Command start

The start command begin a new capture session and blocks until the capture session is stopped with SIGINT (Ctrl+C).

Options

Description:
  Start a capturing session

Usage:
  fluxzy start [options]

Options:
  --llo                                                Listen on localhost address with default port. Same as -l
                                                       127.0.0.1/44344 [default: False]
  --lany                                               Listen on all interfaces with default port (44344) [default:
                                                       False]
  -l, --listen-interface <listen-interface>            Set up the binding addresses. Default value is "127.0.0.1:44344"
                                                       which will listen to localhost on port 44344. 0.0.0.0 to listen
                                                       on all interface with the default port. Use port 0 to let OS
                                                       assign a random available port. Accepts multiple values.
                                                       [default: 127.0.0.1:44344]
  -o, --output-file <output-file>                      Output the captured traffic to an archive file []
  -d, --dump-folder <dump-folder>                      Output the captured traffic to folder
  -r, --rule-file <rule-file>                          Use a fluxzy rule file. See more at :
                                                       https://www.fluxzy.io/resources/documentation/the-rule-file
  -R, --rule-stdin                                     Read rule from stdin
  -sp, --system-proxy                                  Try to register fluxzy as system proxy when started [default:
                                                       False]
  -k, --insecure                                       Skip remote certificate validation globally. Use
                                                       `SkipRemoteCertificateValidationAction` for specific host only
                                                       [default: False]
  -ss, --skip-ssl-decryption                           Disable ssl traffic decryption [default: False]
  -b, --bouncy-castle                                  Use Bouncy Castle as SSL/TLS provider [default: False]
  -c, --include-dump                                   Include tcp dumps on captured output [default: False]
  --external-capture                                   Indicates that the raw capture will be done by an external
                                                       process [default: False]
  -t, --trace                                          Output trace on stdout [default: False]
  -i, --install-cert                                   Install root CA in current cert store if absent (require higher
                                                       privilege) [default: False]
  --no-cert-cache                                      Don't cache generated certificate on file system [default: False]
  --cert-file <cert-file>                              Substitute the default CA certificate with a compatible PKCS#12
                                                       (p12, pfx) root CA certificate for SSL decryption
  --cert-password <cert-password>                      Set the password of certfile if any
  --parse-ua                                           Parse user agent [default: False]
  --use-502                                            Use 502 status code for upstream error instead of 528. [default:
                                                       False]
  --mode <Regular|ReversePlain|ReverseSecure>          Set proxy mode [default: Regular]
  --mode-reverse-port <mode-reverse-port>              Set the remote authority port when --mode ReverseSecure or
                                                       --mode ReversePlain is set []
  --proxy-auth-basic <proxy-auth-basic>                Require a basic authentication. Username and password shall be
                                                       provided in this format: username:password. Values can be
                                                       provided in a percent encoded format. []
  --request-buffer <request-buffer>                    Set the default request buffer []
  --max-upstream-connection <max-upstream-connection>  Maximum connection per upstream host [default: 16]
  -n, --max-capture-count <max-capture-count>          Exit after a specified count of exchanges []
  -?, -h, --help                                       Show help and usage information

Listen on interfaces

By default, fluxzy will listen to all loopback interface (IPv4 and IPv6) on port 44344.

You can specify multiple interfaces to listen to with the -l option. This option is expecting as argument an ip endpoint (IP address and port separated by a : or a /).

fluxzy start -l "127.0.0.1:44344" -l "[::1]:44344"

Additionally the following option are shortcuts for common listen endpoint

  • --llo : listen to IPv4 loopback on port 44344
  • --lany: listen on all interfaces on port 44344 (equivalent of -l 0.0.0.0:44344)

Save to a file

-o options specify the output file. The file format will be infered from the extension. .har for http archive, .fxzy for fluxzy archive.

fluxzy start -o /path/to/file.fxzy

Save to a directory

-d options specify the dump directory. You can use simultaneously -o and -d options.

fluxzy start -d "/path/to/dump-folder"

Act as system proxy

-sp options make fluxzy act as system proxy.

fluxzy start -sp
  • When the -sp option is used, fluxzy can only revert back the system proxy settings when SIGINT (Ctrl+C) is received. If the process is killed by other means, you will have to manually revert back the system proxy settings.
  • This option doesn't act on global environment variables for setting proxy (e.g. HTTP_PROXY, HTTPS_PROXY, NO_PROXY). Only the default system proxy of running OS UI is changed.

Install CA certificate

You can force certificate installation by using --install-cert option.

fluxzy start --install-cert
  • This option needs administrator privileges. In linux and macOS, you will have to run the CLI with sudo command.
  • This option updates only the default certificate store of the running OS. Specific user store, like curl certificate store on linux and macOS, are not updated.

Use a rule file

The '-r' option allows you to specify a rule file to use.

The following sample add a rule to update the user-agent header of all requests by appending " - Relayed by fluxzy" to the original value of the header.

cat << EOF
rules:
  - filter: 
      typeKind: AnyFilter        
    action : 
      typeKind: UpdateRequestHeaderAction
      headerName: user-agent
      # previous reference the original value of the user-agent header
      headerValue: "{{previous}} - Relayed by fluxzy"
EOF > rule-file.json
fluxzy start -r "rule-file.json" -sp

Use a custom CA

The option --cert-file and --cert-password allows you to specify a PKCS12 certificate to use as root certificate. Note : you can create a root certificate the fluxzy CLI, Check command fxzy cert create.

fluxzy start --cert-file "/path/to/cert.pfx" --cert-password "password"

No SSL decryption

The option --no-cert-cache allows you to disable SSL decryption. This option disable all filters and rules that depends on clear text content of the request or response.