Command start
The start
command begin a new capture session and blocks until the capture session is stopped with SIGINT (Ctrl+C).
Options
Description:
Start a capturing session
Usage:
fluxzy start [options]
Options:
--llo Listen on localhost address with default port. Same as -l
127.0.0.1/44344 [default: False]
--lany Listen on all interfaces with default port (44344) [default:
False]
-l, --listen-interface <listen-interface> Set up the binding addresses. Default value is "127.0.0.1:44344"
which will listen to localhost on port 44344. 0.0.0.0 to listen
on all interface with the default port. Use port 0 to let OS
assign a random available port. Accepts multiple values.
[default: 127.0.0.1:44344]
-o, --output-file <output-file> Output the captured traffic to an archive file []
-d, --dump-folder <dump-folder> Output the captured traffic to folder
-r, --rule-file <rule-file> Use a fluxzy rule file. See more at :
https://www.fluxzy.io/resources/documentation/the-rule-file
-R, --rule-stdin Read rule from stdin
-sp, --system-proxy Try to register fluxzy as system proxy when started [default:
False]
-k, --insecure Skip remote certificate validation globally. Use
`SkipRemoteCertificateValidationAction` for specific host only
[default: False]
-ss, --skip-ssl-decryption Disable ssl traffic decryption [default: False]
-b, --bouncy-castle Use Bouncy Castle as SSL/TLS provider [default: False]
-c, --include-dump Include tcp dumps on captured output [default: False]
--external-capture Indicates that the raw capture will be done by an external
process [default: False]
-t, --trace Output trace on stdout [default: False]
-i, --install-cert Install root CA in current cert store if absent (require higher
privilege) [default: False]
--no-cert-cache Don't cache generated certificate on file system [default: False]
--cert-file <cert-file> Substitute the default CA certificate with a compatible PKCS#12
(p12, pfx) root CA certificate for SSL decryption
--cert-password <cert-password> Set the password of certfile if any
--parse-ua Parse user agent [default: False]
--use-502 Use 502 status code for upstream error instead of 528. [default:
False]
--mode <Regular|ReversePlain|ReverseSecure> Set proxy mode [default: Regular]
--mode-reverse-port <mode-reverse-port> Set the remote authority port when --mode ReverseSecure or
--mode ReversePlain is set []
--proxy-auth-basic <proxy-auth-basic> Require a basic authentication. Username and password shall be
provided in this format: username:password. Values can be
provided in a percent encoded format. []
--request-buffer <request-buffer> Set the default request buffer []
--max-upstream-connection <max-upstream-connection> Maximum connection per upstream host [default: 16]
-n, --max-capture-count <max-capture-count> Exit after a specified count of exchanges []
-?, -h, --help Show help and usage information
Listen on interfaces
By default, fluxzy will listen to all loopback interface (IPv4 and IPv6) on port 44344.
You can specify multiple interfaces to listen to with the -l
option. This option is expecting as argument an ip endpoint (IP address and port separated by a :
or
a /
).
fluxzy start -l "127.0.0.1:44344" -l "[::1]:44344"
Additionally the following option are shortcuts for common listen endpoint
--llo
: listen to IPv4 loopback on port 44344--lany
: listen on all interfaces on port 44344 (equivalent of-l 0.0.0.0:44344
)
Save to a file
-o
options specify the output file. The file format will be infered from the extension. .har
for http archive, .fxzy
for fluxzy archive.
fluxzy start -o /path/to/file.fxzy
Save to a directory
-d
options specify the dump directory. You can use simultaneously -o
and -d
options.
fluxzy start -d "/path/to/dump-folder"
Act as system proxy
-sp
options make fluxzy act as system proxy.
fluxzy start -sp
- When the
-sp
option is used, fluxzy can only revert back the system proxy settings whenSIGINT
(Ctrl+C) is received. If the process is killed by other means, you will have to manually revert back the system proxy settings. - This option doesn't act on global environment variables for setting proxy (e.g.
HTTP_PROXY
,HTTPS_PROXY
,NO_PROXY
). Only the default system proxy of running OS UI is changed.
Install CA certificate
You can force certificate installation by using --install-cert
option.
fluxzy start --install-cert
- This option needs administrator privileges. In linux and macOS, you will have to run the CLI with
sudo
command. - This option updates only the default certificate store of the running OS. Specific user store, like curl certificate store on linux and macOS, are not updated.
Use a rule file
The '-r' option allows you to specify a rule file to use.
The following sample add a rule to update the user-agent header of all requests by appending " - Relayed by fluxzy" to the original value of the header.
cat << EOF
rules:
- filter:
typeKind: AnyFilter
action :
typeKind: UpdateRequestHeaderAction
headerName: user-agent
# previous reference the original value of the user-agent header
headerValue: "{{previous}} - Relayed by fluxzy"
EOF > rule-file.json
fluxzy start -r "rule-file.json" -sp
Use a custom CA
The option --cert-file
and --cert-password
allows you to specify a PKCS12 certificate to use as root certificate.
Note : you can create a root certificate the fluxzy CLI, Check command fxzy cert create
.
fluxzy start --cert-file "/path/to/cert.pfx" --cert-password "password"
No SSL decryption
The option --no-cert-cache
allows you to disable SSL decryption. This option disable all filters and rules that depends on clear text content of the request or response.