Today we received a confirmation from Apple that version 1.8 of Proxy.app passed all checks and is now available on the App Store. This version is fundamental to what we are planning to do next, which is to introduce some cutting-edge features that will make Proxy.app one of the best proxy tools on Mac OS X. Needless to say we are very happy.
Besides the normal UI changes, bug fixes and performance improvements, we shipped the tool with the
temporary-exception.mach-lookup.global-name entitlement. This special entitlement essentially allows Proxy.app to communicate with our privileged helper tool which we will distribute outside of the App Store. The helper tool provides two essential capabilities such as the ability to apply global proxy settings and the ability to query process information.
The first capability is going to make your life so much easier because it will remove the need for you to apply the proxy settings manually. Your system will be readily configured as soon as you launch the proxy.
The second feature is going to introduce a nifty feature that will help you query all collected HTTP transactions by process name and also allow you to filter traffic with capture groups. This is really going to change things for a lot of people.
What Are Captures
Captures or Capture Groups, as we would like to call them, is a mechanism inside the proxy engine which provides capabilities to decide on the spot what requests needs to be proxied and observed and what requests should be proxied but left alone. This difference may look subtle but it is essential.
Let's consider the situation where we have installed Proxy.app as the System Proxy and now we are collecting data from Google Chrome. Unfortunately because we have installed a system proxy not only Google Chrome will be proxied but also all other applications such as iCal and Mail.app, etc. Typically we do not want to do that not only because our proxy session will be clobbered with non-essential traffic but also for convenience. Not all applications will be readily configured to accept the SSL certificates Proxy.app generates in order to observe SSL traffic and as a result you will get various warnings and some applications may even stop working altogether.
With the help of captures we can decide what traffic we would like to capture and what should be proxied but left alone. The result of this is that we have a much more coherent proxy that works with your system, not against it.
Captures typically work with the host and the port, which is the only information we can obtain before the proxy enters in a more aggressive mode. Typically this information is enough although not perfect. With the ability to query process information, provided by our helper tool, now we can capture based on process name too. For example, we can capture all traffic from browsers but ignore traffic from the rest of the system. This is indeed very powerful.
The upcoming version of Proxy.app not only will provide those capabilities but also come with a default list of captures that you will be able to turn on and off when you desire. The first default capture group, that we have planned for the upcoming release will allow you to observe only traffic from particular browsers or all browsers all together. We are also thinking how to use this feature to provide easier means for capturing traffic from iOS simulator and other tools that we need to proxy frequently.
Enter The Sandbox
While it is somewhat easy to find out what process connects to what on your system, this requires elevated privileges. If Proxy.app was distributed outside of the App Store we would have bundled the features already. However, due to the fact our main distribution channel is the App Store for the time being, we had to come up with a work around.
The workaround comes in the shape of an external service provided by our helper tool. Proxy.app will work as normal without the helper but if you install it you will get all great features.
So, as you can see the upcoming release is very exciting.