{"id":13543089,"url":"https://github.com/projectdiscovery/proxify","last_synced_at":"2025-05-13T19:06:35.939Z","repository":{"id":37408293,"uuid":"316539944","full_name":"projectdiscovery/proxify","owner":"projectdiscovery","description":"A versatile and portable proxy for capturing, manipulating, and replaying HTTP/HTTPS traffic on the go.","archived":false,"fork":false,"pushed_at":"2025-03-31T09:11:05.000Z","size":1795,"stargazers_count":2841,"open_issues_count":37,"forks_count":243,"subscribers_count":51,"default_branch":"main","last_synced_at":"2025-05-08T00:45:54.720Z","etag":null,"topics":["http-proxy","mitm","mitmproxy","socks5-proxy"],"latest_commit_sha":null,"homepage":"https://projectdiscovery.io","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/projectdiscovery.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.MD","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2020-11-27T15:40:49.000Z","updated_at":"2025-05-06T23:06:58.000Z","dependencies_parsed_at":"2023-12-25T11:26:24.823Z","dependency_job_id":"8945d41e-7cf8-4dac-80de-20ae5f6367e4","html_url":"https://github.com/projectdiscovery/proxify","commit_stats":{"total_commits":430,"total_committers":28,"mean_commits":"15.357142857142858","dds":0.3511627906976744,"last_synced_commit":"6769e46c41a869891fc18b110c2f1dc0492d22ae"},"previous_names":[],"tags_count":14,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/projectdiscovery%2Fproxify","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/projectdiscovery%2Fproxify/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/projectdiscovery%2Fproxify/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/projectdiscovery%2Fproxify/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/projectdiscovery","download_url":"https://codeload.github.com/projectdiscovery/proxify/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254010810,"owners_count":21998993,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["http-proxy","mitm","mitmproxy","socks5-proxy"],"created_at":"2024-08-01T11:00:22.876Z","updated_at":"2025-05-13T19:06:35.920Z","avatar_url":"https://github.com/projectdiscovery.png","language":"Go","readme":"\u003ch1 align=\"center\"\u003e\n  \u003cimg src=\"static/proxify-logo.png\" alt=\"proxify\" width=\"200px\" /\u003e\n\u003c/h1\u003e\n\n\u003cp align=\"center\"\u003e\n\u003ca href=\"https://opensource.org/licenses/MIT\"\u003e\u003cimg src=\"https://img.shields.io/badge/license-MIT-_red.svg\"\u003e\u003c/a\u003e\n\u003ca href=\"https://github.com/projectdiscovery/proxify/issues\"\u003e\u003cimg src=\"https://img.shields.io/badge/contributions-welcome-brightgreen.svg?style=flat\"\u003e\u003c/a\u003e\n\u003ca href=\"https://goreportcard.com/badge/github.com/projectdiscovery/proxify\"\u003e\u003cimg src=\"https://goreportcard.com/badge/github.com/projectdiscovery/proxify\"\u003e\u003c/a\u003e\n\u003ca href=\"https://github.com/projectdiscovery/proxify/releases\"\u003e\u003cimg src=\"https://img.shields.io/github/release/projectdiscovery/proxify\"\u003e\u003c/a\u003e\n\u003ca href=\"https://hub.docker.com/r/projectdiscovery/proxify\"\u003e\u003cimg src=\"https://img.shields.io/docker/pulls/projectdiscovery/proxify.svg\"\u003e\u003c/a\u003e\n\u003ca href=\"https://twitter.com/pdiscoveryio\"\u003e\u003cimg src=\"https://img.shields.io/twitter/follow/pdiscoveryio.svg?logo=twitter\"\u003e\u003c/a\u003e\n\u003ca href=\"https://discord.gg/projectdiscovery\"\u003e\u003cimg src=\"https://img.shields.io/discord/695645237418131507.svg?logo=discord\"\u003e\u003c/a\u003e\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n  \u003ca href=\"#features\"\u003eFeatures\u003c/a\u003e •\n  \u003ca href=\"#installation\"\u003eInstallation\u003c/a\u003e •\n  \u003ca href=\"#usage\"\u003eUsage\u003c/a\u003e •\n  \u003ca href=\"#running-proxify\"\u003eRunning Proxify\u003c/a\u003e •\n  \u003ca href=\"#installing-ssl-certificate\"\u003eInstalling SSL Certificate\u003c/a\u003e •\n  \u003ca href=\"#applications-of-proxify\"\u003eApplications of Proxify\u003c/a\u003e •\n  \u003ca href=\"https://discord.gg/projectdiscovery\"\u003eJoin Discord\u003c/a\u003e\n\u003c/p\u003e\n\nSwiss Army Knife Proxy for rapid deployments. Supports multiple operations such as request/response dump, filtering and manipulation via DSL language, upstream HTTP/Socks5 proxy.\nAdditionally, a replay utility allows to import the dumped traffic (request/responses with correct domain name) into BurpSuite or any other proxy by simply setting the upstream proxy to proxify.\n\n# Features\n\n\u003ch1 align=\"left\"\u003e\n  \u003cimg src=\"static/proxify-run.png\" alt=\"proxify\" width=\"700px\"\u003e\n  \u003cbr\u003e\n\u003c/h1\u003e\n\n\n - Intercept / Manipulate **HTTP/HTTPS** \u0026 **NON-HTTP** traffic\n - **Invisible \u0026 Thick clients** traffic proxy support\n - TLS MITM support with client/server certificates\n - **HTTP** and **SOCKS5** support for upstream proxy\n - Traffic **Match/Filter and Replace** DSL support\n - Full traffic dump to file (request/responses)\n - Native embedded DNS server\n - Plugin Support to decode specific protocols (e.g XMPP/SMTP/FTP/SSH/)\n - Proxify Traffic replay in Burp\n\n# Installation\n\nDownload the ready to run [binary](https://github.com/projectdiscovery/proxify/releases/) or install/build using GO\n\n```shell\ngo install -v github.com/projectdiscovery/proxify/cmd/proxify@latest\n```\n\n# Usage\n\n```shell\nproxify -h\n```\n\nThis will display help for the tool. Here are all the switches it supports.\n\n```console\nSwiss Army Knife Proxy for rapid deployments. Supports multiple operations such as request/response dump,filtering and manipulation via DSL language, upstream HTTP/Socks5 proxy\n\nUsage:\n  ./proxify [flags]\n\nFlags:\nOUTPUT:\n   -sr, -store-resposne        store raw http request / response to output directory (default proxify_logs)\n   -o, -output                 output file to store proxify logs (default proxify_logs.jsonl)\n   -of, -output-format string  output format (jsonl/yaml) (default \"jsonl\")\n   -dump-req                   Dump only HTTP requests to output file\n   -dump-resp                  Dump only HTTP responses to output file\n   -oca, -out-ca string        Generate and Save CA File to filename\n\nUPDATE:\n   -up, -update                 update proxify to latest version\n   -duc, -disable-update-check  disable automatic proxify update check\n\nFILTER:\n   -req-fd, -request-dsl string[]                   Request Filter DSL\n   -resp-fd, -response-dsl string[]                 Response Filter DSL\n   -req-mrd, -request-match-replace-dsl string[]    Request Match-Replace DSL\n   -resp-mrd, -response-match-replace-dsl string[]  Response Match-Replace DSL\n\nNETWORK:\n   -ha, -http-addr string    Listening HTTP IP and Port address (ip:port) (default \"127.0.0.1:8888\")\n   -sa, -socks-addr          Listening SOCKS IP and Port address (ip:port) (default 127.0.0.1:10080)\n   -da, -dns-addr string     Listening DNS IP and Port address (ip:port)\n   -dm, -dns-mapping string  Domain to IP DNS mapping (eg domain:ip,domain:ip,..)\n   -r, -resolver string      Custom DNS resolvers to use (ip:port)\n\nPROXY:\n   -hp, -http-proxy string[]    Upstream HTTP Proxies (eg http://proxy-ip:proxy-port)\n   -sp, -socks5-proxy string[]  Upstream SOCKS5 Proxies (eg socks5://proxy-ip:proxy-port)\n   -c int                       Number of requests before switching to the next upstream proxy (default 1)\n\nEXPORT:\n   -max-size int  Max export data size (request/responses will be truncated) (default 9223372036854775807)\n\nCONFIGURATION:\n   -config string              path to the proxify configuration file\n   -ec, -export-config string  proxify export module configuration file (default \"$CONFIG/export-config.yaml\")\n   -config-directory string    override the default config path (default \"$CONFIG/proxify\")\n   -cert-cache-size int        Number of certificates to cache (default 256)\n   -a, -allow string[]         Allowed list of IP/CIDR's to be proxied\n   -d, -deny string[]          Denied list of IP/CIDR's to be proxied\n   -pt, -passthrough string[]  List of passthrough domains\n\nDEBUG:\n   -nc, -no-color      No Color\n   -version            Version\n   -silent             Silent\n   -v, -verbose        Verbose\n   -vv, -very-verbose  Very Verbose\n\n```\n\n### Running Proxify\n\nRuns an HTTP proxy on port **8888**:\n```shell\nproxify\n```\n\nRuns an HTTP proxy on custom port **1111**:\n```shell\nproxify -http-addr \":1111\"\n```\n\n### TLS pass through\n\nThe -pt flag can be used pass through (skip) encrypted traffic without attempting to terminate the TLS connection.\n\n\n```bash\nproxify -pt '(.*\\.)?google\\.co.in.*'\n```\n\n### Proxify with upstream proxy\n\n\nRuns an HTTP proxy on port 8888 and forward the traffic to burp on port **8080**:\n```shell\nproxify -http-proxy http://127.0.0.1:8080\n```\n\nRuns an HTTP proxy on port 8888 and forward the traffic to the TOR network:\n```shell\nproxify -socks5-proxy 127.0.0.1:9050\n```\n\n\n### Dump all the HTTP/HTTPS traffic\n\nProxify supports three output formats: **JSONL**, **YAML** and **Files**.\n\n**JSONL** (default):\n\nIn Json Lines format each Http Request/Response pair is stored as json object in a single line. \n\n```json\n{\"timestamp\":\"2024-02-20T01:56:49+05:30\",\"url\":\"https://scanme.sh:443\",\"request\":{\"header\":{\"Connection\":\"close\",\"User-Agent\":\"curl/8.1.2\",\"host\":\"scanme.sh:443\",\"method\":\"CONNECT\",\"path\":\"\",\"scheme\":\"https\"},\"raw\":\"CONNECT scanme.sh:443 HTTP/1.1\\r\\nHost: scanme.sh:443\\r\\nConnection: close\\r\\nUser-Agent: curl/8.1.2\\r\\n\\r\\n\"},\"response\":{\"header\":{\"Content-Length\":\"0\"},\"raw\":\"HTTP/1.1 200 OK\\r\\nContent-Length: 0\\r\\n\\r\\n\"}}\n{\"timestamp\":\"2024-02-20T01:56:49+05:30\",\"url\":\"https://scanme.sh/\",\"request\":{\"header\":{\"Accept\":\"*/*\",\"Connection\":\"close\",\"User-Agent\":\"curl/8.1.2\",\"host\":\"scanme.sh\",\"method\":\"GET\",\"path\":\"/\",\"scheme\":\"https\"},\"raw\":\"GET / HTTP/1.1\\r\\nHost: scanme.sh\\r\\nAccept: */*\\r\\nConnection: close\\r\\nUser-Agent: curl/8.1.2\\r\\n\\r\\n\"},\"response\":{\"header\":{\"Content-Type\":\"text/plain; charset=utf-8\",\"Date\":\"Mon, 19 Feb 2024 20:26:49 GMT\"},\"body\":\"ok\",\"raw\":\"HTTP/1.1 200 OK\\r\\nConnection: close\\r\\nContent-Type: text/plain; charset=utf-8\\r\\nDate: Mon, 19 Feb 2024 20:26:49 GMT\\r\\n\\r\\n\"}}\n```\n\n**Yaml MultiDoc**:\n\nIn the YAML MultiDoc format, each HTTP request and response pair is encapsulated as a separate document.All Documents in output yaml file are seperated  by `---` to allow stream parsing and consumption.\n\n```console\nproxify -output-format yaml\n```\n\n```yaml\ntimestamp: \"2024-02-20T01:40:40+05:30\"\nurl: https://scanme.sh:443\nrequest:\n    header:\n        Connection: close\n        User-Agent: curl/8.1.2\n        host: scanme.sh:443\n        method: CONNECT\n        path: \"\"\n        scheme: https\n    body: \"\"\n    raw: \"CONNECT scanme.sh:443 HTTP/1.1\\r\\nHost: scanme.sh:443\\r\\nConnection: close\\r\\nUser-Agent: curl/8.1.2\\r\\n\\r\\n\"\nresponse:\n    header:\n        Content-Length: \"0\"\n    body: \"\"\n    raw: \"HTTP/1.1 200 OK\\r\\nContent-Length: 0\\r\\n\\r\\n\"\n---\ntimestamp: \"2024-02-20T01:40:40+05:30\"\n...\n```\n\n**Files**:\n\nIn Files format, each HTTP request and response pair is stored in separate files with the request followed by the response. Filenames are in format of `{{Host}}-{{randstr}}.txt`. Additionally, **dump-req** or **dump-resp** flag can be used for saving specific part of the request to the file.\n\n```console\nproxify -store-response\n```\n\n\u003eNote: When using `-store-response` both jsonl and files are generated.\n\n### Hostname mapping with Local DNS resolver\n\nProxify supports embedding DNS resolver to map hostnames to specific addresses and define an upstream dns server for any other domain name\n\nRuns an HTTP proxy on port `8888` using an embedded dns server listening on port `53` and resolving `www.google.it` to `192.168.1.1` and all other `fqdn` are forwarded upstream to `1.1.1.1`:\n\n```shell\nproxify -dns-addr \":53\" -dns-mapping \"www.google.it:192.168.1.1\" -dns-resolver \"1.1.1.1:53\"\n```\n\nThis feature is used for example by the `replay` utility to hijack the connections and simulate responses. It may be useful during internal assessments with private dns servers. Using `*` as domain name matches all dns requests.\n\n### Match/Filter traffic with DSL\n\nIf the request or response match the filters the dump is tagged with `.match.txt` suffix:\n\n```shell\nproxify -request-dsl \"contains(request,'firefox')\" -response-dsl \"contains(response, md5('test'))\"\n```\n\n### Match and Replace on the fly\n\nProxify supports modifying Request and Responses on the fly with DSL language.\n\nHere is an example to replace `firefox` word from request to `chrome`:\n\n```shell\nproxify -request-match-replace-dsl \"replace(request,'firefox','chrome')\"\n```\n\nAnother example using **regex** based replacement of response:\n\n\n```shell\nproxify -response-match-replace-dsl \"replace_regex(response, '^authentication failed$', 'authentication ok')\"\n```\n\n### Replay all traffic into burp\n\nReplay all the dumped requests/responses into the destination URL (http://127.0.0.1:8080) if not specified. For this to work it's necessary to configure burp to use proxify as upstream proxy, as it will take care to hijack the dns resolutions and simulate the remote server with the dumped request. This allows to have in the burp history exactly all requests/responses as if they were originally sent through it, allowing for example to perform a remote interception on cloud, and merge all results locally within burp.\n\n```shell\nreplay -output \"logs/\"\n```\n\n### Installing SSL Certificate\n\nA certificate authority is generated for proxify which is stored in the folder `~/.config/proxify/` as default, manually can be specified by `-config` flag. The generated certificate can be imported by visiting [http://proxify/cacert](http://proxify/cacert) in a browser connected to proxify. \n\nInstallation steps for the Root Certificate is similar to other proxy tools which includes adding the cert to system trusted root store.\n\n### Applications of Proxify\n\nProxify can be used for multiple places, here are some common example where Proxify comes handy:\n\n\u003cdetails\u003e\n\u003csummary\u003e👉 Storing all the burp proxy history logs locally. \u003c/summary\u003e\n\nRuns an HTTP proxy on port `8888` and forward the traffic to burp on port `8080`:\n\n```shell\nproxify -http-proxy http://127.0.0.1:8080\n```\n\nFrom BurpSuite, set the Upstream Proxy to forward all the traffic back to `proxify`:\n\n```\nUser Options \u003e Upstream Proxy \u003e Proxy \u0026 Port \u003e 127.0.0.1 \u0026 8888\n```\nNow all the request/response history will be stored in `logs` folder that can be used later for post-processing.\n\n\u003c/details\u003e\n\n\n\u003cdetails\u003e\n\u003csummary\u003e👉 Store all your browse history locally. \u003c/summary\u003e\n\n\nWhile you browse the application, you can point the browser to `proxify` to store all the HTTP request / response to file.\n\nStart proxify on default or any port you wish,\n\n```shell\nproxify -output chrome-logs\n```\n\nStart Chrome browser in macOS,\n```shell\n/Applications/Chromium.app/Contents/MacOS/Chromium --ignore-certificate-errors --proxy-server=http://127.0.0.1:8888 \u0026\n```\n\n\u003c/details\u003e\n\n\u003cdetails\u003e\n\u003csummary\u003e👉 Store all the response of while you fuzz as per you config at run time. \u003c/summary\u003e\n\n\nStart proxify on default or any port you wish:\n\n```shell\nproxify -output ffuf-logs\n```\n\nRun `FFuF` with proxy pointing to `proxify`:\n\n```shell\nffuf -x http://127.0.0.1:8888 FFUF_CMD_HERE\n```\n\n\u003c/details\u003e\n\n------\n\n`Proxify` is made with 🖤 by the [projectdiscovery](https://projectdiscovery.io) team. Community contributions have made the project what it is. See the **[Thanks.md](https://github.com/projectdiscovery/proxify/blob/master/THANKS.md)** file for more details.\n","funding_links":[],"categories":["Go","Other Awesome Lists","Weapons","Go (531)","Miscellaneous","红队\u0026渗透测试"],"sub_categories":["Non-CloudSec Stuff (TODO: move this elsewhere)","Tools","Web Proxy and Traffic Interception","All"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fprojectdiscovery%2Fproxify","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fprojectdiscovery%2Fproxify","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fprojectdiscovery%2Fproxify/lists"}