Expand description
Derusted - Production-Ready Rust Forward Proxy
Derusted is a high-performance forward proxy with MITM (Man-In-The-Middle) capabilities, built in Rust for safety, speed, and reliability.
§Features
- HTTP/1.1 & HTTP/2: Full support for both protocols with ALPN negotiation
- MITM/SSL Interception: Dynamic certificate generation for HTTPS content inspection
- JWT Authentication: HS256/384/512 token-based authentication
- Rate Limiting: Token bucket algorithm with configurable limits
- Smart Bypass: Intelligent bypass for certificate-pinned domains
- SSRF Protection: DNS-based SSRF prevention
- Metrics: Prometheus-compatible metrics
§Usage
use derusted::{CertificateAuthority, MitmConfig};
#[tokio::main]
async fn main() -> Result<(), Box<dyn std::error::Error>> {
// Create MITM Certificate Authority
let mitm_config = MitmConfig::default();
let ca = CertificateAuthority::new(mitm_config.into()).await?;
// Generate certificate for domain
let cert = ca.get_or_generate("example.com").await?;
Ok(())
}§Architecture
Derusted is designed as a library that can be embedded in larger applications:
mitm- MITM/SSL interception coreauth- JWT authenticationrate_limiter- Rate limitingdestination_filter- URL/domain filteringhttp_client- Upstream HTTP clientserver- Core proxy server logic
§Open Source
Derusted is open source under Apache-2.0 license and welcomes contributions. Visit: https://github.com/your-org/derusted
Re-exports§
pub use config::Config;pub use auth::JwtClaims;pub use auth::JwtValidator;pub use rate_limiter::RateLimiter;pub use rate_limiter::RateLimiterConfig;pub use destination_filter::DestinationError;pub use destination_filter::DestinationFilter;pub use ip_tracker::IpTracker;pub use ip_tracker::IpTrackerError;pub use body_limiter::read_body_with_limit;pub use body_limiter::BodyLimitError;pub use mitm::AlertConfig;pub use mitm::BypassConfig;pub use mitm::BypassConfigError;pub use mitm::BypassManager;pub use mitm::BypassReason;pub use mitm::BypassRule;pub use mitm::BypassStats;pub use mitm::CaKeyManager;pub use mitm::CertificateAuthority;pub use mitm::ClientTlsConfig;pub use mitm::DynamicBypassConfig;pub use mitm::Environment;pub use mitm::ExampleBypassRules;pub use mitm::HostIdentifier;pub use mitm::InterceptionError;pub use mitm::InterceptionResult;pub use mitm::LoggingPolicy;pub use mitm::MitmError;pub use mitm::MitmInterceptor;pub use mitm::PiiRedactor;pub use mitm::RequestMetadata;pub use mitm::SecretBackend;pub use mitm::StartupError;pub use mitm::StaticBypassRule;pub use mitm::TlsConfigBuilder;pub use mitm::UpstreamTlsConfig;pub use mitm::VaultBackend;pub use http_metrics::HttpMetrics;pub use mixed_content::build_block_response;pub use mixed_content::build_upgrade_failure_response;pub use mixed_content::detect_mixed_content;pub use mixed_content::parse_https_origin;pub use mixed_content::UpgradeError;
Modules§
- auth
- body_
limiter - config
- connection_
pool - Connection Pool for Upstream TLS Connections
- destination_
filter - http_
client - http_
metrics - ip_
tracker - logger
- mitm
- MITM (Man-in-the-Middle) interception module
- mixed_
content - rate_
limiter - reload
- server
- tls