Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
Show HN: Forwarder – FOSS MITM proxy written in Go (forwarder-proxy.io)
78 points by michalmatczuk on Dec 20, 2023 | hide | past | favorite | 17 comments
I'm working at Sauce Labs on a fast MITM proxy.

If you are using mitmproxy, Fiddler or Charles proxy in your job I believe you'll find it invaluable.

Forwarder 1.1 is now available, complete with a Grafana Dashboard for effortless monitoring. We are committed to making it great.

I welcome your feedback.

Cheers Michał



Great! Here is the feedback: https://github.com/saucelabs/forwarder/issues/616


Sent a PR to fix that https://github.com/saucelabs/forwarder/pull/617.


Thank you, looks like we could apply some hardening here indeed.


This is incredible feedback, good eye


> If you are using mitmproxy, Fiddler or Charles proxy in your job I believe you'll find it invaluable.

Why? Do you have a comparison? Or even a list of your features, beyond the 6 bullet points on your homepage?


For those with blocking rules around newly registered DNS: https://github.com/saucelabs/forwarder


> blocking rules around newly registered DNS

Why is this even a thing?


Moderately effective anti phishing. Your real bank's domain is older than last week.


Most malware/scam domains I've seen are generally a few weeks old, which is still fairly new, but not quite last week.


Wish this had a caching feature… Setting up squid as a https caching forward proxy in docker is a pain.


That's not currently on the roadmap.

Please file an issue, we'll see what we can do.


I'm not too versed on these, but why not use nginx?


Nginx is built as a reverse proxy, useful to intercept traffic coming in to a server and route it to the correct service. This is the opposite, I guess we can call it an obverse proxy: it sits near a client and allows the owner (or a malicious party) of the client to intercept the traffic as it leaves the client. A former employer of mine used something like this to gain access to the API calls being made from iPhone apps, but you could use it to say attach authentication to calls heading a certain way (think what AWS is doing to make service to service calls work transparently to the user) or tons of other stuff (blocking content, if you’re so inclined).

I haven’t tried to use nginx as an MITM proxy or this project at all, but presumably it’s easier to use this when your usecase lies closer to the client than the server and vice versa.


Tools like Fiddler allow traffic modification based on rules, so you can tamper traffic. Forwarder doesn't appear to allow modification (other than headers?) so I think it's about logging traffic and collecting metrics. Still looking at the docs, I could have missed something.


Good point. We are getting stated.

Here's draft proposal for 1.3 to add this feature https://github.com/saucelabs/forwarder/issues/584.

The idea is to allow users work in JavaScript with Go http.Request and http.Request. Interop between Go and JS in Goja is very good.


am i reading this correctly that it could be used as an adblock?

is the PAC format powerful enough to handle everything that current adblockers do?


You have a lot of flexibility with PAC files, so I guess that's possible. Some PAC files can be quite complex.

Another option would be using --deny-domains it accepts a list of regular expressions, you can prefix an item with - to exclude it.

https://forwarder-proxy.io/cli/forwarder_run/#deny-domains




Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: