Next: Why I created it?
tofuproxy
is
free software
flexible HTTP/HTTPS proxy server, TLS terminator, X.509 TOFU manager,
WARC and
geminispace
browser, written on Go with following
capabilities:
tofuproxy
itself. TLS 1.3, session resumption, GOST
cryptography (if built with gostls13) support. Connection between tofuproxy
and browser
itself uses ephemeral on-the-fly generated certificates with proper
domain name.
crypto/x509
checks are applied to all certificates.
If they pass, then certificate chain is saved on the disk (TOFU,
trust-on-first-use). Future connections are compared against it, warning
you about SPKI change (SPKI pinning) and waiting for your decision
either to accept new chain (possibly once per session), or reject it.
Even if native Go’s checks are failed (for example domain still does not
use SubjectAltName
extension), you can still make a decision to
forcefully trust the domain.
gzip
/zstd
.
And additional personal preferences:
www.reddit.com
is redirected to old.reddit.com
(because it
works without JavaScript and looks nicer).
Copyright © 2021-2024 Sergey Matveev
• Why: | ||
• Install: | ||
• Usage: | ||
• Spies: | ||
• CertTrust: | ||
• TLSAuth: | ||
• Restricted: | ||
• HTTPAuth: | ||
• WARCs: | ||
• Gemini: |
Next: Why I created it?