astraproxy/README.md

dumbproxy
=========

Dumbiest HTTP proxy ever.

## Features

* Cross-platform (Windows/Mac OS/Linux/Android (via shell)/\*BSD)
* Deployment with a single self-contained binary
* Zero-configuration
* Supports CONNECT method and forwarding of HTTPS connections
* Supports `Basic` proxy authentication
* Supports TLS operation mode (HTTP(S) proxy over TLS)
* Supports HTTP/2
* Resilient to DPI (including active probing, see `hidden_domain` option for authentication providers)

## Installation

#### Binary download

Pre-built binaries available on [releases](https://github.com/Snawoot/dumbproxy/releases/latest) page.

#### From source

Alternatively, you may install dumbproxy from source. Run within source directory

```
go install
```

#### Docker

Docker image is available as well. Here is an example for running proxy as a background service:

```sh
docker run -d \
    --security-opt no-new-privileges \
    -p 8080:8080 \
    --restart unless-stopped \
    --name dumbproxy \
    yarmak/dumbproxy
```

#### Snap Store

[![Get it from the Snap Store](https://snapcraft.io/static/images/badges/en/snap-store-black.svg)](https://snapcraft.io/dumbproxy)

```bash
sudo snap install dumbproxy
```

## Usage

Just run program and it'll start accepting connections on port 8080 (default).

Example: run proxy on port 1234 with `Basic` authentication with username `admin` and password `123456`:

```sh
dumbproxy -bind-address :1234 -auth 'static://?username=admin&password=123456'
```

## Authentication

Authentication parameters are passed as URI via `-auth` parameter. Scheme of URI defines authentication metnod and query parameters define parameter values for authentication provider.

* `none` - no authentication. Example: `none://`. This is default.
* `static` - basic authentication for single login and password pair. Example: `static://?username=admin&password=123456`. Parameters:
  * `username` - login.
  * `password` - password.
  * `hidden_domain` - if specified and is not an empty string, proxy will respond with "407 Proxy Authentication Required" only on specified domain. All unauthenticated clients will receive "400 Bad Request" status. This option is useful to prevent DPI active probing from discovering that service is a proxy, hiding proxy authentication prompt when no valid auth header was provided. Hidden domain is used for generating 407 response code to trigger browser authorization request in cases when browser has no prior knowledge proxy authentication is required. In such cases user has to navigate to any hidden domain page via plaintext HTTP, authenticate themselves and then browser will remember authentication.

## Synopsis

```
$ ~/go/bin/dumbproxy -h
  -auth string
    	auth parameters (default "none://")
  -bind-address string
    	HTTP proxy listen address (default ":8080")
  -cert string
    	enable TLS and use certificate
  -key string
    	key for TLS certificate
  -timeout duration
    	timeout for network operations (default 10s)
  -verbosity int
    	logging verbosity (10 - debug, 20 - info, 30 - warning, 40 - error, 50 - critical) (default 20)
```
add initial doc 2020-05-19 21:59:46 +02:00			`dumbproxy`
			`=========`

			`Dumbiest HTTP proxy ever.`

			`## Features`

			`* Cross-platform (Windows/Mac OS/Linux/Android (via shell)/\*BSD)`
upd doc 2020-05-24 00:23:44 +02:00			`* Deployment with a single self-contained binary`
add initial doc 2020-05-19 21:59:46 +02:00			`* Zero-configuration`
			`* Supports CONNECT method and forwarding of HTTPS connections`
doc: auth 2020-05-20 00:00:59 +02:00			* Supports `Basic` proxy authentication
introduce tls support 2020-05-24 00:18:01 +02:00			`* Supports TLS operation mode (HTTP(S) proxy over TLS)`
upd doc 2020-05-24 14:34:16 +02:00			`* Supports HTTP/2`
upd doc 2020-05-24 18:42:20 +02:00			* Resilient to DPI (including active probing, see `hidden_domain` option for authentication providers)
add initial doc 2020-05-19 21:59:46 +02:00
			`## Installation`

			`#### Binary download`

			`Pre-built binaries available on [releases](https://github.com/Snawoot/dumbproxy/releases/latest) page.`

			`#### From source`

			`Alternatively, you may install dumbproxy from source. Run within source directory`

			```
			`go install`
			```

doc: add docker and snap install methods 2020-05-20 01:01:04 +02:00			`#### Docker`

			`Docker image is available as well. Here is an example for running proxy as a background service:`

			```sh
			`docker run -d \`
			`--security-opt no-new-privileges \`
			`-p 8080:8080 \`
			`--restart unless-stopped \`
			`--name dumbproxy \`
			`yarmak/dumbproxy`
			```

			`#### Snap Store`

			`[![Get it from the Snap Store](https://snapcraft.io/static/images/badges/en/snap-store-black.svg)](https://snapcraft.io/dumbproxy)`

			```bash
			`sudo snap install dumbproxy`
			```

add initial doc 2020-05-19 21:59:46 +02:00			`## Usage`

doc: auth 2020-05-20 00:00:59 +02:00			`Just run program and it'll start accepting connections on port 8080 (default).`

			Example: run proxy on port 1234 with `Basic` authentication with username `admin` and password `123456`:

			```sh
			`dumbproxy -bind-address :1234 -auth 'static://?username=admin&password=123456'`
			```

			`## Authentication`

			Authentication parameters are passed as URI via `-auth` parameter. Scheme of URI defines authentication metnod and query parameters define parameter values for authentication provider.

			* `none` - no authentication. Example: `none://`. This is default.
			* `static` - basic authentication for single login and password pair. Example: `static://?username=admin&password=123456`. Parameters:
upd doc 2020-05-24 18:42:20 +02:00			* `username` - login.
			* `password` - password.
			* `hidden_domain` - if specified and is not an empty string, proxy will respond with "407 Proxy Authentication Required" only on specified domain. All unauthenticated clients will receive "400 Bad Request" status. This option is useful to prevent DPI active probing from discovering that service is a proxy, hiding proxy authentication prompt when no valid auth header was provided. Hidden domain is used for generating 407 response code to trigger browser authorization request in cases when browser has no prior knowledge proxy authentication is required. In such cases user has to navigate to any hidden domain page via plaintext HTTP, authenticate themselves and then browser will remember authentication.
add initial doc 2020-05-19 21:59:46 +02:00
			`## Synopsis`

			```
			`$ ~/go/bin/dumbproxy -h`
fix 2020-05-20 00:09:16 +02:00			`-auth string`
			`auth parameters (default "none://")`
add initial doc 2020-05-19 21:59:46 +02:00			`-bind-address string`
			`HTTP proxy listen address (default ":8080")`
introduce tls support 2020-05-24 00:18:01 +02:00			`-cert string`
			`enable TLS and use certificate`
			`-key string`
			`key for TLS certificate`
add initial doc 2020-05-19 21:59:46 +02:00			`-timeout duration`
			`timeout for network operations (default 10s)`
			`-verbosity int`
			`logging verbosity (10 - debug, 20 - info, 30 - warning, 40 - error, 50 - critical) (default 20)`
			```