FlareProx: A New Tool to Deploy Stealthy HTTP Proxies Using Cloudflare Workers

A new tool for handling network requests has appeared on GitHub — FlareProx. The project allows you to deploy an HTTP proxy on the basis of Cloudflare Workers and use it to redirect traffic to any specified address.

FlareProx supports all standard HTTP methods (GET, POST, PUT, DELETE, and others) and automatically conceals the original IP through Cloudflare’s global infrastructure. The free tier provides up to 100,000 requests per day.

The developers emphasize that the tool greatly simplifies the process: launching requires only a single command, after which ready-to-use proxy endpoints are created. They can be managed either via a console utility or directly within Python code.

Its principle of operation is straightforward: the request is sent to the designated FlareProx endpoint, the Worker extracts the target URL, forwards the request to the specified server, and then delivers the response back to the user. In this way, it establishes an additional layer of abstraction that conceals the true client address.

The capabilities extend beyond simple redirects, offering flexible header configuration. Two modes of target specification are supported — either through a query parameter or via the X-Target-URL header.

The tool is aimed at API developers, load-testing specialists, and security researchers. Potential use cases include: API development and debugging, web scraping, simulating traffic from different network locations, masking the original IP during penetration tests, and enhancing privacy protection.

FlareProx can also be integrated into custom applications. The repository contains an example Python script that automatically creates proxies and routes requests through them.

Usage requires a Cloudflare account and an API token with permissions to modify Workers. Configuration settings are stored in the flareprox.json file.

The deployment process involves installing dependencies, setting up Cloudflare access, and creating proxy endpoints. At any time, they can be tested or cleared with a single command.

The authors stress that the tool is intended strictly for legitimate purposes of development, testing, and research. Users bear full responsibility for complying with laws and service usage policies.

The project is distributed under the MIT License and is already available on GitHub.

Support Our Threat Intelligence

If you find our technology report and cybersecurity news helpful, consider supporting our work.

Buy Me a Coffee PayPal Crypto

USDT (TRC20):

TN8BdV8cp4T1Cd28gK9qTAnZknzzuwyUtm Copy

USDT (ERC20):

0x3725e1a7d3bc5765499fa6aaafe307fabcd75bce Copy