How would one go about using privaxy for tvOS?

[DominikDeak]

I'm not sure if this is the right place to ask the following question. I would like to use privaxy on my Raspberry Pi as a replacement for Pi-Hole, and somehow redirect network traffic from Apple TV though privaxy. I realise Pi-Hole only handles DNS traffic. So somehow i also need to configure Apple TV to connect to a proxy server. Is this even realistic?

[ajkblue]

Looks like we're waiting on #13, so we can MITM other traffic on a local network besides localhost. Once that is done, #74 would also be nice so we have a web gui to go through through requests with, but its definitely not mandatory as all of that can be done with the configuration file.

For the Apple TV specifically once those issues are resolved, you'll just need to install the CA cert on the Apple TV and setup the proxy config under network settings to point to your Privaxy server (this guide shows how to install a CA on an Apple TV: https://kb.smoothwall.com/hc/en-us/articles/360002033210-Installing-HTTPS-Inspection-CA-Certificates-on-Apple-TV-Devices-Manually)

[zimtrollenbaellchen]

I want to do what OP wants too. GoogleTV

[rayshan]

Here's a related article: Block YouTube Ads on AppleTV by Decrypting and Stripping Ads from Profobuf https://ericdraken.com/pfsense-decrypt-ad-traffic/

[24fpsDaVinci]

use this profile generator if you dont have access to macos configurator https://daduckmsft.github.io/WiFiProfileGenerator/

and include these missing lines

            <key>ProxyServer</key>
            <string>192.168.x.x</string>
            <key>ProxyType</key>
            <string>Manual</string>
            <key>ProxyServerPort</key>
            <integer>8100</integer>

[candybars2021]

Thanks, but I m just seeing a screen or iOS and specific wifi networ settings. How do you generate and upload a certificate from it to Apple TV (or iOS over cell data)?

BTW, I have access to a configurator but I summed through the "new profile" option, exited out of it, and it will not let me create another one without erasing the device, even though nothing was configured.

Thanks

[24fpsDaVinci]

https://lucaslegname.github.io/mitmproxy/2020/04/10/mitmproxy.html

checkout this guide

[candybars2021]

Thanks. I have privaxy running on docker (webui-privaxy), so I don't need mitnm to expose to other devices. I was able to figure out how to use the configurator and update profile with wifi through proxy settings, but it seems that all the traffic bypasses it or it is just http, unlike setting this up on Mac wifi settings (same thing with proxy from profile on Mac happens). I tried to add the privaxy certficate on top but it isn't accepting .cert format. I know Im not using mitm proxy and probably they have some trusted certificate that would help but what am I missing and If I already have Privaxy on external lan interface, how do I get encyrpted Apple TV traffic through it? Thanks a lot

[24fpsDaVinci]

I used a combination of the install instruction on the bottom of the main page and the linked guide and I was able to get tvOS connected and the web UI working. It runs but it does not block any youtube ads for me, or any other ads. Its actually quite long procedure to debug and I havent had the time.

[candybars2021]

Not I understand what you mean but basically did you end up with one profile on the Apple TV (configurator app use proxy for wifi) or two (also the Privaxy certificate)? With just the wifi config, I'm not seeing any traffic even passing through the proxy, and that means apps are choosing to bypass it, if you are seeing it in the live stream on the UI that's already an accomplishment. It may not be doing anything without the certificate - I wasn't able to upload it without making it a supervised device, I am very curious to understand your setup more. Thanks!!