Sniffing & Spoofingproxyhttphttpssocks5mitmtrafficdslreplaydns

Proxify

Proxify is a Swiss Army Knife Proxy tool for HTTP/HTTPS traffic capture, manipulation, and replay. It supports intercepting, filtering, dumping, and replaying traffic into tools like Burp.

Description

Proxify is designed for rapid deployments in cybersecurity testing, providing a versatile proxy for handling HTTP/HTTPS and non-HTTP traffic. It enables users to intercept and manipulate traffic using a DSL language for filtering and match-replace operations, with support for upstream HTTP/SOCKS5 proxies. Key use cases include traffic analysis, modification during penetration tests, and replaying captured sessions into other proxies like Burp for further inspection.

The tool features invisible and thick client proxy support, TLS MITM with custom certificates, full traffic dumping to files, an embedded DNS server, and plugin support for decoding protocols such as XMPP, SMTP, FTP, and SSH. It also includes a replay utility to import dumped traffic with correct domain names into Burp or similar tools by configuring proxify as the upstream proxy.

Proxify is particularly useful in scenarios requiring precise control over proxied traffic, such as evading detection, testing proxy chains, or analyzing complex network interactions in a controlled environment.

How It Works

Proxify operates as a listening proxy on configurable HTTP (default 127.0.0.1:8888), SOCKS (default 127.0.0.1:10080), and optional DNS ports, intercepting traffic for dumping, filtering, or manipulation via DSL expressions for requests/responses. It supports TLS MITM using client/server certificates, upstream proxy chaining (HTTP/SOCKS5) with rotation after a set number of requests, and DNS mapping/resolution. Traffic is logged to an output directory, with options for Elasticsearch/Kafka export; replay-proxify reads dumped files and forwards via a local HTTP/DNS server to Burp. Plugins decode specific protocols, and allow/deny lists control proxied IPs.

Installation

bash

sudo apt install proxify

Flags

-o, -outputOutput Directory to store HTTP proxy logs (default "logs")

-dump-reqDump only HTTP requests to output file

-dump-respDump only HTTP responses to output file

-req-fd, -request-dslRequest Filter DSL

-resp-fd, -response-dslResponse Filter DSL

-req-mrd, -request-match-replace-dslRequest Match-Replace DSL

-resp-mrd, -response-match-replace-dslResponse Match-Replace DSL

-ha, -http-addrListening HTTP IP and Port address (ip:port) (default "127.0.0.1:8888")

-sa, -socks-addrListening SOCKS IP and Port address (ip:port) (default "127.0.0.1:10080")

-da, -dns-addrListening DNS IP and Port address (ip:port)

-dm, -dns-mappingDomain to IP DNS mapping (eg domain:ip,domain:ip,..)

-hp, -http-proxyUpstream HTTP Proxies (eg http://proxy-ip:proxy-port)

-sp, -socks5-proxyUpstream SOCKS5 Proxies (eg socks5://proxy-ip:proxy-port)

-cNumber of requests before switching to the next upstream proxy (default 1)

-v, -verboseVerbose

-silentSilent

Examples

Display help for proxify, showing all flags and usage

proxify -h

Start HTTP proxy on default address, storing logs in 'logs' directory

proxify -ha 127.0.0.1:8888 -o logs

Dump only requests and responses to 'dumps' output directory

proxify -dump-req -dump-resp -o dumps

Apply request filter DSL and listen on all interfaces port 8080

proxify -req-fd 'filter_expression' -http-addr 0.0.0.0:8080

Chain upstream HTTP and SOCKS5 proxies

proxify -hp http://proxy-ip:proxy-port -sp socks5://proxy-ip:proxy-port

Start DNS server on port 5353 with domain to IP mapping

proxify -dns-addr :5353 -dns-mapping example.com:1.2.3.4

Display help for replay-proxify utility

replay-proxify -h

Replay traffic from 'db/' folder to Burp at default address

replay-proxify -burp-addr http://127.0.0.1:8080 -output db/

Updated 2026-04-16kali.org ↗