This is a little guide that helps you to "proxify" a VMware Fusion virtual machine on macOS. This can be useful if you want to isolate and analyse web traffic to/from an application by running it in a VM.
- VMware Fusion 11 Pro
- Transparent HTTP/HTTPS proxy (e.g. Burp Suite Pro or mitmproxy)
Not required, but helpful if you plan on using the VMware-provided command-line utilities.
- Make sure that
/Applications/VMware\ Fusion.app/Contents/Library/
is in your$PATH
- Assign the path to the virtual machine to a variable:
vmpath="$HOME/vms/macos-test.vmwarevm"
Create a new custom network through the VMware Fusion GUI app.
- Open the network preferences: 'Preferences' > 'Network'
- Click the plus sign to add a new custom network
- Uncheck "Provide addresses on this network via DHCP"
- Apply changes
You could verify it as follows:
$ vmrun listNetworkAdapters "$vmpath"
Total network adapters: 1
INDEX TYPE VMNET
0 custom vmnet2
If the network adapter was not attached to the virtual machine, you could add it using the following command (the virtual machine needs to be powerd off):
vmrun addNetworkAdapter "$vmpath" custom vmnet2
- Install dnsmasq:
brew install dnsmasq
- Run dnsmasq (
sudo dnsmasq -dC dnsmasq_vmware.conf
) with the following minimal configuration:
# dnsmasq_vmware.conf
domain-needed
bogus-priv
no-poll
interface=vmnet2
listen-address=192.168.124.1
dhcp-range=192.168.124.10,192.168.124.255,96h
dhcp-option=option:router,192.168.124.1
dhcp-option=option:dns-server,192.168.124.1
- Open the
/etc/pf.conf
file in an editor - Add the configuration below right after
rdr-anchor "com.apple/*"
(and beforedummynet-anchor "com.apple/*"
) - Verify the configuration:
pfctl -vnf /etc/pf.conf
- Apply the updated configuration:
sudo pfctl -ef /etc/pf.conf
nat on en1 proto { tcp, udp } from 192.168.124.0/24 to any -> (en1)
rdr on vmnet2 inet proto tcp from any to any port { 80, 443 } -> 127.0.0.1 port 8080
pass from { lo0, 192.168.124.0/24 } to any keep state
- Enable packet forwarding:
sudo sysctl net.inet.ip.forwarding=1
- Add a new Proxy Listener ('Proxy' > 'Options') that binds to the loopback address
(
127.0.0.1
) on port8080
- Configure the Proxy Listener to use the transparent mode: edit Proxy Listener > 'Request handling' > check "Support invisible proxying"
- Install the Burp CA certificate (available through
http://burp
) in the root store of the browser or OS running in the virtual machine - If it doesn't work right away then try to disable/enable the Proxy Listener (check/uncheck 'Running')
mitmproxy --mode transparent --showhost
- Install the mitmproxy CA certificate (available through
http://mitm.it
) in the trust store of the browser or OS running in the virtual machine