Skip to content

v1.3.3 — single-file revival, JSON API, network checks, replay-able headers

Latest
Latest

Choose a tag to compare

View all tags
@miglen miglen released this 28 May 10:16
v1.3.3
dab27bf

First release of the modernised, single-file PHProxy. The whole product is now one index.php you drop into a PHP 8.1+ web root — no Composer, no files/, no vendor/.

Highlights since v1.2.0

Architecture

  • Single file. index.php is the entire product. .htaccess dropped; no rewrite rules needed.
  • Docker: docker compose up -d and open http://localhost:8080.
  • Tested on PHP 8.1 and 8.5; zero deprecations under E_ALL.

New JSON API

  • POST /?api=fetch — proxy makes the HTTP request for you, returns either a JSON envelope or the raw upstream response. SSRF blocklist enforced.

New utility endpoints (pure PHP built-ins, no external libraries)

Endpoint What it does
?api=portcheck TCP reach + latency. Accepts a single port (443), inclusive range (80-443), or comma list (22,80,443,8000-8010). NDJSON streaming mode (&stream=1) shows results live as each port comes back. Cap 128 ports.
?api=dns A / AAAA / MX / TXT / NS / SOA / CAA / CNAME / SRV / ANY via dns_get_record().
?api=cert Full certificate chain inspection: TLS 1.0/1.1/1.2/1.3 version probes, cipher per version, public-key type / size / curve, every X.509 extension OpenSSL parsed (keyUsage, EKU, AIA, CRL points, SAN, SCTs, …), SHA-256/SHA-1/MD5 fingerprints, and raw PEM blocks.
?api=ipinfo Client / server / outgoing IP + reverse DNS + request headers + host info.

Panel UI

  • Tabs reorganised. Entry page: Options · Cookies · Headers · IP · Port · DNS · SSL · CLI. Proxied page: Options · Cookies · Headers · (SSL on HTTPS) · Trace · CLI · Network.
  • SSL tab auto-inspects the current host on first open when browsing an HTTPS page.
  • Headers tab → Request headers section auto-populates with the actual headers PHProxy sent. Edit any value, click Save & replay, and the override kicks in on reload. Overrides replace the matching default (no more duplicate headers).
  • CLI tab — copy-pasteable snippets in curl / PHP / Python / JavaScript / Go. Both direct-to-upstream and via-PHProxy variants, plus one example per check endpoint.
  • Network tab — dev-tools-style log of every URL the proxy has fetched this session.
  • Top bar on proxied pages: house icon (was "Home" text), "Up" button removed; layout is [🏠 URL Go … ⚙].

Security / anonymity

  • Encrypted-URL mode by default — each URL wrapped in AES-CTR ciphertext keyed off a rotating session seed (1-hour cookie). Configurable seed TTL and key length (AES-128 / 192 / 256) via Options → Address bar.
  • Outbound header set built from a known-safe whitelist. Targets never see X-Forwarded-For, X-Real-IP, Via, or Forwarded from the client side.

Install

git clone https://github.com/PHProxy/phproxy.git
cd phproxy
docker compose up -d   # then open http://localhost:8080/

Or drop index.php into any PHP 8.1+ web root. See README for shared-hosting and built-in-server instructions.

Assets 2
Loading