I need to intercept traffic (by port range) and need to have ability to modify it. If I understand correctly, the best way is to use NETransparentProxyProvider for this purpose. Is my understanding correct?
I am trying to figure out how to make system extension (NETransparentProxyProvider) intercept the traffic. Unfortunately I have not found any description or example (similar to Network Filter).
I am novice in Network Extension. Are there any guide, example or quick start how to implement app proxy?
Thank you!
Yes. The key thing is the modification. If you just wanted to look at traffic, a content filter would work, but if you want to modify it then a transparent proxy is probably the best way forward.
I’m not aware of any official Apple sample code for this, but it’s generally not too bad to set up. There are three parts:
A provider must be packaged as a system extension, and then you need app code to install and activate it. This is very similar to the content filter setup illustrated by the Filtering Network Traffic sample, except:
The provider subclass is
instead ofNEFilterDataProvider
. -
The provider type is
instead ofcontent-filter-provider
On the configuration front, use NETransparentProxyManager
instead of NEFilterManager
As to what the provider looks like, here’s the basic outline of one that does nothing:
final class TransparentProxyProvider: NETransparentProxyProvider {
override func startProxy(options: [String : Any]?, completionHandler: @escaping (Error?) -> Void) {
let settings = self.makeSettings()
self.setTunnelNetworkSettings(settings) { error in
private func makeSettings() -> NETransparentProxyNetworkSettings {
… this bit is up to you ;
override func stopProxy(with reason: NEProviderStopReason, completionHandler: @escaping () -> Void) {
override func handleNewFlow(_ flow: NEAppProxyFlow) -> Bool {
return false
override func handleNewUDPFlow(_ flow: NEAppProxyUDPFlow, initialRemoteEndpoint remoteEndpoint: NWEndpoint) -> Bool {
return false
Share and Enjoy
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"