smokescreen | A simple HTTP proxy that fogs over naughty URLs | Proxy library

smokescreen is a Go library typically used in Networking, Proxy applications. smokescreen has no bugs, it has a Permissive License and it has medium support. However smokescreen has 2 vulnerabilities. You can download it from GitHub.

Smokescreen is a HTTP CONNECT proxy. It proxies most traffic from Stripe to the external world (e.g., webhooks). Smokescreen restricts which URLs it connects to: it resolves each domain name that is requested and ensures that it is a publicly routable IP and not a Stripe-internal IP. This prevents a class of attacks where, for instance, our own webhooks infrastructure is used to scan Stripe's internal network. Smokescreen also allows us to centralize egress from Stripe, allowing us to give financial partners stable egress IP addresses and abstracting away the details of which Stripe service is making the request. Smokescreen can be contacted over TLS. You can provide it with one or more client certificate authority certificates as well as their CRLs. Smokescreen will warn you if you load a CA certificate with no associated CRL and will abort if you try to load a CRL which cannot be used (ex.: cannot be associated with loaded CA). Smokescreen can be provided with an ACL to determine which remote hosts a service is allowed to interact with. By default, Smokescreen will identify clients by the "common name" in the TLS certificate they present, if any. The client identification function can also be easily replaced; more on this in the usage section.