Developer and cybersecurity specialist Luke (aka TurvSec/MrTurvey) has introduced the open-source project FlareProx. It's a Cloudflare-based proxy (an HTTP proxy built on Cloudflare Workers) with limitations (100,000 free requests per day, IP address is hidden) for web scraping and penetration testing. The solution's source code is written in Python and published on GitHub under the MIT license.
'FlareProx automatically deploys HTTP proxy endpoints on Cloudflare's worker servers for easy redirection of all traffic to any URL you specify. FlareProx supports all HTTP methods (GET, POST, PUT, DELETE) and provides IP address masking across Cloudflare's global network,' explained the solution's author.
A single command is required to launch it, after which ready-to-use proxy endpoints are created. They can be managed via a console utility or directly in Python code.
The project's principle of operation: a request is sent to a dedicated FlareProx endpoint, where the Worker service extracts the target URL, forwards the request to the specified server, and returns the response back to the user. This creates an additional layer of abstraction, hiding the client's real address.
FlareProx's capabilities include both simple redirects and flexible header configuration. The solution supports two modes for passing the target—via a query parameter or through the X-Target-URL header.
The FlareProx tool is aimed at API developers, load testing specialists, and security researchers. Use cases for FlareProx include API development and debugging, web scraping, simulating traffic from different network locations, masking the source IP during penetration tests, and providing additional privacy protection.
The FlareProx project code can also be integrated into custom applications. The project's repository includes an example of using a Python script that automatically creates proxies and sends requests through them.
To work with FlareProx, you need a Cloudflare account and an API token with permissions to edit Workers. Settings are saved in the flareprox.json configuration file.
Top comments (0)