on linux)
  2. A device
  3. A Copy of Charles Proxy (also an essential tools for developers -
  4. A wifi or fixed network with both devices on the network

What we are going to do is setup the OS X machine to be a router and forward any traffic that is on port 80 and 443 to the Charles Proxy and make sure that Charles has transparent proxy mode enabled. Note that without the SSL certs installed on the devices for the proxy you may need to drop the 443 forwarding.

  1. Enable IP forwarding:
    sudo sysctl -w net.inet.ip.forwarding=1
  2. Place the following two lines in a file called, say, pf.conf:
    rdr on en2 inet proto tcp to any port 80 -> port 8080
    rdr on en2 inet proto tcp to any port 443 -> port 8080

    These rules tell pf to redirect all traffic destined for port 80 or 443 to the local mitmproxy instance running on port 8080. You should replace en2 with the interface on which your test device will appear.

  3. Configure pf with the rules:
    sudo pfctl -f pf.conf
  4. And now enable it:
    sudo pfctl -e

Note I borrowed this form mitmproxy proxy which I will definitely be trying out as sounds like my kind of proxy even though Charles is handy for the formatted JSON/XML views: mitmproxy

Now you need to configure only the default gateway of your device to point at the interface on your OS X machine. Note that on my Macbook using wifi that looks like this:

 ether 20:c9:d0:49:98:31
 inet6 fe80::22c9:d0ff:fe49:9831%en0 prefixlen 64 scopeid 0x4
 inet netmask 0xffffffc0 broadcast
 nd6 options=1<PERFORMNUD>
 media: autoselect
 status: active

The last bit is you need to set Charles in Transparent Proxy mode:

Screen Shot 2014-08-27 at 2.47.06 pm

And then with some luck like I had it all works first time and I now have an LG TV that doesn’t support proxy settings working through my proxy in <5 mins without any special hardware.