diff --git a/README.md b/README.md index cdea538..95a2692 100644 --- a/README.md +++ b/README.md @@ -1,16 +1,30 @@ # ProxyBridge

- ProxyBridge Logo + ProxyBridge Logo +

+ +

+ Build Windows + Build macOS + Build Linux + Total Downloads +

+ +

+ InterceptSuite%2FProxyBridge | Trendshift +   + InterceptSuite%2FProxyBridge | Trendshift

ProxyBridge is a lightweight, open-source universal proxy client (Proxifier alternative) that provides transparent proxy routing for applications on **Windows**, **macOS**, and **Linux**. It redirects TCP and UDP traffic from specific processes through SOCKS5 or HTTP proxies, with the ability to route, block, or allow traffic on a per-application basis. ProxyBridge fully supports both TCP and UDP proxy routing and works at the system level, making it compatible with proxy-unaware applications without requiring any configuration changes. > [!TIP] -> **Need advanced traffic analysis?** Check out [**InterceptSuite**](https://github.com/InterceptSuite/InterceptSuite) - our comprehensive MITM proxy for analyzing TLS, TCP, UDP, DTLS traffic. Perfect for security testing, network debugging, and system administration! +> **Need advanced traffic analysis?** Check out [**InterceptSuite**](https://interceptsuite.com) - our comprehensive MITM proxy for analyzing TLS, TCP, UDP, DTLS traffic. Perfect for security testing, network debugging, and system administration! ## Table of Contents +- [Download](#download) - [Features](#features) - [Platform Documentation](#platform-documentation) - [Screenshots](#screenshots) @@ -27,6 +41,27 @@ ProxyBridge is a lightweight, open-source universal proxy client (Proxifier alte

+## Download + +### 🌐 Official Download Portal +Visit our **[Official Download Page](https://interceptsuite.com/download/proxybridge)** for the latest automated builds and platform detection. + +### 📦 Release Packages + +| Platform | Download Link | Package Type | System Requirements | +| :--- | :--- | :--- | :--- | +| **Windows** | [**Download Installer**](https://interceptsuite.com/download/proxybridge) | `.exe` | Windows 10+ (64-bit), Admin privileges | +| **macOS** | [**Download Installer**](https://interceptsuite.com/download/proxybridge) | `.pkg` (Universal) | macOS 13.0+ ARM/x64 (Ventura or later) | +| **Linux** | [**Download Tarball**](https://interceptsuite.com/download/proxybridge) | `.tar.gz` | x64 Kernel with NFQUEUE support | + +#### Linux One-Command Quick Install: +```bash +curl -Lo deploy.sh https://raw.githubusercontent.com/InterceptSuite/ProxyBridge/refs/heads/master/Linux/deploy.sh && sudo bash deploy.sh +``` + +> [!NOTE] +> For historical versions, change logs, and direct access to raw assets, visit the [GitHub Releases](https://github.com/InterceptSuite/ProxyBridge/releases) page. + ## Features - **Cross-platform** - Available for Windows, macOS and Linux diff --git a/Windows/README.md b/Windows/README.md index 60a2ebe..b5a6b01 100644 --- a/Windows/README.md +++ b/Windows/README.md @@ -1,34 +1,41 @@ # ProxyBridge for Windows -Universal proxy client for Windows applications - Route any application through SOCKS5/HTTP proxies without configuration. +Universal proxy client for Windows applications - route any application through SOCKS5/HTTP proxies without modifying the application. ## Table of Contents -- [Installation](#installation) -- [Usage](#usage) - - [GUI Application](#gui-application) - - [Proxy Settings](#proxy-settings) - - [Process Rules](#process-rules) - - [Exporting and Importing Rules](#exporting-and-importing-rules) - - [Activity Monitoring](#activity-monitoring) - - [Command Line Interface (CLI)](#command-line-interface-cli) - - [Basic Usage](#basic-usage) - - [Command Line Options](#command-line-options) - - [Rule Format](#rule-format) -- [Use Cases](#use-cases) -- [Current Limitations](#current-limitations) -- [Things to Note](#things-to-note) -- [How It Works](#how-it-works) -- [Build from Source](#build-from-source) -- [License](#license) +- [ProxyBridge for Windows](#proxybridge-for-windows) + - [Table of Contents](#table-of-contents) + - [Installation](#installation) + - [Usage](#usage) + - [GUI Application](#gui-application) + - [Proxy Settings](#proxy-settings) + - [Multiple Proxy Configurations](#multiple-proxy-configurations) + - [Process Rules](#process-rules) + - [Exporting and Importing Rules](#exporting-and-importing-rules) + - [Activity Monitoring](#activity-monitoring) + - [Command Line Interface (CLI)](#command-line-interface-cli) + - [Profile Format](#profile-format) + - [Basic Usage](#basic-usage) + - [Command Line Options](#command-line-options) + - [Use Cases](#use-cases) + - [Things to Note](#things-to-note) + - [How It Works](#how-it-works) + - [Build from Source](#build-from-source) + - [Requirements](#requirements) + - [Using the PowerShell Build Script (Recommended)](#using-the-powershell-build-script-recommended) + - [Manual Build - DLL (MSVC)](#manual-build---dll-msvc) + - [Manual Build - DLL (GCC / MinGW-w64)](#manual-build---dll-gcc--mingw-w64) + - [Manual Build - CLI (MSVC)](#manual-build---cli-msvc) + - [License](#license) ## Installation -1. Download the latest `ProxyBridge-Installer-vX.X.X.exe` from the [Releases](https://github.com/InterceptSuite/ProxyBridge/releases) page +1. Download the latest `ProxyBridge-Setup-X.X.X.exe` from the [Releases](https://github.com/InterceptSuite/ProxyBridge/releases) page 2. Run the installer with Administrator privileges 3. The installer will: - Install ProxyBridge to `C:\Program Files\ProxyBridge` - - Add the CLI to your system PATH for easy command-line access + - Add the install directory to your system PATH (GUI, CLI, and DLL all accessible) - Create Start Menu shortcuts for the GUI application - Include all required dependencies (WinDivert driver) @@ -39,7 +46,7 @@ Universal proxy client for Windows applications - Route any application through ### GUI Application -Launch `ProxyBridge.exe` (GUI) with Administrator privileges for an intuitive graphical interface to: +Launch `ProxyBridge.exe` with Administrator privileges for an intuitive graphical interface. #### Proxy Settings @@ -50,7 +57,7 @@ Launch `ProxyBridge.exe` (GUI) with Administrator privileges for an intuitive gr 1. Click **Proxy** tab in the main window 2. Click **Proxy Settings** from the menu 3. Select **Proxy Type** (SOCKS5 or HTTP) -4. Enter **Proxy Host** - Supports both IP addresses and domain names: +4. Enter **Proxy Host** - supports both IP addresses and domain names: - IP Address: `127.0.0.1`, `192.168.1.100` - Domain Name: `proxy.example.com`, `localhost` 5. Enter **Proxy Port** (e.g., 1080 for SOCKS5, 8080 for HTTP) @@ -62,7 +69,20 @@ Launch `ProxyBridge.exe` (GUI) with Administrator privileges for an intuitive gr 2. Enter **Destination IP/Host** (default: google.com) 3. Enter **Destination Port** (default: 80) 4. Click **Start Test** to verify proxy connectivity -5. View test results in the output area + +#### Multiple Proxy Configurations + +ProxyBridge supports multiple proxy server configurations simultaneously. Each proxy rule can be assigned to a specific proxy configuration, allowing you to route different applications through different proxies at the same time. + +- Add multiple proxy servers (SOCKS5 and HTTP, mixed) in **Proxy Settings** +- Each proxy entry gets a unique ID +- When creating a **Proxy Rule**, select which proxy configuration to route through via the **Proxy Config** selector +- If a rule's assigned proxy config is not found, ProxyBridge falls back to the first available configuration + +**Example use cases:** +- Route `chrome.exe` through a SOCKS5 proxy and `curl.exe` through an HTTP proxy simultaneously +- Test against multiple proxy endpoints without restarting +- Assign latency-sensitive apps to a local proxy and others to a remote one #### Process Rules @@ -82,13 +102,16 @@ Launch `ProxyBridge.exe` (GUI) with Administrator privileges for an intuitive gr - Use `*` as wildcard for all processes - Enter single process: `chrome.exe` - Enter multiple processes (semicolon-separated): `firefox.exe; chrome.exe` - - Use **Browse** button to select process executable from directory + - Use **Browse** button to select a process executable **Target Hosts (Optional):** - - Specific IP: `127.0.0.1` - - Wildcard IP range: `127.0.*.*` or `192.168.*.*` + - Specific IP: `192.168.1.1` + - Wildcard IP range: `192.168.*.*` - Multiple IPs: `127.0.0.1; 192.168.1.1` - IP range: `10.10.1.1-10.10.255.255` + - IPv6 exact: `::1`, `2001:db8::1` + - IPv6 CIDR: `2001:db8::/32`, `fe80::/10` + - IPv6 range: `2001:db8::1-2001:db8::ff` - Leave empty or use `*` for all hosts **Target Ports (Optional):** @@ -100,50 +123,74 @@ Launch `ProxyBridge.exe` (GUI) with Administrator privileges for an intuitive gr - Select **TCP**, **UDP**, or **Both (TCP + UDP)** **Action:** - - **PROXY** - Route through configured proxy + - **PROXY** - Route through the selected proxy configuration - **DIRECT** - Allow direct internet access - **BLOCK** - Block all internet access -4. Click **Save Rule** to apply the configuration +4. Click **Save Rule** to apply #### Exporting and Importing Rules -ProxyBridge allows you to export selected rules to a JSON file and import rules from previously exported files, making it easy to share configurations between systems or back up your rule sets. +ProxyBridge allows you to export selected rules to a `.pbprofile` JSON file and import rules from previously exported files. **Export Rules:** -1. In the **Proxy Rules** window, select one or more rules using the checkboxes in the **Select** column -2. Click the **Select All** button to select all rules (optional) -3. Click the **Export** button (only enabled when at least one rule is selected) -4. Choose a location and save the JSON file +1. In the **Proxy Rules** window, select one or more rules using the checkboxes +2. Click the **Export** button +3. Choose a location and save the file (`.pbprofile`) **Import Rules:** 1. Click the **Import** button -2. Select a previously exported JSON file -3. Rules will be imported and added to your existing rules +2. Select a previously exported `.pbprofile` file +3. Rules and proxy configurations are imported and merged with existing settings -**JSON Format Example:** +**Profile JSON Format:** ```json -[ - { - "processNames": "chrome.exe", - "targetHosts": "*", - "targetPorts": "*", - "protocol": "TCP", - "action": "PROXY", - "enabled": true - }, - { - "processNames": "firefox.exe", - "targetHosts": "192.168.*.*", - "targetPorts": "80;443", - "protocol": "BOTH", - "action": "DIRECT", - "enabled": true - } -] +{ + "Version": "1.0", + "LocalhostViaProxy": false, + "IsTrafficLoggingEnabled": true, + "ProxyConfigs": [ + { + "Id": 1, + "Type": "socks5", + "Host": "127.0.0.1", + "Port": "1080", + "Username": "", + "Password": "" + }, + { + "Id": 2, + "Type": "http", + "Host": "127.0.0.1", + "Port": "8080", + "Username": "", + "Password": "" + } + ], + "ProxyRules": [ + { + "ProcessName": "chrome.exe", + "TargetHosts": "*", + "TargetPorts": "*", + "Protocol": "TCP", + "Action": "PROXY", + "IsEnabled": true, + "ProxyConfigId": 1 + }, + { + "ProcessName": "firefox.exe", + "TargetHosts": "192.168.*.*", + "TargetPorts": "80;443", + "Protocol": "BOTH", + "Action": "PROXY", + "IsEnabled": true, + "ProxyConfigId": 2 + } + ] +} ``` -**Note:** The JSON format is compatible across platforms, allowing you to export rules from macOS and import them on Windows, and vice versa. +**Note:** The `.pbprofile` format is cross-platform - profiles exported from macOS can be imported on Windows and vice versa. #### Activity Monitoring @@ -152,215 +199,157 @@ ProxyBridge allows you to export selected rules to a JSON file and import rules

- View real-time connection activity in the **Connections** tab -- Monitor all system connections including both TCP and UDP protocols -- See connections from all processes, whether they match rules or not -- Track which processes are active and their routing status (PROXY, DIRECT, or BLOCK) -- Search and filter connections using the search box - +- Monitor all TCP and UDP connections system-wide +- See routing status per connection: **PROXY**, **DIRECT**, or **BLOCK** +- Search and filter by process name, IP, port, or routing status -**Note:** Adding a rule with action **PROXY** while no proxy is configured will result in traffic being routed through a direct connection instead. Make sure to configure proxy settings before using PROXY rules. +**Note:** Adding a rule with action **PROXY** while no proxy is configured will fall back to a direct connection. Configure at least one proxy server before using PROXY rules. ### Command Line Interface (CLI) -The CLI provides powerful automation and scripting capabilities with rule-based traffic control: +`ProxyBridge_CLI.exe` is a lightweight native CLI that loads a `.pbprofile` exported from the GUI and runs ProxyBridge headlessly - no GUI required. -#### Basic Usage -```powershell -# Help menu -ProxyBridge_CLI -h +#### Profile Format -# Use custom HTTP proxy -ProxyBridge_CLI --proxy http://192.168.1.100:8080 +The CLI reads `.pbprofile` files exported directly from the GUI (**File → Export Profile**). These are JSON files containing proxy server configurations and routing rules. See the [Profile JSON Format](#exporting-and-importing-rules) section above for the schema. -# Route Chrome through socks5 proxy -ProxyBridge_CLI --proxy socks5://127.0.0.1:1080 --rule "chrome.exe:*:*:TCP:PROXY" +**Key profile fields read by the CLI:** -# Route multiple processes in single rule (semicolon-separated) -ProxyBridge_CLI --proxy http://127.0.0.1:8080 --rule "chrome.exe;steam*.exe:*:*:TCP:PROXY" +| Field | Description | +|---|---| +| `ProxyConfigs[]` | Array of proxy servers (SOCKS5 or HTTP, up to 16) | +| `ProxyRules[]` | Array of routing rules (up to 256) | +| `LocalhostViaProxy` | Whether to route `127.x.x.x` traffic through the proxy | +| `IsTrafficLoggingEnabled` | Enable/disable connection logging | +| `ProxyConfigId` | Per-rule proxy assignment (maps to `ProxyConfigs[].Id`) | -# Multiple rules with verbose connection logging -ProxyBridge_CLI --proxy http://127.0.0.1:8080 --rule "chrome.exe;steam*.exe:*:*:TCP:PROXY" --rule "firefox.exe:*:*:TCP:PROXY" --verbose 2 +#### Basic Usage -# Block specific application from internet access -ProxyBridge_CLI --rule "malware.exe:*:*:BOTH:BLOCK" +```powershell +# Run a profile (requires Administrator) +ProxyBridge_CLI.exe --profile C:\Users\user\myconfig.pbprofile -# Route specific apps through proxy, block everything else -ProxyBridge_CLI --rule "chrome.exe:*:*:TCP:PROXY" --rule "firefox.exe:*:*:TCP:PROXY" --rule "*:*:*:BOTH:BLOCK" +# Run with connection logging +ProxyBridge_CLI.exe --profile myconfig.pbprofile --verbose 2 -# Route all through proxy except proxy app itself -ProxyBridge_CLI --rule "*:*:*:TCP:PROXY" --rule "BurpSuiteCommunity.exe:*:*:TCP:DIRECT" +# Run with full log and connection output +ProxyBridge_CLI.exe --profile myconfig.pbprofile --verbose 3 -# Target specific IPs and ports -ProxyBridge_CLI --rule "chrome.exe:192.168.*.*;10.10.*.*:80;443;8080:TCP:PROXY" +# Check for updates (does not require Administrator) +ProxyBridge_CLI.exe --update -# Import rules from JSON file -ProxyBridge_CLI --proxy socks5://127.0.0.1:1080 --rule-file C:\rules.json +# Show version +ProxyBridge_CLI.exe --version -# Combine file-based rules with command-line rules -ProxyBridge_CLI --rule-file C:\rules.json --rule "steam.exe:*:*:TCP:PROXY" +# Show help +ProxyBridge_CLI.exe --help ``` #### Command Line Options -``` -ProxyBridge_CLI.exe -h +``` ____ ____ _ _ | _ \ _ __ _____ ___ _ | __ ) _ __(_) __| | __ _ ___ | |_) | '__/ _ \ \/ / | | | | _ \| '__| |/ _` |/ _` |/ _ \ | __/| | | (_) > <| |_| | | |_) | | | | (_| | (_| | __/ - |_| |_| \___/_/\_\\__, | |____/|_| |_|\__,_|\__, |\___| - |___/ |___/ V3.2.0 + |_| |_| \___/_/\_\__, | |____/|_| |_|\__,_|\__, |\___| + |___/ |___/ V4.0.0 Universal proxy client for Windows applications - Author: Sourav Kalal/InterceptSuite - GitHub: https://github.com/InterceptSuite/ProxyBridge - -Description: - ProxyBridge - Universal proxy client for Windows applications - -Usage: - ProxyBridge_CLI [command] [options] - Options: - --proxy Proxy server URL with optional authentication - Format: type://ip:port or type://ip:port:username:password - Examples: socks5://127.0.0.1:1080 - http://proxy.com:8080:myuser:mypass [default: socks5://127.0.0.1:4444] - --rule Traffic routing rule (multiple values supported, can repeat) - Format: process:hosts:ports:protocol:action - process - Process name(s): chrome.exe, chr*.exe, *.exe, or * (use ; for multiple: chrome.exe;firefox.exe) - hosts - IP/host(s): *, google.com, 192.168.*.*, or multiple separated by ; or , - ports - Port(s): *, 443, 80;8080, 80-100, or multiple separated by ; or , - protocol - TCP, UDP, or BOTH - action - PROXY, DIRECT, or BLOCK - Examples: - chrome.exe:*:*:TCP:PROXY - chrome.exe;firefox.exe:*:*:TCP:PROXY - *:*:53:UDP:PROXY - firefox.exe:*:80;443:TCP:DIRECT - --rule-file Path to JSON file containing proxy rules - JSON format (same as GUI export): - [{ - "processNames": "chrome.exe", - "targetHosts": "*", - "targetPorts": "*", - "protocol": "TCP", - "action": "PROXY", - "enabled": true - }] - Example: --rule-file C:\\rules.json [] - --dns-via-proxy Route DNS queries through proxy (default: true) [default: True] - --localhost-via-proxy Route localhost traffic through proxy (default: false, most proxies block localhost for SSRF prevention, local traffic to remote proxy will cause issues) - [default: False] - --verbose Logging verbosity level - 0 - No logs (default) - 1 - Show log messages only - 2 - Show connection events only - 3 - Show both logs and connections [default: 0] - --version Show version information - -?, -h, --help Show help and usage information + --profile Path to .pbprofile file exported from the GUI + Export from GUI: File > Export Profile -Commands: - --update Check for updates and download latest version from GitHub - -``` - -#### Rule Format - -**Format:** `process:hosts:ports:protocol:action` - -- **process** - Process name(s): `chrome.exe`, `chrome.exe;firefox.exe`, `steam*.exe`, or `*` -- **hosts** - Target IP/hostname(s): `*`, `192.168.1.1`, `192.168.*.*`, `10.10.1.1-10.10.255.255`, or `192.168.1.1;10.10.10.10` -- **ports** - Target port(s): `*`, `443`, `80;443;8080`, `80-8000`, or `80;443;8000-9000` -- **protocol** - `TCP`, `UDP`, or `BOTH` -- **action** - `PROXY`, `DIRECT`, or `BLOCK` - -**Examples:** -```powershell -# Single process to proxy ---rule "chrome.exe:*:*:TCP:PROXY" + --verbose <0-3> Logging verbosity + 0 - Silent (default) + 1 - Log messages only + 2 - Connection events only + 3 - Both logs and connections -# Multiple processes in one rule ---rule "chrome.exe;firefox.exe;steam*.exe:*:*:TCP:PROXY" + --version Show version information + -?, -h, --help Show help -# Target specific IPs and ports ---rule "chrome.exe:192.168.*;10.10.*.*:80;443;8080:TCP:PROXY" - -# Allow direct connection (bypass proxy) ---rule "BurpSuiteCommunity.exe:*:*:TCP:DIRECT" - ---rule-file "C:\proxybridge-rule.json" +Commands: + --update Check for updates and download latest installer from GitHub + (does not require Administrator) ``` **Notes:** -- After installation, the CLI is available from any terminal (no `.\` prefix needed) -- Process names are case-insensitive -- Use `*` as the process name to set a default action for all traffic -- Press `Ctrl+C` to stop ProxyBridge +- `--profile` requires Administrator (WinDivert kernel driver) +- `--update` and `--version` do not require Administrator +- Press `Ctrl+C` to stop ProxyBridge cleanly +- The CLI and `ProxyBridgeCore.dll` must be in the same directory ## Use Cases - Redirect proxy-unaware applications (games, desktop apps) through InterceptSuite/Burp Suite for security testing -- Route specific applications through Tor,SOCKS5 or HTTP proxies +- Route specific applications through Tor, SOCKS5, or HTTP proxies - Intercept and analyze traffic from applications that don't support proxy configuration +- Route different applications through different proxy servers simultaneously - Test application behavior under different network conditions -- Analyze protocols and communication patterns +- Analyze IPv4 and IPv6 protocols and communication patterns -## Current Limitations - -- IPv4 only (IPv6 not supported) - ## Things to Note -- **DNS Traffic Handling**: DNS traffic on TCP and UDP port 53 is handled separately from proxy rules. Even if you configure rules for port 53, they will be ignored. Instead, DNS routing is controlled by the **DNS via Proxy** option in the Proxy menu (enabled by default). When enabled, all DNS queries are routed through the proxy; when disabled, DNS queries use direct connection. - -- **Localhost Traffic Handling**: Localhost traffic (127.0.0.0/8) requires special handling and is controlled by the **Localhost via Proxy** option in the Proxy menu (disabled by default): +- **Localhost Traffic Handling**: Localhost traffic (`127.0.0.0/8` and IPv6 `::1`) requires special handling and is controlled by the **Localhost via Proxy** option in the Proxy menu (disabled by default): **Default Behavior (Localhost via Proxy = Disabled):** - ALL localhost traffic automatically uses direct connection - - Proxy rules matching 127.x.x.x addresses are automatically overridden to DIRECT + - Proxy rules matching `127.x.x.x` or `::1` addresses are automatically overridden to DIRECT - This is the recommended setting for most users **Why localhost should stay local:** - **Security**: Most proxy servers reject localhost traffic to prevent SSRF (Server-Side Request Forgery) attacks - **Compatibility**: Many applications run local services that must stay on your machine: - NVIDIA GeForce Experience (local API servers) - - Chrome/Edge DevTools (127.0.0.1:9222 debugging protocol) + - Chrome/Edge DevTools (`127.0.0.1:9222` debugging protocol) - Development servers (localhost web/database servers) - - Inter-process communication (IPC) using TCP/UDP on 127.0.0.1 - - **Routing Issues**: When localhost traffic goes to a remote proxy: - - The proxy server cannot reach services running on YOUR machine - - Applications expecting local responses will timeout or fail - - Example: `curl http://127.0.0.1:8080` via remote proxy asks the proxy's localhost, not yours + - Inter-process communication (IPC) using TCP/UDP on `127.0.0.1` + - **Routing Issues**: When localhost traffic goes to a remote proxy, the proxy server cannot reach services running on YOUR machine **When to Enable Localhost via Proxy:** - - ✅ Proxy server is running on the same machine (127.0.0.1:1080) + - ✅ Proxy server is running on the same machine (`127.0.0.1:1080`) - ✅ Security testing: Intercepting localhost traffic in Burp Suite/InterceptSuite - ✅ Your proxy is configured to handle localhost requests properly - ❌ Do NOT enable if proxy is on a different machine/IP address - **CLI/GUI Options:** - - GUI: **Proxy** menu → **Localhost via Proxy** (checkbox) - - CLI: `--localhost-via-proxy` flag + **CLI:** Controlled via the `LocalhostViaProxy` field in the `.pbprofile` file. -- **Automatic Direct Routing**: Certain IP addresses and ports automatically use direct connection regardless of proxy rules, though you can still create rules with **DIRECT** (default) or **BLOCK** actions for them: - - **Broadcast addresses** (255.255.255.255 and x.x.x.255) - Network broadcast - - **Multicast addresses** (224.0.0.0 - 239.255.255.255) - Group communication - - **APIPA addresses** (169.254.0.0/16) - Automatic Private IP Addressing (link-local) +- **Automatic Direct Routing**: Certain addresses and ports always bypass proxy rules and use direct connection to preserve network stability: + + **IPv4:** + - **Broadcast** (`255.255.255.255` and `x.x.x.255`) - Network broadcast + - **Multicast** (`224.0.0.0–239.255.255.255`) - Group communication + - **APIPA / Link-local** (`169.254.0.0/16`) - Automatic Private IP Addressing - **DHCP ports** (UDP 67, 68) - Dynamic Host Configuration Protocol - These addresses and ports are used by system components, network discovery, and essential Windows services. While proxy rules are automatically overridden to DIRECT for these targets, you can still define rules with DIRECT or BLOCK actions to explicitly control or block this traffic. + **IPv6:** + - **Multicast** (`FF00::/8`) - Replaces IPv4 broadcast entirely; includes DHCPv6 multicast (`FF02::1:2`), all-nodes (`FF02::1`), router solicitation, etc. + - **Link-local** (`FE80::/10`) - Cannot be routed off-link; equivalent to IPv4 APIPA + - **Site-local (deprecated)** (`FEC0::/10`) - Still seen on older equipment + - **Unspecified** (`::`) - Equivalent to IPv4 `0.0.0.0` + - **DHCPv6 ports** (UDP 546, 547) - Dynamic Host Configuration Protocol for IPv6 + + You can still create rules with **DIRECT** or **BLOCK** actions targeting these addresses/ports to explicitly log or block such traffic, but **PROXY** is always overridden to **DIRECT** for them. + +- **IPv6 Support**: ProxyBridge fully supports IPv6 traffic interception and routing for both TCP and UDP. IPv6 rules use the same format as IPv4 with additional notation: + - Exact address: `::1`, `2001:db8::1` + - CIDR: `2001:db8::/32`, `fe80::/10` + - Range: `2001:db8::1-2001:db8::ff` + - Wildcard `*` matches all IPv4 and IPv6 addresses -- **UDP Proxy Requirements**: UDP traffic only works when a SOCKS5 proxy is configured. If an HTTP proxy server is configured, ProxyBridge will ignore UDP proxy rules and route UDP traffic as direct connection instead. This limitation does not affect UDP rules with BLOCK or DIRECT actions. +- **UDP Proxy Requirements**: UDP traffic only works when a SOCKS5 proxy is configured. HTTP proxies cannot relay UDP traffic - ProxyBridge will automatically fall back to direct for UDP when only an HTTP proxy is configured. **Important UDP Considerations**: - - Configuring a SOCKS5 proxy does not guarantee UDP will work. Most SOCKS5 proxies do not support UDP traffic, including SSH SOCKS5 proxies. - - The SOCKS5 proxy must support UDP ASSOCIATE command. If ProxyBridge fails to establish a UDP association with the SOCKS5 proxy, packets will fail to connect. - - Many UDP applications use HTTP/3 and DTLS protocols. Even if your SOCKS5 proxy supports UDP ASSOCIATE, ensure it can handle DTLS and HTTP/3 UDP traffic, as they require separate handling beyond raw UDP packets. - - **Testing UDP/HTTP3/DTLS Support**: If you need to test UDP, HTTP/3, and DTLS support with a SOCKS5 proxy, try [Nexus Proxy](https://github.com/InterceptSuite/nexus-proxy) - a proxy application created specifically to test ProxyBridge with advanced UDP protocols. + - Most SOCKS5 proxies do not support UDP ASSOCIATE (including SSH SOCKS5 tunnels) + - The SOCKS5 proxy must support the UDP ASSOCIATE command + - Many UDP applications use HTTP/3 and DTLS protocols - ensure your proxy handles these + - **Testing**: Try [Nexus Proxy](https://github.com/InterceptSuite/nexus-proxy) to test ProxyBridge UDP/HTTP3/DTLS support + +- **Multiple Proxy Configurations**: Up to 16 proxy server configurations can be active simultaneously. Rules can each be assigned to a specific proxy config. If the assigned config is not found, ProxyBridge falls back to the first available config. This allows routing different apps through different proxies without any application-side configuration. ## How It Works @@ -405,32 +394,59 @@ Case 2: Packet match with proxy rule ## Build from Source - ### Requirements - Windows 7 or later (64-bit) - Administrator privileges (required for WinDivert driver) +- Visual Studio 2019 or later (MSVC - recommended) **or** MinGW-w64 (GCC) - WinDivert 2.2.2-A or later -- GCC (MinGW-w64) or MSVC compiler +- .NET 10 SDK (for the GUI) -If you prefer to build ProxyBridge from source: +### Using the PowerShell Build Script (Recommended) -1. Download WinDivert 2.2.2-A from the [official website](https://reqrypt.org/windivert.html) -2. Extract WinDivert to a known location (e.g., `C:\WinDivert-2.2.2-A`) -3. Clone or download ProxyBridge source code -4. Compile using one of the methods below: - -### Using PowerShell Script ```powershell +cd Windows .\compile.ps1 ``` -### Using GCC Directly +The script automatically: +- Locates your Visual Studio installation via `vswhere` +- Compiles `ProxyBridgeCore.dll` (C, MSVC, WinDivert) +- Compiles `ProxyBridge_CLI.exe` (C, MSVC, native) +- Builds `ProxyBridge.exe` (C#, .NET 10, Avalonia GUI) +- Copies all outputs to `Windows\output\` + +### Manual Build - DLL (MSVC) + +```powershell +# From a Visual Studio Developer Command Prompt +cl /O2 /GL /W4 /D_WIN32_WINNT=0x0601 /DNDEBUG /GS /guard:cf ^ + /I"path\to\windivert\include" ^ + ProxyBridge.c /LD ^ + /link /LTCG /OPT:REF /RELEASE /DYNAMICBASE /NXCOMPAT ^ + WinDivert.lib ws2_32.lib iphlpapi.lib ^ + /OUT:ProxyBridgeCore.dll +``` + +### Manual Build - DLL (GCC / MinGW-w64) + ```powershell -gcc -O2 -Wall -D_WIN32_WINNT=0x0601 -I"C:\WinDivert-2.2.2-A\include" ProxyBridge.c -L"C:\WinDivert-2.2.2-A\x64" -lWinDivert -lws2_32 -liphlpapi -o ProxyBridge.exe +gcc -O2 -Wall -D_WIN32_WINNT=0x0601 -shared ^ + -I"C:\WinDivert-2.2.2-A\include" ^ + ProxyBridge.c ^ + -L"C:\WinDivert-2.2.2-A\x64" -lWinDivert -lws2_32 -liphlpapi ^ + -o ProxyBridgeCore.dll ``` -5. Run `ProxyBridge.exe` with Administrator privileges +### Manual Build - CLI (MSVC) + +```powershell +cl /O2 /W4 /D_WIN32_WINNT=0x0601 /DNDEBUG /GS /guard:cf ^ + cli\main.c ^ + /link /RELEASE /DYNAMICBASE /NXCOMPAT /SUBSYSTEM:CONSOLE ^ + winhttp.lib shell32.lib advapi32.lib ^ + /OUT:ProxyBridge_CLI.exe +``` ## License diff --git a/img/ProxyBridge.png b/img/ProxyBridge.png index 7ea0f76..437818e 100644 Binary files a/img/ProxyBridge.png and b/img/ProxyBridge.png differ diff --git a/img/proxy-rule.png b/img/proxy-rule.png index 51f6368..c169ed9 100644 Binary files a/img/proxy-rule.png and b/img/proxy-rule.png differ diff --git a/img/proxy-rule2.png b/img/proxy-rule2.png index ce556fa..03306a4 100644 Binary files a/img/proxy-rule2.png and b/img/proxy-rule2.png differ diff --git a/img/proxy-setting.png b/img/proxy-setting.png index bde9b3e..e1eaf1f 100644 Binary files a/img/proxy-setting.png and b/img/proxy-setting.png differ