SenseUnit / dumbproxy

Dumbest HTTP proxy ever
MIT License
525 stars 36 forks source link
acme dpi-bypassing http http-proxy https https-proxy proxy proxy-server ssl ssl-proxy ssl-tunnel tls tls-mutual-auth tls-mutual-authentication tls-proxy tls-tunnel

dumbproxy

dumbproxy

Dumbest HTTP proxy ever.

Features

Installation

Binary download

Pre-built binaries available on releases page.

From source

Alternatively, you may install dumbproxy from source. Run within source directory

go install

Docker

Docker image is available as well. Here is an example for running proxy as a background service:

docker run -d \
    --security-opt no-new-privileges \
    -p 8080:8080 \
    --restart unless-stopped \
    --name dumbproxy \
    ghcr.io/senseunit/dumbproxy -auth 'static://?username=admin&password=123456'

Snap Store

Get it from the Snap Store

sudo snap install dumbproxy

Usage

Just run program and it'll start accepting connections on port 8080 (default).

Example: plain proxy

Run proxy on port 1234 with Basic authentication with username admin and password 123456:

dumbproxy -bind-address :1234 -auth 'static://?username=admin&password=123456'

Example: HTTP proxy over TLS (LetsEncrypt automatic certs)

Run HTTPS proxy (HTTP proxy over TLS) with automatic certs from LetsEncrypt on port 443 with Basic authentication with username admin and password 123456:

dumbproxy -bind-address :443 -auth 'static://?username=admin&password=123456' -autocert

Example: HTTP proxy over TLS (BuyPass automatic certs)

Run HTTPS proxy (HTTP proxy over TLS) with automatic certs from BuyPass on port 443 with Basic authentication with username admin and password 123456:

dumbproxy \
    -bind-address :443 \
    -auth 'static://?username=admin&password=123456' \
    -autocert \
    -autocert-acme 'https://api.buypass.com/acme/directory' \
    -autocert-email YOUR-EMAIL@EXAMPLE.ORG \
    -autocert-http :80

Using HTTP-over-TLS proxy

It's quite trivial to set up program which supports proxies to use dumbproxy in plain HTTP mode. However, using HTTP proxy over TLS connection with browsers is little bit tricky. Note that TLS must be enabled (-cert and -key options or -autocert option) for this to work.

Routing all browsers on Windows via HTTPS proxy

Open proxy settings in system's network settings:

win10-proxy-settings

Turn on setup script option and set script address:

data:,function FindProxyForURL(u, h){return "HTTPS example.com:8080";}

where instead of example.com:8080 you should use actual address of your HTTPS proxy.

Note: this method will not work with MS Edge Legacy.

Using with Firefox

Option 1. Inline PAC file in settings.

Open Firefox proxy settings, switch proxy mode to "Automatic proxy configuration URL". Specify URL:

data:,function FindProxyForURL(u, h){return "HTTPS example.com:8080";}

ff_https_proxy

Option 2. Browser extension.

Use any proxy switching browser extension which supports HTTPS proxies like this one.

Using with Chrome

Option 1. CLI option.

Specify proxy via command line:

chromium-browser --proxy-server='https://example.com:8080'

Option 2. Browser extension.

Use any proxy switching browser extension which supports HTTPS proxies like this one.

Using with other applications

It is possible to expose remote HTTPS proxy as a local plaintext HTTP proxy with help of external application which performs remote communication via TLS and exposes local plaintext socket. steady-tun appears to be most suitable for this because it supports connection pooling to hide connection delay.

Using with Android

  1. Run proxy as in examples above.
  2. Install Adguard on your Android: Guide.
  3. Follow this guide, skipping server configuration. Use proxy type HTTPS if you set up TLS-enabled server or else use HTTP type.
  4. Enjoy!

Authentication

Authentication parameters are passed as URI via -auth parameter. Scheme of URI defines authentication metnod and query parameters define parameter values for authentication provider.

Synopsis

$ ~/go/bin/dumbproxy -h
Usage of /home/user/go/bin/dumbproxy:
  -auth string
        auth parameters (default "none://")
  -autocert
        issue TLS certificates automatically
  -autocert-acme string
        custom ACME endpoint (default "https://acme-v02.api.letsencrypt.org/directory")
  -autocert-dir string
        path to autocert cache (default "/home/user/.dumbproxy/autocert")
  -autocert-email string
        email used for ACME registration
  -autocert-http string
        listen address for HTTP-01 challenges handler of ACME
  -autocert-whitelist value
        restrict autocert domains to this comma-separated list
  -bind-address string
        HTTP proxy listen address. Set empty value to use systemd socket activation. (default ":8080")
  -cafile string
        CA file to authenticate clients with certificates
  -cert string
        enable TLS and use certificate
  -ciphers string
        colon-separated list of enabled ciphers
  -disable-http2
        disable HTTP2
  -ip-hints string
        a comma-separated list of source addresses to use on dial attempts. "$lAddr" gets expanded to local address of connection. Example: "10.0.0.1,fe80::2,$lAddr,0.0.0.0,::"
  -key string
        key for TLS certificate
  -list-ciphers
        list ciphersuites
  -max-tls-version value
        maximum TLS version accepted by server (default TLS13)
  -min-tls-version value
        minimal TLS version accepted by server (default TLS12)
  -passwd string
        update given htpasswd file and add/set password for username. Username and password can be passed as positional arguments or requested interactively
  -passwd-cost int
        bcrypt password cost (for -passwd mode) (default 4)
  -proxy value
        upstream proxy URL. Can be repeated multiple times to chain proxies. Examples: socks5h://127.0.0.1:9050; https://user:password@example.com:443
  -timeout duration
        timeout for network operations (default 10s)
  -user-ip-hints
        allow IP hints to be specified by user in X-Src-IP-Hints header
  -verbosity int
        logging verbosity (10 - debug, 20 - info, 30 - warning, 40 - error, 50 - critical) (default 20)
  -version
        show program version and exit

See Also