An HTTP proxy library for Go
Go HTML Shell
Latest commit 6016d23 Sep 24, 2016 @elazarl committed on GitHub Merge pull request #189 from rtuin/ctx-session-per-https-request
Increment session number for https requests also
Failed to load latest commit information.
examples Fix err != nil check , must be err == nil Oct 28, 2015
ext fixes misspelled "proxyAuthorizationHeader" Mar 29, 2016
regretable Add missing NewRegretableReaderCloserSize Feb 7, 2013
test_data move test data to its own dir Mar 25, 2012
transport Mark transport.go as deprecated Jun 25, 2015
.gitignore .gitignore, ./all.bash more organized Mar 28, 2012
LICENSE by @ancientlore email request, adding LICENSE file Apr 6, 2013 Fixed typo in README Jun 3, 2016
actions.go fix minor typo in docs Aug 22, 2014
all.bash move regret buffer to package, improve Jan 23, 2013
ca.pem signer functions to generate real verifiable certificates Jul 21, 2013
certs.go fixes #71, do not reuse tls.defaultTlsConfig Nov 26, 2014
chunked.go gofmt Nov 14, 2013
counterecryptor.go gofmt Nov 14, 2013
counterecryptor_test.go gofmt Nov 14, 2013
ctx.go doc: OnRequest function handler needs to return req and resp Nov 22, 2014
dispatcher.go Allow SrcIpIs to accept multiple parameters. Oct 13, 2015
doc.go Unify examples naming Feb 21, 2015
https.go Increment session number for https requests also Sep 23, 2016
key.pem signer functions to generate real verifiable certificates Jul 21, 2013
proxy.go Update stale URL in comment Aug 14, 2016
proxy_test.go Fix issue caused but checking if string contains https:// before Aug 17, 2016
responses.go gofmt Jun 22, 2012
signer.go Do not use global GoproxyCa for certificate signing. Oct 7, 2014
signer_test.go gofmt Nov 14, 2013


GoDoc Join the chat at

Package goproxy provides a customizable HTTP proxy library for Go (golang),

It supports regular HTTP proxy, HTTPS through CONNECT, and "hijacking" HTTPS connection using "Man in the Middle" style attack.

The intent of the proxy, is to be usable with reasonable amount of traffic yet, customizable and programable.

The proxy itself is simply a net/http handler.

In order to use goproxy, one should set their browser to use goproxy as an HTTP proxy. Here is how you do that in Chrome and in Firefox.

For example, the URL you should use as proxy when running ./bin/basic is localhost:8080, as this is the default binding for the basic proxy.

Mailing List

New features would be discussed on the mailing list before their development.

Latest Stable Release

Get the latest goproxy from

Why not Fiddler2?

Fiddler is an excellent software with similar intent. However, Fiddler is not as customable as goproxy intend to be. The main difference is, Fiddler is not intended to be used as a real proxy.

A possible use case that suits goproxy but not Fiddler, is, gathering statistics on page load times for a certain website over a week. With goproxy you could ask all your users to set their proxy to a dedicated machine running a goproxy server. Fiddler is a GUI app not designed to be ran like a server for multiple users.

A taste of goproxy

To get a taste of goproxy, a basic HTTP/HTTPS transparent proxy

package main

import (

func main() {
    proxy := goproxy.NewProxyHttpServer()
    proxy.Verbose = true
    log.Fatal(http.ListenAndServe(":8080", proxy))

This line will add X-GoProxy: yxorPoG-X header to all requests sent through the proxy

    func(r *http.Request,ctx *goproxy.ProxyCtx)(*http.Request,*http.Response) {
        return r,nil

DoFunc will process all incoming requests to the proxy. It will add a header to the request and return it. The proxy will send the modified request.

Note that we returned nil value as the response. Have we returned a response, goproxy would have discarded the request and sent the new response to the client.

In order to refuse connections to reddit at work time

    func(r *http.Request,ctx *goproxy.ProxyCtx)(*http.Request,*http.Response) {
        if h,_,_ := time.Now().Clock(); h >= 8 && h <= 17 {
            return r,goproxy.NewResponse(r,
                    "Don't waste your time!")
        return r,nil

DstHostIs returns a ReqCondition, that is a function receiving a Request and returning a boolean we will only process requests that matches the condition. DstHostIs("") will return a ReqCondition accepting only requests directed to "".

DoFunc will recieve a function that will preprocess the request. We can change the request, or return a response. If the time is between 8:00am and 17:00pm, we will neglect the request, and return a precanned text response saying "do not waste your time".

See additional examples in the examples directory.

What's New

  1. Ability to Hijack CONNECT requests. See the eavesdropper example
    1. Transparent proxy support for http/https including MITM certificate generation for TLS. See the transparent example.


I put the software temporarily under the Go-compatible BSD license, if this prevents someone from using the software, do let mee know and I'll consider changing it.

At any rate, user feedback is very important for me, so I'll be delighted to know if you're using this package.

Beta Software

I've received a positive feedback from a few people who use goproxy in production settings. I believe it is good enough for usage.

I'll try to keep reasonable backwards compatability. In case of a major API change, I'll change the import path.