alwaysblock/system_proxy.py at main · tavinathanson/alwaysblock · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
#!/usr/bin/env python3
"""
System proxy configuration for macOS
Sets system-wide HTTP/HTTPS proxy to our transparent proxy
"""
import subprocess
import logging

logger = logging.getLogger(__name__)


class SystemProxy:
    """Manages macOS system proxy settings"""

    def __init__(self, proxy_host="127.0.0.1", proxy_port=8905):
        self.proxy_host = proxy_host
        self.proxy_port = proxy_port

    def get_network_services(self):
        """Get list of network services"""
        try:
            result = subprocess.run(
                ['networksetup', '-listallnetworkservices'],
                capture_output=True,
                text=True,
                check=True
            )
            # First line is a header, skip it
            services = [s for s in result.stdout.strip().split('\n')[1:] if s and not s.startswith('*')]
            return services
        except subprocess.CalledProcessError as e:
            logger.error(f"Failed to get network services: {e}")
            return []

    def enable_proxy(self):
        """Enable system proxy for all network services"""
        services = self.get_network_services()

        # Bypass domains for local networks and captive portals
        bypass_domains = [
            '*.local',
            '169.254.0.0/16',      # Link-local
            '192.168.0.0/16',      # Private network
            '10.0.0.0/8',          # Private network
            '172.16.0.0/12',       # Private network
            'localhost',
            '127.0.0.1',
            'captive.apple.com',   # Apple captive portal detection
            '*.apple.com',         # Other Apple services
        ]

        for service in services:
            try:
                # Set bypass domains first
                subprocess.run(
                    ['sudo', 'networksetup', '-setproxybypassdomains', service] + bypass_domains,
                    check=True
                )

                # Set HTTP proxy
                subprocess.run(
                    ['sudo', 'networksetup', '-setwebproxy', service, self.proxy_host, str(self.proxy_port)],
                    check=True
                )

                # Set HTTPS proxy
                subprocess.run(
                    ['sudo', 'networksetup', '-setsecurewebproxy', service, self.proxy_host, str(self.proxy_port)],
                    check=True
                )

                logger.info(f"Enabled proxy for: {service}")

            except subprocess.CalledProcessError as e:
                logger.warning(f"Failed to set proxy for {service}: {e}")

        print(f"✅ System proxy enabled: {self.proxy_host}:{self.proxy_port}")
        print(f"   Applied to {len(services)} network service(s)")
        print(f"   Bypassing local networks and captive portals")

    def disable_proxy(self):
        """Disable system proxy for all network services"""
        services = self.get_network_services()

        for service in services:
            try:
                # Disable HTTP proxy
                subprocess.run(
                    ['sudo', 'networksetup', '-setwebproxystate', service, 'off'],
                    check=True
                )

                # Disable HTTPS proxy
                subprocess.run(
                    ['sudo', 'networksetup', '-setsecurewebproxystate', service, 'off'],
                    check=True
                )

                # Clear bypass domains (restore to empty)
                subprocess.run(
                    ['sudo', 'networksetup', '-setproxybypassdomains', service, ''],
                    check=True
                )

                logger.info(f"Disabled proxy for: {service}")

            except subprocess.CalledProcessError as e:
                logger.warning(f"Failed to disable proxy for {service}: {e}")

        print(f"✅ System proxy disabled")
        print(f"   Removed from {len(services)} network service(s)")

    def get_status(self):
        """Check if system proxy is enabled"""
        services = self.get_network_services()
        enabled_count = 0

        for service in services:
            try:
                # Check HTTP proxy
                result = subprocess.run(
                    ['networksetup', '-getwebproxy', service],
                    capture_output=True,
                    text=True,
                    check=True
                )

                # Check if proxy is configured AND enabled (not just configured)
                has_proxy = f"Server: {self.proxy_host}" in result.stdout and f"Port: {self.proxy_port}" in result.stdout
                is_enabled = "Enabled: Yes" in result.stdout

                if has_proxy and is_enabled:
                    enabled_count += 1

            except subprocess.CalledProcessError:
                pass

        return {
            'enabled': enabled_count > 0,
            'services_count': len(services),
            'enabled_count': enabled_count
        }


if __name__ == '__main__':
    logging.basicConfig(level=logging.INFO)

    proxy = SystemProxy()

    print("System Proxy Manager")
    print("=" * 50)
    print("\nNetwork Services:")
    for service in proxy.get_network_services():
        print(f"  - {service}")

    print("\nStatus:")
    status = proxy.get_status()
    print(f"Proxy enabled: {status['enabled']}")
    print(f"Services: {status['enabled_count']}/{status['services_count']}")