It is surprisingly hard to setup a transparent proxy running on localhost using iptables!
Lets suppose you have a linux box with 2 interfaces, one connected to local network and one to the internet.
You run the proxy (for instance great mitmproxy) like this:
mitmproxy -b 127.0.0.1 -p 3128
Then setup redirection using iptables for all passing traffic on port 80:
iptables -t nat -F
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to 127.0.0.1:3128
iptables -t nat -A POSTROUTING -j MASQUERADE -o eth1
sysctl -w net.ipv4.conf.all.route_localnet=1
echo 1 > /proc/sys/net/ipv4/ip_forward
And it doesn’t work! Why?
Because of security. As you can find out for instance here.
sysctl -w net.ipv4.conf.all.route_localnet=1
You can replace all to some specific ethernet interface (like eth0).