A simple HTTP proxy that fogs over naughty URLs
Clone or download
Failed to load latest commit information.
cmd/smokescreen Modify usage text Aug 7, 2018
internal/pkg Remove unused import Aug 8, 2018
pkg Refactor Aug 7, 2018
vendor Update deps Aug 7, 2018
.gitignore Add Vim swap files to .gitignore Oct 2, 2017
.travis.yml Update Travis Aug 7, 2018
Gopkg.lock Update deps Aug 7, 2018
Gopkg.toml Update deps Aug 7, 2018
LICENSE.txt Initial commit Jul 1, 2016
README.md Refactor Aug 7, 2018


Smokescreen Build Status

Smokescreen is a HTTP CONNECT proxy. It proxies most traffic from Stripe to the external world (e.g., webhooks).

Smokescreen restricts which URLs it connects to: it resolves each domain name that is requested and ensures that it is a publicly routable IP and not a Stripe-internal IP. This prevents a class of attacks where, for instance, our own webhooks infrastructure is used to scan Stripe's internal network.

Smokescreen also allows us to centralize egress from Stripe, allowing us to give financial partners stable egress IP addresses and abstracting away the details of which Stripe service is making the request.


Smokescreen uses dep to manage dependencies. The repo contains documentation, but some useful commands are reproduced below:

  • Installing or updating dep: go get -u github.com/golang/dep/cmd/dep (ensure $GOPATH/bin is in your $PATH)
  • Adding a dependency: dep ensure
  • Updating a dependency: dep ensure -update

Smokescreen uses a custom fork of goproxy to avoid problems with keepalive connections present under newer versions of the upstream project.


  • Evan Broder
  • Andrew Dunham
  • Andreas Fuchs
  • Carl Jackson
  • Aditya Mukerjee
  • Ryan Koppenhaver
  • Marc-André Tremblay