Command start
The start command begin a new capture session and blocks until the capture session is stopped with SIGINT (Ctrl+C).
Options
Description:
Start a capturing session
Usage:
fluxzy start [options]
Options:
--llo Listen on localhost address with default port. Same as -l
127.0.0.1/44344 [default: False]
--lany Listen on all interfaces with default port (44344) [default:
False]
-l, --listen-interface <listen-interface> Set up the binding addresses. Default value is "127.0.0.1:44344"
which will listen to localhost on port 44344. 0.0.0.0 to listen
on all interface with the default port. Use port 0 to let OS
assign a random available port. Accepts multiple values.
[default: 127.0.0.1:44344]
-o, --output-file <output-file> Output the captured traffic to an archive file []
-d, --dump-folder <dump-folder> Output the captured traffic to folder
-r, --rule-file <rule-file> Use a fluxzy rule file. See more at :
https://www.fluxzy.io/resources/documentation/the-rule-file
-R, --rule-stdin Read rule from stdin
-sp, --system-proxy Try to register fluxzy as system proxy when started [default:
False]
-k, --insecure Skip remote certificate validation globally. Use
`SkipRemoteCertificateValidationAction` for specific host only
[default: False]
-ss, --skip-ssl-decryption Disable ssl traffic decryption [default: False]
-b, --bouncy-castle Use Bouncy Castle as SSL/TLS provider [default: False]
-c, --include-dump Include tcp dumps on captured output [default: False]
--external-capture Indicates that the raw capture will be done by an external
process [default: False]
-t, --trace Output trace on stdout [default: False]
-i, --install-cert Install root CA in current cert store if absent (require higher
privilege) [default: False]
--no-cert-cache Don't cache generated certificate on file system [default: False]
--cert-file <cert-file> Substitute the default CA certificate with a compatible PKCS#12
(p12, pfx) root CA certificate for SSL decryption
--cert-password <cert-password> Set the password of certfile if any
--parse-ua Parse user agent [default: False]
--use-502 Use 502 status code for upstream error instead of 528. [default:
False]
--mode <Regular|ReversePlain|ReverseSecure> Set proxy mode [default: Regular]
--mode-reverse-port <mode-reverse-port> Set the remote authority port when --mode ReverseSecure or
--mode ReversePlain is set []
--proxy-auth-basic <proxy-auth-basic> Require a basic authentication. Username and password shall be
provided in this format: username:password. Values can be
provided in a percent encoded format. []
--request-buffer <request-buffer> Set the default request buffer []
--max-upstream-connection <max-upstream-connection> Maximum connection per upstream host [default: 16]
-n, --max-capture-count <max-capture-count> Exit after a specified count of exchanges []
--enable-process-tracking Enable tracking of the local process that initiated each
request. Only works for connections originating from localhost.
[default: False]
--no-android-emulator Disable inclusion of Android emulator host (10.0.2.2) in self
detection. By default, Fluxzy considers 10.0.2.2 as a local
address for Android emulator compatibility. [default: False]
-p, --pretty Enable interactive pretty output with live exchange table and
statistics panel [default: False]
--pretty-max-rows <pretty-max-rows> Maximum number of exchanges to keep in the pretty output buffer
[default: 2000]
--enable-discovery Enable mDNS discovery service to announce the proxy on the local
network. Allows clients to discover the proxy automatically.
[default: False]
-?, -h, --help Show help and usage information
Listen on interfaces
By default, fluxzy will listen to all loopback interface (IPv4 and IPv6) on port 44344.
You can specify multiple interfaces to listen to with the -l option. This option is expecting as argument an ip endpoint (IP address and port separated by a : or
a /).
fluxzy start -l "127.0.0.1:44344" -l "[::1]:44344"
Additionally the following option are shortcuts for common listen endpoint
--llo: listen to IPv4 loopback on port 44344--lany: listen on all interfaces on port 44344 (equivalent of-l 0.0.0.0:44344)
Save to a file
-o options specify the output file. The file format will be infered from the extension. .har for http archive, .fxzy for fluxzy archive.
fluxzy start -o /path/to/file.fxzy
Save to a directory
-d options specify the dump directory. You can use simultaneously -o and -d options.
fluxzy start -d "/path/to/dump-folder"
Act as system proxy
-sp options make fluxzy act as system proxy.
fluxzy start -sp
- When the
-spoption is used, fluxzy can only revert back the system proxy settings whenSIGINT(Ctrl+C) is received. If the process is killed by other means, you will have to manually revert back the system proxy settings. - This option doesn't act on global environment variables for setting proxy (e.g.
HTTP_PROXY,HTTPS_PROXY,NO_PROXY). Only the default system proxy of running OS UI is changed.
Install CA certificate
You can force certificate installation by using --install-cert option.
fluxzy start --install-cert
- This option needs administrator privileges. In linux and macOS, you will have to run the CLI with
sudocommand. - This option updates only the default certificate store of the running OS. Specific user store, like curl certificate store on linux and macOS, are not updated.
Use a rule file
The '-r' option allows you to specify a rule file to use.
The following sample add a rule to update the user-agent header of all requests by appending " - Relayed by fluxzy" to the original value of the header.
cat << EOF
rules:
- filter:
typeKind: AnyFilter
action :
typeKind: UpdateRequestHeaderAction
headerName: user-agent
# previous reference the original value of the user-agent header
headerValue: "{{previous}} - Relayed by fluxzy"
EOF > rule-file.json
fluxzy start -r "rule-file.json" -sp
Use a custom CA
The option --cert-file and --cert-password allows you to specify a PKCS12 certificate to use as root certificate.
Note: you can create a root certificate with the fluxzy CLI using fluxzy cert create.
fluxzy start --cert-file "/path/to/cert.pfx" --cert-password "password"
No SSL decryption
The option --skip-ssl-decryption (-ss) allows you to disable SSL traffic decryption. This option disables all filters and rules that depend on clear text content of the request or response.
fluxzy start --skip-ssl-decryption
Enable mDNS discovery
The --enable-discovery option enables mDNS (multicast DNS) discovery service to announce the proxy on the local network. This allows clients to discover the proxy automatically without manual configuration.
fluxzy start --lany --enable-discovery
This feature is useful when you want mobile devices or other machines on the same network to easily find and connect to the proxy.
Process tracking
The --enable-process-tracking option enables tracking of the local process that initiated each request. This only works for connections originating from localhost.
fluxzy start --enable-process-tracking
Limit capture count
The -n or --max-capture-count option allows you to exit automatically after capturing a specified number of exchanges.
fluxzy start -n 100
Proxy authentication
The --proxy-auth-basic option requires clients to authenticate with basic authentication. Username and password are provided in username:password format.
fluxzy start --proxy-auth-basic "user:pass"
Values can also be provided in percent-encoded format.
Reverse proxy mode
The --mode option allows you to set the proxy mode. Available modes are:
| Mode | Description |
|---|---|
Regular |
Standard forward proxy (default) |
ReversePlain |
Reverse proxy for plain HTTP traffic |
ReverseSecure |
Reverse proxy for HTTPS traffic |
When using ReversePlain or ReverseSecure, use --mode-reverse-port to specify the target port.
fluxzy start --mode ReverseSecure --mode-reverse-port 443