Skip to content

jrnker/SimpleProxy

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
SimpleProxy
SimpleProxy
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
SimpleProxy.sln
SimpleProxy.sln
 
 

Repository files navigation

Minimal Forward Proxy (C# / .NET 8)

A tiny, dependency-free forward proxy that supports plain HTTP and HTTPS tunneling via CONNECT. It’s designed to be as simple as possible, asynchronous, and capable of handling multiple concurrent connections—with one request per connection to keep the implementation minimal and robust.

Intended for local/testing use or tightly controlled environments. Not hardened for exposure to the public internet.

What it is

  • Forward proxy: Clients (e.g., browsers/dev tools) connect to this proxy to reach external servers.
  • .NET 8 / C#, cross-platform.
  • No external libraries: Uses TcpListener and raw NetworkStream.
  • HTTPS support: Implemented via tunneling (CONNECT host:port)—the proxy does not decrypt/inspect TLS.
  • Minimal lifecycle: One request per connection using Connection: close to avoid complex keep-alive logic.

How it works (high level)

  1. Accept a client socket via TcpListener.
  2. Parse the request line + headers from the client connection.
  3. Branch by method:
    • CONNECT: Dial the target (host:port), reply 200 Connection Established, and pipe bytes bidirectionally until either side closes.
    • HTTP methods (GET/POST/etc.) with absolute URI (http://host/path):
      • Connect to the target origin (host:80).
      • Rewrite the request line to origin-form (GET /path HTTP/1.1), normalize headers (set Host, drop Proxy-Connection, force Connection: close).
      • Stream request body if Content-Length is present.
      • Relay response bytes back to the client until the server closes.
  4. Dispose connections; repeat for the next client (concurrency via Task).

Protocol notes & intentional constraints

  • HTTP/1.1 only for simplicity.
  • HTTPS requires CONNECT (standard browser behavior). Direct https://... without CONNECT is rejected.
  • Chunked request bodies are not supported (returns 501 Not Implemented), but chunked responses are relayed transparently (byte pipe).
  • No header spoofing: Restricted headers are normalized/stripped where needed.
  • No caching, no auth, no ACL, no logging (kept minimal on purpose).

Security & ops considerations

  • Bind to loopback for local use, or restrict access upstream if you must expose it.
  • Use non-privileged ports (e.g., 8080) to run without admin/root.
  • Add allowlists/authentication and request/response size limits before deploying anywhere untrusted.
  • For production-grade features (keep-alive, full HTTP/2, WebSocket, filtering/inspection), consider a mature library (e.g., Titanium Web Proxy) or a dedicated proxy.

📜License

MIT License

Copyright (c) 2025 https://github.com/jrnker

See license file

📢 Author

Developed and maintained by jrnker@Proxmea. For inquiries, issues, or contributions, check out the repository or open a pull request.

As is 🫡

About

No description, website, or topics provided.

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases 1

Release v1.0 Latest
Sep 15, 2025

Packages

No packages published

Languages