README
¶
Wicklight
Wicklight is a http(s),http2 server that is written in Golang and is under MIT License.
Notice: Wicklight is developed only for author's study and testing purposes
Features
- A Proxy for HTTP, HTTPS. Unlike other proxies, Wickproxy is an HTTP proxy and no client is needed.
- Highly concealed and Probe-Resistance.
- Rewrite any illegal requests to a backend server.
- Wickproxy can work as a frontend server application in the front of
CaddyorNginx.
- HTTP2 Fallback.
- with or without transport layer security
- One script to install on linux amd64 machiens (see
Install) - rule check based on IP, CIDR, domain, port
- Access control list. Allow or deny by IP, ports, domain name, or CIDR.
- Build for almost all platforms. Wickproxy is compiled for Windows, OS X, Linux, and Freebsd.
Probe-Resistance
For many HTTP proxy clients, it is common that no authentication information is sent in the first packet, then the server should return a 407 Proxy-Authenticate to indicate the authentication information should be sent. However, this behavior exposes the fact of wickproxy is a proxy server.
In order to resist probe requests, only requests to fallback.host(such as pr.wickproxy.org will trick a 407 Proxy-Authenticate response and other requests will be fallbacked to backend servers.
However, it is nay not be compatible with some software such as git command. A fallback.whitelist is introduced to solve this problem. Hosts in fallback.whitelist will also trick a 407 Proxy-Authenticate. fallback.whitelist should be used as a workaround and it increases the risk of be detected.
Fallback Model
It is easy to use Wickproxy as the frontend server listening on port 443 or 80. Any invalid requests will be sent to fallback.target. Then, an Nginx or caddy server listen on fallback.
Please refer to example/config.toml to see how to configure.
Documentation
Source Files
Directories