Automatic SOCKS proxy for a single domain on Mac

VPNs and proxies are great – but almost always limited to funnelling all traffic through them. But what if you want to access only a single site/domain without affecting the rest of your browsing? Perhaps to access a staging site not publically available.

While what I discuss below could be used as a privacy measure, that’s not the focus of this blog post.

You can do clever things with Web Proxy Auto Discovery Protocol (WPAD) or browser specific tools like Firefox’s Proxy Auto-Configuration (PAC) but this isn’t exactly user friendly to setup. What I was looking for was something as near to zero-configuration as possible, so I could share it with my collegues without causing problems.

In the end I came to a zip file that contains a copy of Google Chrome Canary and an Automator script to launch and configure everything.
Why Canary? Chrome let’s me configure proxy settings when launching it from a bash script; but since many of us already use it, bundling Canary allows me to avoid any clashes.

The zip is structured like this:
– ProxyAccess.app (the Automator app)
– Resources (folder)
– – Google Chome Canary.app

The magic is really a one line command on the Automator app that opens the SOCKS proxy, then launches the browser to the destination URL, and the closes everything when you quit Canary:

./Google\ Chrome\ Canary.app/Contents/MacOS/Google\ Chrome\ Canary --temp-profile --proxy-server='socks5://localhost:5555' 'http://dev.site.co.uk' | ssh -D 5555 proxy.server.co.uk cat

This is based of Tim Weber’s work which suggested using cat and piping the commands together to create the automatically closing proxy. http://dev.site.co.uk is the URL to be opened when Canary launches, 5555 is the port to run the proxy on, and proxy.server.co.uk is the server that we are routing traffic through.

The Automator app is very simple and looks like this:

It uses Applescript to get the current working directory, then passes that to bash so it can find the bundled copy of Canary to run.

This falls in the quick and dirty category, but it gets the job done with minimal overhead or potential impact on a users machine.

Leave a Reply

Your email address will not be published.