• Stars
    star
    183
  • Rank 210,154 (Top 5 %)
  • Language
    Go
  • License
    MIT License
  • Created over 4 years ago
  • Updated over 1 year ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Dumbest HTTP proxy ever

dumbproxy

dumbproxy

Dumbest HTTP proxy ever.

Features

  • Cross-platform (Windows/Mac OS/Linux/Android (via shell)/*BSD)
  • Deployment with a single self-contained binary
  • Zero-configuration
  • Supports CONNECT method and forwarding of HTTPS connections
  • Supports Basic proxy authentication
  • Supports TLS operation mode (HTTP(S) proxy over TLS)
  • Native ACME support (can issue TLS certificates automatically using Let's Encrypt or BuyPass)
  • Supports client authentication with client TLS certificates
  • Supports HTTP/2
  • Resilient to DPI (including active probing, see hidden_domain option for authentication providers)
  • Connecting via upstream HTTP(S)/SOCKS5 proxies (proxy chaining)
  • systemd socket activation

Installation

Binary download

Pre-built binaries available on releases page.

From source

Alternatively, you may install dumbproxy from source. Run within source directory

go install

Docker

Docker image is available as well. Here is an example for running proxy as a background service:

docker run -d \
    --security-opt no-new-privileges \
    -p 8080:8080 \
    --restart unless-stopped \
    --name dumbproxy \
    yarmak/dumbproxy

Snap Store

Get it from the Snap Store

sudo snap install dumbproxy

Usage

Just run program and it'll start accepting connections on port 8080 (default).

Example: plain proxy

Run proxy on port 1234 with Basic authentication with username admin and password 123456:

dumbproxy -bind-address :1234 -auth 'static://?username=admin&password=123456'

Example: HTTP proxy over TLS (LetsEncrypt automatic certs)

Run HTTPS proxy (HTTP proxy over TLS) with automatic certs from LetsEncrypt on port 443 with Basic authentication with username admin and password 123456:

dumbproxy -bind-address :443 -auth 'static://?username=admin&password=123456' -autocert

Example: HTTP proxy over TLS (BuyPass automatic certs)

Run HTTPS proxy (HTTP proxy over TLS) with automatic certs from BuyPass on port 443 with Basic authentication with username admin and password 123456:

dumbproxy \
	-bind-address :443 \
	-auth 'static://?username=admin&password=123456' \
	-autocert \
	-autocert-acme 'https://api.buypass.com/acme/directory' \
	-autocert-email [email protected] \
	-autocert-http :80

Using HTTP-over-TLS proxy

It's quite trivial to set up program which supports proxies to use dumbproxy in plain HTTP mode. However, using HTTP proxy over TLS connection with browsers is little bit tricky. Note that TLS must be enabled (-cert and -key options or -autocert option) for this to work.

Routing all browsers on Windows via HTTPS proxy

Open proxy settings in system's network settings:

win10-proxy-settings

Turn on setup script option and set script address:

data:,function FindProxyForURL(u, h){return "HTTPS example.com:8080";}

where instead of example.com:8080 you should use actual address of your HTTPS proxy.

Note: this method will not work with MS Edge Legacy.

Using with Firefox

Option 1. Inline PAC file in settings.

Open Firefox proxy settings, switch proxy mode to "Automatic proxy configuration URL". Specify URL:

data:,function FindProxyForURL(u, h){return "HTTPS example.com:8080";}

ff_https_proxy

Option 2. Browser extension.

Use any proxy switching browser extension which supports HTTPS proxies like this one.

Using with Chrome

Option 1. CLI option.

Specify proxy via command line:

chromium-browser --proxy-server='https://example.com:8080'

Option 2. Browser extension.

Use any proxy switching browser extension which supports HTTPS proxies like this one.

Using with other applications

It is possible to expose remote HTTPS proxy as a local plaintext HTTP proxy with help of external application which performs remote communication via TLS and exposes local plaintext socket. steady-tun appears to be most suitable for this because it supports connection pooling to hide connection delay.

Using with Android

  1. Run proxy as in examples above.
  2. Install Adguard on your Android: Guide.
  3. Follow this guide, skipping server configuration. Use proxy type HTTPS if you set up TLS-enabled server or else use HTTP type.
  4. Enjoy!

Authentication

Authentication parameters are passed as URI via -auth parameter. Scheme of URI defines authentication metnod and query parameters define parameter values for authentication provider.

  • none - no authentication. Example: none://. This is default.
  • static - basic authentication for single login and password pair. Example: static://?username=admin&password=123456. Parameters:
    • username - login.
    • password - password.
    • hidden_domain - if specified and is not an empty string, proxy will respond with "407 Proxy Authentication Required" only on specified domain. All unauthenticated clients will receive "400 Bad Request" status. This option is useful to prevent DPI active probing from discovering that service is a proxy, hiding proxy authentication prompt when no valid auth header was provided. Hidden domain is used for generating 407 response code to trigger browser authorization request in cases when browser has no prior knowledge proxy authentication is required. In such cases user has to navigate to any hidden domain page via plaintext HTTP, authenticate themselves and then browser will remember authentication.
  • basicfile - use htpasswd-like file with login and password pairs for authentication. Such file can be created/updated with command like this: dumbproxy -passwd /etc/dumbproxy.htpasswd username password or with htpasswd utility from Apache HTTPD utils. path parameter in URL for this provider must point to a local file with login and bcrypt-hashed password lines. Example: basicfile://?path=/etc/dumbproxy.htpasswd.
    • path - location of file with login and password pairs. File format is similar to htpasswd files. Each line must be in form <username>:<bcrypt hash of password>. Empty lines and lines starting with # are ignored.
    • hidden_domain - same as in static provider
    • reload - interval for conditional password file reload, if it was modified since last load. Use negative duration to disable autoreload. Default: 15s.
  • cert - use mutual TLS authentication with client certificates. In order to use this auth provider server must listen sockert in TLS mode (-cert and -key options) and client CA file must be specified (-cacert). Example: cert://.

Synopsis

$ ~/go/bin/dumbproxy -h
Usage of /home/user/go/bin/dumbproxy:
  -auth string
    	auth parameters (default "none://")
  -autocert
    	issue TLS certificates automatically
  -autocert-acme string
    	custom ACME endpoint (default "https://acme-v02.api.letsencrypt.org/directory")
  -autocert-dir string
    	path to autocert cache (default "/home/user/.dumbproxy/autocert")
  -autocert-email string
    	email used for ACME registration
  -autocert-http string
    	listen address for HTTP-01 challenges handler of ACME
  -autocert-whitelist value
    	restrict autocert domains to this comma-separated list
  -bind-address string
    	HTTP proxy listen address. Set empty value to use systemd socket activation. (default ":8080")
  -cafile string
    	CA file to authenticate clients with certificates
  -cert string
    	enable TLS and use certificate
  -ciphers string
    	colon-separated list of enabled ciphers
  -disable-http2
    	disable HTTP2
  -ip-hints value
    	a comma-separated list of source addresses to use on dial attempts. Example: "10.0.0.1,fe80::2,0.0.0.0,::"
  -key string
    	key for TLS certificate
  -list-ciphers
    	list ciphersuites
  -passwd string
    	update given htpasswd file and add/set password for username. Username and password can be passed as positional arguments or requested interactively
  -passwd-cost int
    	bcrypt password cost (for -passwd mode) (default 4)
  -proxy value
    	upstream proxy URL. Can be repeated multiple times to chain proxies. Examples: socks5h://127.0.0.1:9050; https://user:[email protected]:443
  -timeout duration
    	timeout for network operations (default 10s)
  -user-ip-hints
    	allow IP hints to be specified by user in X-Src-IP-Hints header
  -verbosity int
    	logging verbosity (10 - debug, 20 - info, 30 - warning, 40 - error, 50 - critical) (default 20)
  -version
    	show program version and exit

More Repositories

1

opera-proxy

Standalone client for proxies of Opera VPN
Go
418
star
2

hola-proxy

Standalone Hola proxy client
Go
351
star
3

rsp

Rapid SSH Proxy
Python
278
star
4

hisilicon-dvr-telnet

PoC materials for article https://habr.com/en/post/486856/
C
124
star
5

postfix-mta-sts-resolver

Daemon which provides TLS client policy for Postfix via socketmap, according to domain MTA-STS policy
Python
104
star
6

ss-replit

REPL for replit.com to run shadowsocks server with v2ray-plugin
Shell
99
star
7

windscribe-proxy

Standalone client for proxies of Windscribe browser extension
Go
91
star
8

linux-secureboot-kit

Tool for complete hardening of Linux boot chain with UEFI Secure Boot
Shell
65
star
9

nvidia-patch

This patch removes restriction on maximum number of simultaneous NVENC video encoding sessions imposed by Nvidia to consumer-grade GPUs.
Python
44
star
10

steady-tun

Secure TLS tunnel with pool of prepared upstream connections
Go
42
star
11

ssh-tarpit

SSH tarpit that slowly sends an endless banner
Python
32
star
12

bloom

An in-memory bloom filter with persistence and HTTP interface
C
32
star
13

nth-dump

nthLink API client
Go
31
star
14

php-storageless-sessions

Sessions handler which stores session data in HMAC-signed and encrypted cookies
PHP
30
star
15

hola-proxy-list

Fetches free proxy list via Hola browser extension API
Python
28
star
16

myip

Get your external IP address using multiple STUN servers
Makefile
26
star
17

ptw

Pooling TLS Wrapper
Python
22
star
18

pyknock

UDP port knocking suite with HMAC-PSK authentication.
Python
21
star
19

udpierce

Network wrapper which transports UDP packets over multiple TLS sessions
Go
20
star
20

quickcerts

Quick and easy X.509 certificate generator for SSL/TLS utilizing local PKI
Python
17
star
21

udp-over-tls-pool

Network wrapper which transports UDP packets over multiple TLS sessions
Python
16
star
22

chunk-nordic

Yet another TCP-over-HTTP(S) tunnel
Python
16
star
23

firefox-secure-proxy

Standalone wrapper for Firefox Private Network
Python
16
star
24

httptrap

Web-server which produces infinite chunked-encoded responses to slowdown malicious clients
Go
15
star
25

drb-client

Distributed Randomness Beacon client
Python
11
star
26

shadowsocks-platform.sh

Ready-to-use platform.sh deployment of shadowsocks with v2ray-plugin.
Shell
11
star
27

http-tarpit

Web-server which produces infinite chunked-encoded responses
Python
8
star
28

davclean

Backup cleaner from yandex.disk
Python
8
star
29

flight-recorder

Daemon which tracks system crashes and downtime duration
Python
7
star
30

skype-watch

Simple messages watcher for Skype
Python
6
star
31

docker-warp-proxy

Docker image to run Cloudflare Warp in proxy mode
Dockerfile
5
star
32

trusearch

Perform advanced search on unofficial rutracker.org (ex torrents.ru) XML database
Go
5
star
33

passcheck

Securely check list of passwords against HIBP password database
Go
5
star
34

ssh-honeypot

SSH honeypot. Collects used SSH passwords and issued commands into SQLite3 database.
Python
4
star
35

httpierce

Experimental shadowsocks plugin purposed to bypass captive portals of some mobile ISPs.
Go
4
star
36

cuckoo-filter-redis

Set of Lua stored functions implementing Cuckoo Filter backed by Redis.
Lua
4
star
37

particle-detector

webcam particle detector (prototype)
Python
4
star
38

djinni-profile-updater

Automatically updates your profile on djinni.co
Python
3
star
39

winping

Ping implementation which utilizes Windows ICMP API
Python
3
star
40

riak-bucket-export

Exports RIAK bucket to JSON file
Python
3
star
41

lua-trie

Trie implementation in pure Lua capable to build prefixes from iterable sequences
Lua
3
star
42

extip

Go package which retrieves external address IP using STUN servers
Go
3
star
43

python-cli-tool-boilerplate

Boilerplate of python3 package which provides command line tool
Python
3
star
44

workua-cv-updater

Tool which updates your CV on work.ua
Python
3
star
45

terse

Output randomly sampled lines from input stream or file
Go
3
star
46

ra

Simple sunrise and sunset calculator
Go
2
star
47

cfgfs

FUSE filesystem for wrapping configs from database to readable files
Python
2
star
48

qjson

Helper routines for JSON manipulation in Go
Go
2
star
49

imgopt

Multiprocessor image optimizer which keeps track on already optimized files using its hashes
Python
2
star
50

rabotaua-cv-updater

Tool which updates your CV on rabota.ua
Python
2
star
51

wayd

What Are You Doing? - low-effort time tracking
Shell
2
star
52

fbfeed2rss

Facebook feed to RSS gateway
Python
1
star
53

bson2csv

BSON to CSV converter written in C
C
1
star
54

transmission-resync-rutracker

rutracker plugin for transmission-resync
Makefile
1
star
55

httprobe

Simple tool to test HTTP requests
Makefile
1
star
56

go-sshd

Fork of https://src.whiteboxsystems.nl/Whitebox/go-sshd
Go
1
star