30 open-source projects similar to tinyproxy/tinyproxy, ranked by how many features they have in common. Compare stars, activity and what each one does to find the best Tinyproxy alternative.
3proxy is a multi-protocol proxy server and network access control gateway. It functions as a network traffic forwarder capable of routing TCP and UDP traffic across HTTP, SOCKS, and various email and file protocols. The project provides specialized capabilities for secure traffic inspection, including the decryption and analysis of HTTPS and TLS streams through certificate spoofing and mutual authentication. It further supports client identity anonymization by routing outbound traffic through recursive upstream proxy chains. The software covers a broad range of network management functions,
Zoraxy is a network administration tool centered on HTTP reverse proxy management. It provides a centralized graphical interface for routing web traffic from public domains to internal backend services, utilizing a Go-based proxy to intercept and forward requests. The project extends beyond standard web routing by offering a browser-based SSH interface for remote server administration and command execution. It also supports transport-layer TCP and WebSocket forwarding to manage non-HTTP traffic between external clients and internal ports. Broad capabilities include automated TLS certificate
Mitmproxy is an interactive, programmable network proxy engine designed for traffic analysis and protocol manipulation. It functions as a gateway that intercepts, inspects, and modifies network traffic in real-time, supporting HTTP, HTTPS, WebSocket, DNS, and generic TCP or UDP streams. By acting as a trusted certificate authority, the proxy can dynamically generate and sign certificates to decrypt and analyze secure TLS-encrypted connections. The project distinguishes itself through a highly extensible, event-driven architecture that allows users to automate traffic transformation using cust
gost is a multi-protocol proxy tunnel and secure tunneling server designed to route network traffic through encrypted connections. It functions as a traffic obfuscation gateway and a transparent proxy server capable of intercepting TCP and UDP traffic at the IP level. The project also includes a virtual network interface manager for creating TUN and TAP devices to intercept operating system packets. The system distinguishes itself through a chain-based request routing model, allowing traffic to pass through an ordered sequence of proxy nodes. It provides extensive transport-layer encapsulatio
This project is a Node.js HTTP reverse proxy middleware designed to route incoming HTTP and WebSocket traffic to target backend services. It functions as a dynamic routing engine and API gateway tool, providing the capability to consolidate multiple backend services behind a single entry point. The middleware features a WebSocket proxy bridge that manages protocol upgrade handshakes to maintain persistent bidirectional communication. It also includes a request and response transformer used to intercept and modify headers, bodies, and URL paths during transit. The system provides broad traffi
node-http-proxy is a Node.js HTTP proxy library and toolkit used to create programmable reverse proxies, load balancers, and traffic routers. It functions as a system for forwarding HTTP and WebSocket traffic from clients to backend target servers. The project provides capabilities for translating incoming request paths into backend addresses using programmable matching rules. It supports the creation of bidirectional tunnels to facilitate real-time communication via WebSocket proxying. The library covers the modification of request and response headers, including the rewriting of cookies an
This project is a Node.js HTTP proxy server that enables cross-domain API requests from browsers by injecting Cross-Origin Resource Sharing headers into HTTP responses. It functions as a reverse proxy gateway and header manipulator, allowing for the interception and modification of traffic between a client and a target server. The proxy provides mechanisms to bypass browser same-origin policy restrictions through automated header injection. It includes capabilities for origin-based rate limiting and request interception to control traffic flow and prevent unauthorized usage of the proxy servi
Gin is a hot reloading utility and live reloader for Go web applications. It functions as an HTTP proxy development tool that monitors source files for changes and automatically recompiles and restarts the web server to eliminate manual server restarts. The tool manages the development workflow by tracking file-system events and coordinating the sequence of recompiling source code. It handles child-process management for the Go compiler and the application binary, routing incoming traffic to the active server instance and refreshing the process upon the next request following a successful bui
A Rust port of shadowsocks
OpenWrt-nikki is an OpenWrt proxy client and transparent proxy gateway that manages network traffic diversion through remote servers. It functions as a network access controller and DNS hijacking server, intercepting IPv4 and IPv6 traffic to route it through a proxy without requiring client-side configuration. The project features a proxy subscription manager that automates the downloading and refreshing of remote configuration profiles using custom user agents. It employs a mixin-based configuration system to inject custom rules or proxy nodes into existing profiles without overwriting sourc
This project is an HTTP web server that delivers web content to clients using HTTP/1.1 and HTTP/2 protocols across various operating systems. It functions as a reverse proxy server, a rule-based URL rewriter, an SSL/TLS termination gateway, and a virtual host manager. The server is capable of hosting multiple distinct domains on a single instance by mapping requests to specific directory structures. It encrypts and decrypts network traffic at the server boundary to secure communication between clients and servers. Additionally, it transforms requested URLs into different paths using a regular
Lucky is a connectivity and routing utility suite focused on SSL automation, dynamic DNS client services, NAT traversal, and port forwarding. It provides a network gateway management interface to coordinate public network access for internal services. The project distinguishes itself through a centralized web-based administration panel used to configure reverse proxy servers, manage ACME-based SSL certificate renewals via DNS provider APIs, and synchronize public IP addresses across multiple dynamic DNS providers. It also includes a NAT traversal tool using STUN to establish external connecti
n2n is a peer-to-peer VPN that creates an encrypted mesh network by establishing layer 2 overlay networks. It uses UDP tunneling to connect remote computers into a shared virtual local area network, allowing devices to communicate as if they were on the same physical Ethernet switch. The system utilizes a centralized signaling registry and federated coordination nodes to facilitate peer discovery and node registration. It implements NAT traversal through UDP hole punching and UPnP port mapping, while using supernode relay routing to ensure connectivity when symmetric NATs prevent direct peer-
NetBird is a zero-trust networking platform that builds secure, encrypted peer-to-peer overlay networks using the WireGuard protocol. It functions as a software-defined perimeter, connecting distributed infrastructure across cloud environments and physical locations while hiding network resources from the public internet. By integrating with external identity providers, the platform enforces granular access control and identity-based segmentation for every user and device. The platform distinguishes itself through extensive automation and programmatic management capabilities. It provides a ce
AdguardFilters is a collection of curated adblock filter lists, content blocking rulesets, and DNS blocklists. Its primary purpose is to provide the rules necessary to identify and remove advertisements, tracking scripts, and intrusive elements across web browsers and applications. The project includes specialized rules for cosmetic filtering to hide layout gaps and a malware domain database to block phishing and spyware destinations. It provides distinct filtering sets for different regions and purposes, such as social media blocking. The repository covers broad capability areas including m
shadowsocks-libev is an event-driven network daemon that provides an encrypted SOCKS5 proxy. It functions as a lightweight proxy server using a non-blocking event loop to route TCP and UDP traffic through encrypted tunnels to bypass network restrictions. The project implements a transparent proxy gateway capable of intercepting outbound packets at the network layer, allowing system traffic to be redirected through the encrypted tunnel without per-application configuration. It also includes a daemon process manager to control multiple proxy server instances as child processes via local communi
x11docker is an OCI container GUI orchestrator and hardware bridge designed to execute graphical applications and full desktop environments inside containers. It functions as a Linux GUI sandbox, linking containerized processes to host X11 or Wayland display servers and audio systems. The project differentiates itself by providing deep system integration for hardware acceleration, including NVIDIA driver automation and GPU passthrough. It supports cross-architecture GUI emulation and provides remote access capabilities through VNC, SSH forwarding, and browser-based HTML5 rendering. The tool
Hono is a minimal JavaScript HTTP framework designed for building web servers across multiple runtimes, including Node.js, edge runtimes, and serverless platforms. It functions as a cross-runtime web server and a web standard API wrapper, normalizing various runtime request and response objects into standard Web API signatures. The project serves as an HTTP middleware orchestrator and request handler, utilizing a middleware-based request pipeline and hierarchical route mounting to create modular server structures. It distinguishes itself through a runtime-agnostic event wrapper that ensures c
LXD is a unified platform for managing both system containers and virtual machines through a single REST API and command-line interface. It provides a programmatic HTTP interface for controlling the full lifecycle of instances, enabling automation and integration with external tools. The system runs unprivileged containers with per-instance UID/GID mappings, seccomp filters, and AppArmor profiles for kernel-level isolation, while supporting multiple storage backends including directory, Btrfs, LVM, ZFS, Ceph, LINSTOR, and TrueNAS through a unified driver interface. The platform distinguishes
FRRouting is an internet routing suite comprising a collection of daemons that implement standard IPv4 and IPv6 routing protocols. It provides a protocol engine for BGP, an EVPN network virtualizer, and an MPLS label manager, alongside a gRPC routing interface for programmatic configuration and data retrieval using YANG models. The suite is distinguished by its extensibility through a Lua scripting framework that executes custom scripts at internal hooks to modify routing behavior. It also features a transactional configuration model that uses separate candidate and running databases to ensur
Proxyee is a Java-based network proxy library designed for building custom proxy servers that support traffic interception, inspection, and modification. It functions as a programmable framework for handling HTTP, HTTPS, and WebSocket traffic, providing the necessary tools to analyze and alter request and response data in real time. The project distinguishes itself through its man-in-the-middle capabilities, which include dynamic certificate generation to facilitate the decryption and re-encryption of secure traffic streams. This allows for granular control over network communications, suppor
This project is a Go-based HTTP proxy server designed as a censorship circumvention tool. It functions as an upstream proxy manager and SOCKS5 tunneling gateway that routes network traffic between clients and destination servers to bypass network restrictions. The system differentiates itself through automated proxy routing, which detects unreachable websites and automatically switches traffic between direct access and a pool of parent proxies. It includes a PAC file generator to produce proxy auto-config files for browsers and integrates SSH tunneling to establish secure remote sockets. Bro
spy-debugger is an HTTP proxy debugging tool designed for intercepting and analyzing network traffic from mobile devices, WebViews, and mobile browsers. It functions as a network packet capture tool and a remote browser inspector, allowing users to monitor HTTP and HTTPS requests wirelessly without the need for USB cables. The project distinguishes itself by using script injection to enable remote debugging. It injects JavaScript into HTTP response bodies, providing the ability to inspect HTML and CSS elements and perform live page content editing directly on the mobile screen. Additionally,
proxyee-down is an HTTP proxy download manager and multi-threaded download client. It is designed to route file download requests through an HTTP proxy server to accelerate data retrieval and bypass network restrictions. The tool increases transfer speeds by splitting large files into smaller chunks and downloading them concurrently across multiple TCP connections. It features the ability to update expired or changed source URLs for existing tasks, allowing interrupted downloads to recover and resume without losing previously downloaded segments. The system provides controls for manual downl
Whistle is an HTTP debugging proxy that captures, inspects, and modifies traffic through a web-based management interface. It operates as a man-in-the-middle proxy, intercepting HTTP, HTTPS, HTTP/2, WebSocket, and TCP traffic between clients and servers, and provides a plugin-based architecture that extends core functionality with custom rules, UI panels, and protocol handlers at runtime. The project distinguishes itself through a combination of capabilities that go beyond basic traffic inspection. It supports server-side headless operation on Linux, allowing it to intercept traffic for appli
This project is a proxy server designed to intercept and modify HTTP and HTTPS traffic for Netease Cloud Music. It functions as network middleware to restore playback for songs and albums restricted by geographic regions and to unlock premium account features, such as high-fidelity audio. The server utilizes header-based privilege injection to spoof premium status and employs conditional content redirection to route requests for unavailable media to alternative source providers. It also incorporates upstream proxy routing and IP parameters to bypass regional access restrictions. Additional c
Dev-sidecar is a local HTTP proxy tool designed to optimize development environments by intercepting and modifying network traffic. It functions as a man-in-the-middle service that routes outgoing requests through custom endpoints, enabling developers to accelerate access to remote services, manage package registry connections, and bypass regional connectivity restrictions. The tool distinguishes itself through its ability to perform dynamic DNS resolution overrides and certificate-based traffic inspection, allowing for granular control over network paths and secure data analysis. It employs
oauth2_proxy is an OAuth2 reverse proxy and authentication gateway that protects upstream services by requiring users to authenticate through external identity providers. It acts as a secure login layer for backend applications that lack built-in user authentication. The project provides centralized access control by restricting entry based on email domains, organization membership, or approved user lists. It integrates with identity providers via issuer URLs and client secrets, and supports additional authentication methods such as htpasswd files. The gateway manages secure identity forward
BFE is a Layer 7 HTTP and HTTPS traffic distributor that routes requests based on content inspection and configurable policies, managed through a RESTful API. It operates as a reverse proxy, distributing incoming traffic across backend servers according to user-defined rules. The project distinguishes itself through a domain-specific language for content-aware routing, allowing traffic to be directed by inspecting request headers, paths, and payloads. It supports multiple configurable load balancing policies and includes a plugin-based extension system for adding custom modules and middleware