Proxy server with full mitm support for removing / blocking ads, modifying cookies to per session cookies, injecting of anti-fingerprinting javascript into pages, caching, various blocking lists, cname resolving, ASN blocking,...
It was written as I got sick of particularities of squid proxy. Using it for 5 years for home network as transparent proxy, never released it.
"A picture is worth a thousand words":
Application Options:
--listen= Listening ip and port (format "address:port") (default: 127.0.0.1:8080)
--ini= Path for .ini file, if not there it will be created with defaults
--id= Unique id, used for caching and avoiding detection of injected js. (default: machineid)
--cakey= CA Private Key for MITMing https connections (default: ca.key)
--cacrt= CA Certificate for MITMing https connections. It must be imported into client(browser) as trusted CA (default: ca.crt)
--cagen=[512|1024|2048|4096] CA Private Key (and CA Certificate) generation, keysize. (default: 1024)
--upstream.proxy= Upstream proxy (format "address:port")
--upstream.cacrt= Upstream proxy CA certificate
--list.update= Update databases interval for https paths (default: 24h)
--list.path= Path for caching downloaded lists (default: lists)
-D, --domain.blacklist= File/url paths with domain blacklist
--domain.whitelist= File/url paths with domain whitelist
-U, --url.blacklist= File/url paths with url blacklist
--url.whitelist= File/url paths with url whitelist
-A, --adblock.blacklist= File/url paths for adblock rules
--adblock.whitelist= File/url paths for adblock whitelist rules
-N, --cname.blacklist= File/url paths for cname masked domain blacklist
--cname.whitelist= File/url paths for cname masked domain whitelist
-S, --asn.blocklist= ASN address ranges to block (macros:"facebook", "google", "microsoft", "apple", "amazon")
--asn.whitelist= ASN address ranges to whitelist (macros:"facebook", "google", "microsoft", "apple", "amazon")
-R, --regexp= File/url paths for regular expression replace rules
--inject.list= File/url paths with js injection rules
--inject.cache Inject into cache, faster, updating script require cache invalidation
--cdn.whitelist= File/url paths for cdn whitelist
--cdn.expires= Defines expiration for CDN cache (default: 30d)
--dns= File/url path to list of dns servers to use
--dns.change= Defines timeout for changing the dns (default: 10s)
--dns.timeout= Defines timeout for dns to respond, if exceeded it will be excluded (default: 250ms)
--user-agents= File/url paths to list of user-agents used
--user-agents.random= Generate specified number of random user agents
--user-agents.change= Defines timeout for user-agent randomization (default: 300s)
--header.cspreport Allow CSP reporting
--header.cache Allow cache headers reach clients
--header.expectct Allow Expect-CT header
--header.etag.remove Enable removing of ETag used for cookieless tracking
--header.hsts.remove Enable removing of HSTS header (we are doing mitm anyway)
--header.dnt.enable Set Do-Not-Track header
--image.reencode Enable re-encoding of images to remove hidden tagging
--amp.allow Allow AMP redirection
--cookie.validity= Change domain cookie validity ('0' is per-session cookie, off for disabled) (default: off)
--cookie.validity.3rd= Change 3rd party domain cookie validity ('0' is per-session cookie, 'off' disabled) (default: 1h)
--man Generate man page
--txt Generate text documentation
--cache.compression.disable Disable all compression
--cache.sharing.clients Enable clients share same cache
--cache.sharing.xsite Allow cache sharing for 3rd party domains
--cache.media.enable Cache media content (disk & memory impact!)
--cache.mem.disable Disable caching
--cache.mem.size= Maximum size, if reached expire oldest entries (default: 512mb)
--cache.mem.expires= Maximum time before it expires (default: 24h)
--cache.mem.nocompression Disable memory cache compression
--cache.mem.min= Minimum content size to cache (kb, mb, gb) (default: 512)
--cache.mem.max= Maximum content size to cache (kb, mb, gb) (default: 2mb)
--cache.disk.disable Disable caching
--cache.disk.path= Path for on disk caching (default: webcache)
--cache.disk.size= Maximum cache size in megabytes (default: 1024mb)
--cache.disk.expires= Maximum time before cache expires (default: 30d)
--cache.disk.ttlexpire= Timeout to execute task for expiring cache values (default: 10m)
--cache.disk.nocompression Disable disk cache compression
--cache.disk.min= Minimum size to cache (kb, mb, gb) (default: 512)
--cache.disk.max= Maximum size to cache (kb, mb, gb) (default: 10mb)
--log.level=[trace|debug|info|error|fatal|panic|off] Logging level (default: error)
--log.output= Logging output filename or stdout, stderr (default: stderr)
--log.json Logging is formatted as json
--header.debug Enable sending debug headers to clients
--db.optimize Enable statistic database optimizations
--threadpool.size= Size of thread pool (0 disables thread pooling) (default: 200)
--threadpool.proxy.disable Disable thread pool for proxying
--threadpool.filter.disable Disable thread pool for filtering
--threadpool.tools.disable Disable thread pool for tools
--domain.resources= Proxy resource access domain (default: my.proxy)