Skip to content

AppleScript to enable SOCKS proxy on Mac OS X

Find this tutorial useful?





Well, I’m here at Reading University and one of the joys of living here in halls is using the wonderful internet connection, shared with many other download-happy students.

As well as the speed being quite variable, there’s also a greater security risk, especially when transmitting passwords over normal, unencrypted HTTP connections. To solve that problem, I SSH into my server, still sitting back at home and tunnel HTTP traffic through the SSH connection.

This creates a SOCKS proxy server on my local machine and I can push the Mac’s traffic through it. It takes a long time and is fiddly, however, to switch the SOCKS proxy on and off from System Preferences, especially when (as in my special case) you can’t use Leopard’s Locations feature.

The AppleScript applications provided below are a quicker solution. Launch the right app, type your password and the proxy is flipped on or off. Nice and simple and much less fiddly than messing around in System Preferences.

Please support this work!

There used to be advertising here, but I no longer feel sure that advertising delivers the best experience and truly reflects the values of this site.

Keeping things running, however, is not without financial cost. If you would like to support the time and effort I have put into my tutorials and writing, please
consider making a donation.





Download AppleScripts

If you’re not interested in reading how the solution works, and just want some AppleScript applications that you just launch to flip the proxy on/off, download them here:

Download AppleScript applications (.dmg, 220 KB)
Download Disk Image (.dmg)

Make sure you have the proxy settings saved within System Preferences first. For more information, see the Readme PDF in the download. These AppleScripts support only Mac OS X 10.5 Leopard and above.

The Problem

If you’re still here, you’re probably interested in either why I’m doing this or how the solution works. Read on.

For web browsing, I can use Firefox and set its individual proxy settings to use SOCKS without affecting the whole system. That works great, for that unencrypted HTTP stuff.

However, there is also an issue with sending email to SMTP servers on this connection, which prompted me to make this quick-switch solution. I can’t be sure whether the SMTP issue deliberate, or just slowness, but trying to connect to non-Reading SMTP servers to send emails just times out. Therefore, to send emails, I need to tunnel Mail.app’s traffic through the SSH connection too, if only briefly.

Mail.app requires me to change (albeit briefly) the whole system’s proxy setting.

I thought Leopard’s ‘Location’ feature in Network may allow separate network profiles for proxy and normal, but the problem is switching between them drops the SSH connection in Terminal (and therefore, the local SOCKS proxy is no longer running, so the whole thing goes down).

Instead, I need a way to toggle the network SOCKS proxy settings in an automated manner for the system, so I can one-click to flip it on and off again to send an email.

The Solution

Thankfully, Mac OS X’s network settings can be changed via the command line, which in turn can be run from AppleScript. This solution is only tested on Leopard, however it may work on Tiger if references to networksetup are changed as per this article.

Here’s how:

$ networksetup -setsocksfirewallproxy Ethernet 127.0.0.1 1080 off

There are four arguments I’ve used here, let me explain what they each do.

-setsocksfirewallproxy – tells networksetup to turn the proxy on, with the following settings
Ethernet – the identifier of the network service to change the settings for (e.g. AirPort, Ethernet). Use networksetup -listallnetworkservices to see all valid values.
127.0.0.1 – the address of the SOCKS proxy. In our case, SSH creates the proxy on the local system, so 127.0.0.1.
1080 – the port of the SOCKS proxy. This is the -D argument in your SSH command.
off – this is for authentication. The SSH SOCKS system doesn’t need authentication and only runs on loopback, so we leave it off. If you’re using a different SOCKS system, you may need this (and also give the username and password as arguments after it).

Running the command will probably spring an authentication dialogue, just as you have to unlock the Network preference pane.

networksetup command

Then, it’s enabled for the whole system. Solves my Mail.app problem, I can now send that email (and my existing SSH connection isn’t dropped just because the network state changes).

How to disable proxy

You can just as simply disable the proxy.

$ networksetup -setsocksfirewallproxystate Ethernet off

Again, substitute Ethernet for your network service name if necessary (probably either AirPort or Ethernet).

It is also possible, once the settings are remembered by Mac OS X, to just use:

$ networksetup -setsocksfirewallproxystate Ethernet on

The AppleScripts I have made and you can download from above make the process even easier; you just launch the app to switch the proxy setting. If you’re a command line junkie, however, you may prefer to switch from the CLI.

The networksetup command was found thanks to this Mac OS X Hints post.

Find this tutorial useful?





Like this post?

If you would like to support the time and effort I have put into my tutorials and writing, please consider making a donation.

13 Comments

  1. Marek wrote:

    I will give a try. Thank you for sharing

    Monday, July 6, 2009 at 12:45 | Permalink | Using Mozilla Firefox Mozilla Firefox 3.0.11 on Windows Windows XP
  2. Dan wrote:

    You seem to know your stuff! Do you have any ideas about getting mac mail (with a gmail imap account) working behind a school proxy server?
    Using a manual http & https proxy setting. but mac mail apparently doesn’t see the proxy settings. The port for the proxy is 3129 but gmail smtp needs to use 993. I’m quite savvy but not a programmer/terminal kind of guy. Is it possible. Googling has brought up no answers…. any help would really appreciated

    Thursday, September 9, 2010 at 23:46 | Permalink | Using Google Chrome Google Chrome 6.0.472.53 on Mac OS X Mac OS X 10.6.3
  3. Peter wrote:

    Dan,

    A HTTP and HTTPS proxy won’t affect your connection to the IMAP and SMTP servers for Gmail – because those connections don’t have any relation to HTTP(S), so the proxy server isn’t invoked for them!

    This post is about setting up a SOCKS proxy – where you have an SSH server (or another SOCKS proxy) at the other end, and set that up. SOCKS differs from an HTTP(S) proxy, because SOCKS routes all of your traffic through, not just the HTTP stuff. If you can get access to a remote machine to use as a SOCKS proxy (perhaps set up a Linux server or another Mac with SSH at home?), then you could do the following:

    • SSH in to your remote machine from Terminal with ssh -CD 1080 yourserver.com to create the tunnel.
    • Switch on the SOCKS proxy option to 127.0.0.1:1080 in the Network preference pane, or use these scripts to do the same thing quickly!

    Once you’d done that, keep your SSH connection in the Terminal window open, but all your other connections – web, email, IM etc. would all be bouncing via your machine at home and could not be intercepted or meddled with (assuming individual apps don’t have their own proxy settings you have to set too). That is what this post is about, but I’m not sure it’s answering exactly the same question that you are asking.

    Do you know why is it that the IMAP and SMTP connections don’t work at the moment?

    Friday, September 10, 2010 at 09:18 | Permalink | Using Mozilla Firefox Mozilla Firefox 3.6.9 on Mac OS X Mac OS X 10
  4. Ruben Mera wrote:

    Hey there peter, you say this works on 10.5 leopard, is it 10.5 and up? (does it include snow leopard).

    Monday, September 13, 2010 at 09:27 | Permalink | Using Mozilla Firefox Mozilla Firefox 3.6.9 on Mac OS X Mac OS X 10
  5. Peter wrote:

    Ruben Mera,

    Absolutely. This works great with Snow Leopard too.

    Monday, September 13, 2010 at 09:29 | Permalink | Using Mozilla Firefox Mozilla Firefox 3.6.9 on Mac OS X Mac OS X 10
  6. Ruben Mera wrote:

    I’ll be trying this with a Snow Leopard Server I have at home, and a MacBook Pro with Snow Leopard I carry around, I have one last question…

    Do I have to set my server to receive SSH connections on port 1080? (I would do this not by changing the server’s port but by setting up NAT on my router to receive from 1080 and forward to 22 on my LAN)

    Monday, September 13, 2010 at 09:40 | Permalink | Using Mozilla Firefox Mozilla Firefox 3.6.9 on Mac OS X Mac OS X 10
  7. Peter wrote:

    Ruben Mera,

    No, what you do is that you open a Terminal window before running the ‘on’ script and SSH into your server as normal, but with the option:

    -CD 1080

    -C is compression, -D creates the tunnel on local port 1080.

    Your remote SSH server remains on whatever port it is on, but running that command creates the SOCKS proxy on your local machine’s port 1080.

    Monday, September 13, 2010 at 10:47 | Permalink | Using Mozilla Firefox Mozilla Firefox 3.6.9 on Mac OS X Mac OS X 10
  8. Ruben Mera wrote:

    Excellent! Thank you so much! I needed to help some friends use my server as a web proxy so that they can access a couple of websites that wont accept connections from foreign countries.

    Monday, September 13, 2010 at 20:09 | Permalink | Using Mozilla Firefox Mozilla Firefox 3.6.9 on Mac OS X Mac OS X 10
  9. Daniel wrote:

    Nice, thank you for sharing!

    Sunday, March 6, 2011 at 00:02 | Permalink | Using Google Chrome Google Chrome 9.0.597.102 on Mac OS X Mac OS X 10.6.6
  10. gregory80 wrote:

    hey this is slick. Thanks!

    I turned this into a nice little one liner that I have an alias for

    alias phone_proxy="networksetup -setsocksfirewallproxystate AirPort on; ssh -C -D 3072 USER@SOMESERVER.com cat; networksetup -setsocksfirewallproxystate AirPort off;"

    when I kill the terminal window via control C, it then shuts down the connection as well.

    This assumes the connection is via port 3072 and an SSH key in ~/.ssh/

    Tuesday, March 8, 2011 at 21:48 | Permalink | Using Google Chrome Google Chrome 11.0.686.3 on Mac OS X Mac OS X 10.6.6
  11. Hengjie wrote:

    Very cool, thank you for your scripts!

    Friday, May 27, 2011 at 13:26 | Permalink | Using Google Chrome Google Chrome 11.0.696.71 on Mac OS X Mac OS X 10.6.7
  12. James wrote:

    Sweet, thanks for posting, nice not to reproduce it.

    Friday, August 12, 2011 at 02:23 | Permalink | Using Mozilla Firefox Mozilla Firefox 4.0.1 on Mac OS X Mac OS X 10
  13. Wally wrote:

    Very thanks

    Thursday, December 8, 2011 at 18:54 | Permalink | Using Safari Safari 534.52.7 on Mac OS X Mac OS X 10.7.2

One Trackback/Pingback

  1. So, what's on my mac. - jobd.net on Sunday, September 5, 2010 at 17:34

    […] It's a Swiss Armyknife ;). You can easily manage SSH keys and make tunnels (automatically !).AppleScript to enable SOCKS proxy on Mac OS X « Blog « Peter UpfoldThe most usefull script to switch your mac's proxy settings. Very handy in combination with […]

Post a Comment

On some sites, you must be logged in to post a comment. This is not the case on this site.
Your email address is not made public or shared. Required fields are marked with *.
*
*
*

Posting a comment signifies you accept the privacy policy.
Please note — usually your comment will appear straight away but sometimes it will be held for approval (this is due to the spam filter). If your comment is waiting to be approved, please don’t post it again! It will appear eventually.