milliways-infosec/AikidoSec-safe-chain
7
0
Fork 0
mirror of https://github.com/AikidoSec/safe-chain.git synced 2026-05-26 12:10:49 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
AikidoSec-safe-chain/proxy
History
Sander Declerck 955c8a8e2b
Use rustls instead of boring tls
2025-12-12 14:11:07 +01:00
..
src Decompose server 2025-12-12 13:58:51 +01:00
Cargo.lock Pass the port as cli arg 2025-12-12 13:36:57 +01:00
Cargo.toml Use rustls instead of boring tls 2025-12-12 14:11:07 +01:00
README.md Pass the port as cli arg 2025-12-12 13:36:57 +01:00

README.md

Safe-chain Proxy

A security-focused HTTP/HTTPS proxy that works with the Safe-chain package scanner.

Quick Start

Running the Proxy

Simply run the executable:

# macOS/Linux
./safe-chain-proxy

# Windows
safe-chain-proxy.exe

The proxy will automatically find an available port and display it:

Safe-chain proxy running on 127.0.0.1:54321

Specify a Port

Use the --port or -p flag to use a specific port:

# Long form
./safe-chain-proxy --port 3128

# Short form
./safe-chain-proxy -p 3128

Get Help

./safe-chain-proxy --help

Using the Proxy

Configure your package manager or HTTP client to route traffic through the proxy.

npm / Node.js

npm config set proxy http://127.0.0.1:3128
npm config set https-proxy http://127.0.0.1:3128

# Now npm install will route through the proxy
npm install

To revert:

npm config delete proxy
npm config delete https-proxy

Yarn

yarn config set httpProxy http://127.0.0.1:3128
yarn config set httpsProxy http://127.0.0.1:3128

pnpm

pnpm config set proxy http://127.0.0.1:3128
pnpm config set https-proxy http://127.0.0.1:3128

Bun

export http_proxy=http://127.0.0.1:3128
export https_proxy=http://127.0.0.1:3128
bun install

curl

curl -x http://127.0.0.1:3128 https://example.com

Environment Variables (any tool)

Set these environment variables to make any HTTP client use the proxy:

# macOS/Linux
export http_proxy=http://127.0.0.1:3128
export https_proxy=http://127.0.0.1:3128

# Windows (Command Prompt)
set http_proxy=http://127.0.0.1:3128
set https_proxy=http://127.0.0.1:3128

# Windows (PowerShell)
$env:http_proxy = "http://127.0.0.1:3128"
$env:https_proxy = "http://127.0.0.1:3128"

Troubleshooting

Port Already in Use

If you get a "port already in use" error:

  1. Try running without --port to let the OS assign an available port
  2. Or choose a different port: ./safe-chain-proxy --port 8080

Proxy Not Working

  1. Verify the proxy is running and note the port from the console output
  2. Check your client is configured with the correct port
  3. Ensure firewall settings allow connections to the proxy

Verbose Logging

Enable debug logging to troubleshoot issues:

# macOS/Linux
RUST_LOG=debug ./safe-chain-proxy

# Windows (Command Prompt)
set RUST_LOG=debug
safe-chain-proxy.exe

# Windows (PowerShell)
$env:RUST_LOG = "debug"
.\safe-chain-proxy.exe

Stopping the Proxy

Press Ctrl+C to stop the proxy. It will gracefully shut down, waiting up to 30 seconds for active connections to complete.

What Does It Do?

The Safe-chain proxy intercepts HTTP/HTTPS traffic from package managers and other tools, allowing Safe-chain to:

  • Scan packages for malware before installation
  • Monitor registry requests
  • Block malicious packages
  • Provide visibility into dependency downloads

Security

  • The proxy only listens on 127.0.0.1 (localhost) - it cannot be accessed from other machines
  • All HTTPS traffic is tunneled securely using CONNECT
  • Body size limits prevent memory exhaustion attacks