I built crabbyproxy after spending an evening trying to get YouTube and Reddit to bypass my WireGuard VPN on macOS, and discovering that none of the standard approaches work.
The problem
WireGuard’s macOS app uses Apple’s Network Extension framework, which intercepts packets before the routing table. This means AllowedIPs exclusions generate hundreds of CIDR fragments (YouTube alone uses dozens of dynamic CDN subnets), and route add commands are simply ignored. The app also runs in Apple’s sandbox, no PostUp/PostDown scripts, no scutil --nc support, no scripting API.