Skip to content
AWS API Gateway management tool for creating on the fly HTTP pass-through proxies for unique IP rotation
Branch: master
Clone or download
ustayready Merge pull request #5 from z1g1/documentation
Proposed Documentation Update
Latest commit 35c6f8a Apr 17, 2019
Type Name Latest commit message Commit time
Failed to load latest commit information.
LICENSE Add files via upload Apr 2, 2019 Add X-My-X-Forwarded-For mapping for X-Forwarded-For header... Apr 2, 2019



Being able to hide or continually rotate the source IP address when making web calls can be difficult or expensive. A number of tools have existed for some time but they were either limited with the number of IP addresses, were expensive, or required deployment of lots of VPS's. FireProx leverages the AWS API Gateway to create pass-through proxies that rotate the source IP address with every request! Use FireProx to create a proxy URL that points to a destination server and then make web requests to the proxy URL which returns the destination server response!

Brought to you by:

Black Hills Information Security



  • Rotates IP address with every request
  • Configure separate regions
  • All HTTP methods supported
  • All parameters and URI's are passed through
  • Create, delete, list, or update proxies
  • Spoof X-Forwarded-For source IP header by requesting with an X-My-X-Forwarded-For header


  • Source IP address is passed to the destination in the X-Forwarded-For header by AWS
    • ($100 to the first person to figure out how to strip it in the AWS config before it reaches the destination LOL!)
    • Thanks to Fred Reimer for the awesome X-Forwarded-For patch within 1 hour!
  • I am not responsible if you don't abide by the robots.txt :)
  • CloudFlare seems to sometimes detect X-Forwarded-For when blocking scrapers (NEED TO TEST W/ NEW PATCH)
  • Use of this tool on systems other than those that you own are likely to violate the AWS Acceptable Use Policy and could potentially lead to termination or suspension of your AWS account. Further, even use of this tool on systems that you do own, or have explicit permission to perform penetration testing on, is subject to the AWS policy on penetration testing.


After releasing FireProx publicly, I learned two others were already using the AWS API Gateway technique. Researching the chain of events and having some great conversations, I came to the realization that the only reason I even knew about it was because of these people. I thought it would be cool to give them a few shout-outs and credit, follow these people -- they are awesome.

Credit goes to Ryan Hanson - @ryHanson who is the first known source of the API Gateway technique

Shout-out to Mike Hodges - @rmikehodges for making it public in hideNsneak at BlackHat Arsenal 2018

Major shout-out, once again, to my good friend Ralph May - @ralphte1 for introducing me to the technique awhile back.

Basic Usage

Requires AWS access key and secret access key or aws cli configured

usage: [-h] [--access_key ACCESS_KEY] [--secret_access_key SECRET_ACCESS_KEY] [--region REGION] [--command COMMAND] [--api_id API_ID] [--url URL]

FireProx API Gateway Manager

optional arguments:
  -h, --help            show this help message and exit
  --access_key ACCESS_KEY
                        AWS Access Key
  --secret_access_key SECRET_ACCESS_KEY
                        AWS Secret Access Key
  --region REGION       AWS Region
  --command COMMAND     Commands: list, create, delete, update
  --api_id API_ID       API ID
  --url URL             URL end-point
  • Examples
    • examples/ Use a FireProx proxy to scrape Google search.
    • examples/ Use a FireProx proxy to scrape Bing search.


You can install and run with the following command:

$ git clone
$ cd fireprox
~/fireprox$ virtualenv -p python3 .
~/fireprox$ source bin/activate
(fireprox) ~/fireprox$ pip install -r requirements.txt
(fireprox) ~/fireprox$ python

Note that Python 3.6 is required.

Building a Docker image: (Currently does not work on Docker for Windows, possibly due to line endings in

$ git clone
$ cd fireprox
$ docker build -t fireprox .
$ docker run --rm -it fireprox -h


Usage List Create Delete Demo


  1. Create an issue to discuss your idea
  2. Fork FireProx (
  3. Create your feature branch (git checkout -b my-new-feature)
  4. Commit your changes (git commit -am 'Add some feature')
  5. Push to the branch (git push origin my-new-feature)
  6. Create a new Pull Request

Bug reports, feature requests and patches are welcome.

You can’t perform that action at this time.