Spider Network Proxy

Enterprise-grade HTTP/SOCKS5 proxy with TLS fingerprint randomization for spider-nix anti-detection.

Features

uTLS Integration: Randomize TLS ClientHello fingerprints per domain
4 Browser Profiles: Chrome 120, Firefox 121, Safari 17, Edge 120
HTTP/2 Customization: SETTINGS frame and priority stream randomization
Dual Proxy Support: HTTP (CONNECT) + SOCKS5
Per-Domain Caching: Consistent fingerprint per domain (24h TTL)
Zero Logs: Privacy-focused, no request logging

Architecture

spider-nix → HTTP Proxy (:8080) → uTLS (random profile) → Target
                ↓
          SOCKS5 Proxy (:1080) → uTLS (random profile) → Target

Build

# Install dependencies
go mod download

# Build binary
go build -o spider-network-proxy ./cmd/spider-network-proxy

# Or use Makefile
make build

Configuration

Copy configs/example.toml to configs/production.toml:

[proxy]
http_listen = "127.0.0.1:8080"
socks5_listen = "127.0.0.1:1080"

[tls]
fingerprint_rotation = true
profile_cache_ttl_hours = 24

Usage

Start Proxy

./spider-network-proxy --config configs/production.toml

Test with curl

# HTTP proxy
curl -x http://127.0.0.1:8080 https://www.howsmyssl.com/a/check

# SOCKS5 proxy
curl -x socks5://127.0.0.1:1080 https://www.howsmyssl.com/a/check

Integration with spider-nix

In spider-nix/src/spider_nix/session.py:

proxies = {
    "http://": "http://127.0.0.1:8080",
    "https://": "http://127.0.0.1:8080",
}

client = httpx.AsyncClient(proxies=proxies)

Browser Profiles

Profile	TLS Version	HTTP/2 SETTINGS	Use Case
Chrome 120	TLS 1.3	EnablePush=1, InitWindow=6MB	Modern websites
Firefox 121	TLS 1.3	EnablePush=0, InitWindow=128KB	Privacy-focused
Safari 17	TLS 1.3	HeaderTable=4KB, MaxStreams=100	Apple ecosystem
Edge 120	TLS 1.3	Same as Chrome	Enterprise sites

Performance

Overhead: ~5-10ms per request (TLS handshake)
Memory: ~50MB base + 1MB per 1000 cached domains
Throughput: 1000+ req/s on modern hardware

Verification

Verify TLS fingerprint randomization:

# Check TLS fingerprint (should vary by domain)
curl -x http://127.0.0.1:8080 https://tls.peet.ws/api/all

# Verify not Python/requests fingerprint
curl -x http://127.0.0.1:8080 https://www.howsmyssl.com/a/check | jq .given_cipher_suites

Troubleshooting

"Handshake failed"

Check target supports TLS 1.2+
Verify no firewall blocking

"Profile cache growing"

Reduce profile_cache_ttl_hours in config
Implement cache eviction (TODO)

Security

Certificates: Validates all TLS certificates (no InsecureSkipVerify)
No Logging: Request details not logged (only domain + profile)
Local Only: Binds to 127.0.0.1 by default

Roadmap

HTTP/2 priority frame randomization
JA3 fingerprint monitoring
Per-profile success rate tracking
Dynamic profile selection based on target
Prometheus metrics export

License

Internal use only - not for public distribution

Features​

Architecture​

Build​

Configuration​

Usage​

Start Proxy​

Test with curl​

Integration with spider-nix​

Browser Profiles​

Performance​

Verification​

Troubleshooting​

"Handshake failed"​

"Profile cache growing"​

Security​

Roadmap​

License​