Latest Threat Research:SANDWORM_MODE: Shai-Hulud-Style npm Worm Hijacks CI Workflows and Poisons AI Toolchains.Details
Socket
Book a DemoInstallSign in
Socket
Book a DemoInstallSign in

tunnelproxy

Package Overview
Dependencies
Maintainers
1
Versions
3
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

tunnelproxy

A small whitelisting HTTP CONNECT proxy

Source
pipPyPI
Version
0.2.0
Maintainers
1

TunnelProxy: A small whitelisting HTTP CONNECT proxy

This is a small HTTP CONNECT proxy, with a target host whitelist.

Implemented in Python on top of trio and h11, it is written for ease of comprehension and auditing. (This makes it easy to adopt in situations where you'd want such a proxy.)

A secondary goal is to be flexible. It can be used in two ways:

  • As a stand-alone proxy. Just run the module:

    python -m tunnelproxy --address localhost --port 8080 --config example-config.json

  • As a library. The proxy (TunnelProxy) always runs in Trio's event loop, but a wrapper (SynchronousTunnelProxy) lets you run it from normal code.

    Make it your own!

For example of (2), see tunnelproxy/__main__.py.

Performance

The proxy is single-threaded.

On an AMD Ryzen 9 7900, it handles 1000 connections per second at <5ms maximal latency, as measured on a 10s burst. (See benchmarking for details.)

It's not much, but enough for many use cases.

Changelog

See docs/CHANGELOG.md.

License

This project is MIT licensed. TrioHTTPConnection from adapter.py is based on h11's example server, by Nathaniel J. Smith. The rest is written by Antun Maldini.

Keywords

whitelist proxy HTTP

FAQs

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Four Malicious NuGet Packages Target ASP.NET Developers With JIT Hooking and Credential Exfiltration

Research

/

Security News

Four Malicious NuGet Packages Target ASP.NET Developers With JIT Hooking and Credential Exfiltration

Socket uncovered four malicious NuGet packages targeting ASP.NET apps, using a typosquatted dropper and localhost proxy to steal Identity data and backdoor apps.

By Kush Pandya  -  Feb 23, 2026
Socket Joins the OpenJS Foundation

Company News

Socket Joins the OpenJS Foundation

Socket is proud to join the OpenJS Foundation as a Silver Member, deepening our commitment to the long-term health and security of the JavaScript ecosystem.

By Sarah Gooding  -  Feb 19, 2026