{"id":46269872,"url":"https://github.com/machphy/mad-proxy","last_synced_at":"2026-03-04T03:01:38.626Z","repository":{"id":317121922,"uuid":"1066033983","full_name":"machphy/mad-proxy","owner":"machphy","description":"mad-proxy transparently hijacks HTTP/HTTPS traffic, enforces granular domain-level block/allow logic via YAML, and logs every event for live threat analysis. Built on mitmproxy, it empowers adversary simulation, defensive validation, and real-time policy enforcement directly in the browser kill chain.","archived":false,"fork":false,"pushed_at":"2025-10-06T17:51:08.000Z","size":50942,"stargazers_count":3,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-10-06T19:33:23.724Z","etag":null,"topics":["browser-auditing","c2-c2mitigation","domain-blocking","forensics","mitm","mitmproxy","offensive-security","packet-inspection","proxy","red-team","traffic-analysis","traffic-filtering","web-security-gateway","web-traffic"],"latest_commit_sha":null,"homepage":"https://pypi.org/project/mad-proxy/","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/machphy.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-09-28T23:07:26.000Z","updated_at":"2025-10-06T17:56:12.000Z","dependencies_parsed_at":"2025-09-29T02:37:10.842Z","dependency_job_id":null,"html_url":"https://github.com/machphy/mad-proxy","commit_stats":null,"previous_names":["machphy/mad-proxy"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/machphy/mad-proxy","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/machphy%2Fmad-proxy","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/machphy%2Fmad-proxy/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/machphy%2Fmad-proxy/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/machphy%2Fmad-proxy/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/machphy","download_url":"https://codeload.github.com/machphy/mad-proxy/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/machphy%2Fmad-proxy/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30070479,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-04T01:03:42.280Z","status":"online","status_checked_at":"2026-03-04T02:00:07.464Z","response_time":59,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["browser-auditing","c2-c2mitigation","domain-blocking","forensics","mitm","mitmproxy","offensive-security","packet-inspection","proxy","red-team","traffic-analysis","traffic-filtering","web-security-gateway","web-traffic"],"created_at":"2026-03-04T03:01:37.028Z","updated_at":"2026-03-04T03:01:38.619Z","avatar_url":"https://github.com/machphy.png","language":"Python","readme":"\n# mad-proxy: Malicious Activity Detection Proxy\n\nA Python-based HTTP/HTTPS proxy server for real-time detection and blocking of malicious web activity using custom security policies. \nBuilt with mitmproxy for cybersecurity professionals, red teamers, and developers who want transparency and control in web traffic inspection and security.\n\n\n## Standard Operating Procedure.\n\nRead [SOP](https://github.com/machphy/mad-proxy/blob/main/img/SOP_rajeev.pdf)\n\n\n![IMG](https://github.com/machphy/mad-proxy/blob/main/img/image.png?raw=true)\n\n---\n\n# mad-proxy: Malicious Activity Detection Proxy\n\n![CVE-2025-61767 Assigned](https://img.shields.io/badge/CVE-2025--61767-assigned-brightgreen)\n![Fixed in v0.4](https://img.shields.io/badge/Status-Fixed%20in%20v0.4-blue)\n\nA Python-based local HTTP/HTTPS proxy server designed to detect and block malicious activity in web traffic by applying custom security policies in real-time. \nBuilt on mitmproxy, `mad-proxy` empowers cybersecurity professionals and developers to intercept, inspect, and secure web traffic with customizable rules.\n\n---\n\n## 🚨 Security Advisory\n\n\u003e **CVE-2025-61767 β€” HTTPS Traffic Interception Bypass vulnerability fixed in v0.4** \n\u003e - [CVE Record](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61767) \n\u003e - [GitHub Security Advisory](https://github.com/advisories/GHSA-rjrf-hf7c-4vfr)\n\n**Upgrade to v0.4+ immediately to remain protected. See full details in [CHANGELOG.md](./CHANGELOG.md).**\n\n\n## Features\n\n- **Intercepts all HTTP and HTTPS browser traffic** via a local proxy server.\n- **Customizable policy engine:** Block or allow requests using rules defined in a YAML file (`config.yaml`).\n- **Quick integration** with major browsers like Firefox, Chrome, and Brave.\n- **Real-time logging** of blocked and allowed requests in the terminal.\n- **Supports trusted HTTPS interception** via mitmproxy root certificate installation.\n- **Extensible design** for future feature additions and research.\n\n---\n\n## Project Architecture\n![Architecture diagram](https://github.com/machphy/mad-proxy/blob/main/img/test_new.png?raw=true)\n\nBrowser \n↓ \n`mad-proxy` (`proxy_server.py`) \n↓ \nPolicy Engine (`policy_engine.py` \u0026 `config.yaml`) \n↓ \nInternet\n\n---\n\n## Project Structure\n\n```\nmad-proxy/\nβ”œβ”€β”€ mad_proxy/\nβ”‚ β”œβ”€β”€ proxy_server.py # Main proxy and request handler\nβ”‚ β”œβ”€β”€ policy_engine.py # Policy rules and matching logic\nβ”‚ β”œβ”€β”€ config.yaml # User-defined block/allow domains\nβ”‚ β”œβ”€β”€ analyzer.py # (Planned) Advanced traffic analysis\nβ”‚ └── utils.py # Helper functions (logging, alerts)\nβ”œβ”€β”€ README.md # Project documentation\nβ”œβ”€β”€ requirements.txt # Python dependencies\nβ”œβ”€β”€ setup.py # Package build and installation script\nβ”œβ”€β”€ CHANGELOG.md # Version and update log\n└── MANIFEST.in # Manifest file for package\n```\n\n---\n\n## Getting Started\n\n### Prerequisites\n\n- Python 3.7 or higher (3.12+ recommended)\n- pip\n- mitmproxy\n- Linux (tested on Ubuntu/Debian)\n\n### Installation\n\n**Clone the repository:**\n\n```\ngit clone https://github.com/machphy/mad-proxy.git\ncd mad-proxy\n```\n\n**Create and activate a virtual environment (recommended):**\n\n```\npython3 -m venv venv\nsource venv/bin/activate\n```\n\n**Install dependencies:**\n\n```\npip install -r requirements.txt\n```\n\n---\n\n## Configuration\n\nEdit `mad_proxy/config.yaml` to define your block or allow list:\n\n```\nblock_domains:\n - \"example.com\"\n - \"unauthorized.site\"\n```\n\nAdd or modify domains as desired.\n\n---\n\n## Browser Setup\n\n1. Set your browser HTTP/HTTPS proxy to `localhost:8080`. \n2. Trust the mitmproxy root certificate: \n - Run the proxy server (next section). \n - Visit [http://mitm.it](http://mitm.it) in the browser. \n - Download and install the certificate following the instructions.\n\n---\n\n## Running the Proxy Server\n\nStart the proxy:\n\n```\npython3 proxy_server.py\n```\n\nDefault is port 8080; modify if needed.\n\n---\n\n## Usage Examples\n\n**Allowed Request:** \nVisiting allowed sites (e.g., https://www.google.com) logs: \n\n```\nAllowed request: https://www.google.com\n```\n\n**Blocked Request:** \nBlocked sites (e.g., http://example.com) log: \n\n```\nBlocked request to http://example.com\n```\n\nBrowser shows a \"Blocked by security policy\" HTTP 403 message.\n\n---\n\n## Package Build \u0026 Setup Instructions\n\nYou can build and install mad-proxy as a Python package.\n\n### Step 1: Prerequisites\n\nInstall build and twine tools:\n\n```\npip install --upgrade build twine\n```\n\n### Step 2: Build the package\n\nRun in project root:\n\n```\npython3 -m build\n```\n\nThis generates `.whl` and `.tar.gz` files in the `dist/` folder.\n\n### Step 3: Local package install\n\nInstall the built wheel locally:\n\n```\npip install dist/mad_proxy-\u003cversion\u003e-py3-none-any.whl\n```\n\nReplace `\u003cversion\u003e` with the actual version number.\n\n### Step 4: (Optional) Publish package to PyPI\n\nAfter configuring `.pypirc` with your PyPI token, run:\n\n```\ntwine upload dist/*\n```\n\n---\n\n## How to Extend\n\n- Add regex or heuristic-based URL/malicious content detection in `policy_engine.py`.\n- Implement advanced logging and alert mechanisms in `utils.py`.\n- Build UI for easier rule management.\n- Integrate with threat intelligence feeds for automated updates.\n\n---\n\n## Troubleshooting\n\n- **Mitmproxy certificate errors:** Ensure the mitmproxy root certificate is installed correctly.\n- **Port conflicts:** If port 8080 is busy, change the port in the proxy start command or config.\n- **Configuration errors:** YAML formatting is strictβ€”validate `config.yaml` carefully.\n\n---\n\n## License\n\nMIT License\n\n---\n\n## Maintainer\n\nMaintained by [machphy](https://github.com/machphy)\nEmail :- [Email](rajeevsharmamachphy@gmail.com)\nOwn by rajeevsharmamachphy@gmail.com\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmachphy%2Fmad-proxy","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmachphy%2Fmad-proxy","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmachphy%2Fmad-proxy/lists"}