Fluxzy .NET SDK
High-performance HTTP/HTTPS MITM proxy for .NET
Fluxzy.Core is a fully managed MITM engine that intercepts, records, and modifies HTTP/1.1, HTTP/2, and WebSocket traffic. Built for performance with full streaming architecture, it handles traffic with minimal overhead while providing complete control over request and response manipulation.
Why Fluxzy?
- Zero-copy streaming - Minimal memory footprint, handles high-throughput traffic
- Full protocol support - HTTP/1.1, HTTP/2, WebSocket over plain or TLS connections
- Hot reload rules - Update proxy rules at runtime without restarting
- Browser fingerprint impersonation - Built-in Chrome/Firefox JA4 fingerprint profiles
- Flexible deployment - Use as .NET library, CLI tool, or Docker container
Quick Start
dotnet add package Fluxzy.Core
using System.Net;
using Fluxzy;
using Fluxzy.Rules.Actions;
var setting = FluxzySetting.CreateDefault(IPAddress.Loopback, 44344);
setting.ConfigureRule()
.WhenAny()
.Do(new AddResponseHeaderAction("X-Proxy", "Fluxzy"));
await using var proxy = new Proxy(setting);
proxy.Run();
Console.WriteLine("Proxy running. Press any key to exit...");
Console.ReadKey();
Examples
Record Traffic to HAR or Fluxzy Archive
Capture HTTP traffic and export to standard formats for analysis.
var tempDirectory = "capture_dump";
var setting = FluxzySetting
.CreateDefault(IPAddress.Loopback, 44344)
.SetOutDirectory(tempDirectory)
.SetAutoInstallCertificate(true);
await using (var proxy = new Proxy(setting))
{
proxy.Run();
// ... traffic flows through proxy
}
// Export after proxy disposal
Packager.Export(tempDirectory, "mycapture.fxzy");
Packager.ExportAsHttpArchive(tempDirectory, "mycapture.har");
Capture OS-Wide Traffic
Register Fluxzy as the system proxy to intercept all HTTP traffic from the machine.
var setting = FluxzySetting.CreateLocalRandomPort();
await using var proxy = new Proxy(setting);
var endpoints = proxy.Run();
// Register as system proxy (auto-reverts on dispose)
await using var registration = await SystemProxyRegistrationHelper.Create(endpoints.First());
Console.WriteLine("Capturing all OS traffic. Press any key to stop...");
Console.ReadKey();
Mock Responses
Return custom responses without hitting the actual server.
var setting = FluxzySetting.CreateDefault();
setting.ConfigureRule()
.WhenHostMatch("api.example.com", StringSelectorOperation.StartsWith)
.Do(new MockedResponseAction(
MockedResponseContent.CreateFromPlainText("Mocked response", 200)));
await using var proxy = new Proxy(setting);
proxy.Run();
Transform Request/Response Bodies
Modify content in transit with full streaming support.
setting.ConfigureRule()
.WhenAny(new JsonRequestFilter())
.Do(new TransformRequestBodyAction(async (ctx, reader) => {
var content = await reader.ConsumeAsString();
return content.ToUpperInvariant();
}));
// Transform responses
setting.ConfigureRule()
.WhenAny()
.Do(new TransformResponseBodyAction(async (ctx, reader) => {
var content = await reader.ConsumeAsString();
return new BodyContent(content.Replace("foo", "bar"));
}));
Inject HTML/JavaScript
Insert code snippets into HTML pages passing through the proxy.
setting.ConfigureRule()
.When(new RequestHeaderFilter("text/html", "content-type"))
.Do(new InjectHtmlTagAction
{
HtmlContent = "<script>console.log('Injected by Fluxzy');</script>",
Tag = "head"
});
Browser Fingerprint Impersonation
Impersonate browser TLS and HTTP/2 fingerprints for testing bot detection.
var setting = FluxzySetting.CreateLocalRandomPort();
// BouncyCastle required for fingerprint impersonation
setting.UseBouncyCastleSslEngine();
setting.AddAlterationRulesForAny(
new ImpersonateAction(ImpersonateProfileManager.Chrome131Windows));
await using var proxy = new Proxy(setting);
var endpoints = proxy.Run();
// Register as system proxy
await using var registration = await SystemProxyRegistrationHelper.Create(endpoints.First());
Built-in profiles: Chrome 131/139, Firefox 142, and more.
Use Client Certificates (mTLS)
Authenticate with client certificates per-host.
var certificate = Certificate.LoadFromPkcs12("client.p12", "password");
setting.ConfigureRule()
.WhenHostEndsWith("mtls-api.example.com")
.Do(new SetClientCertificateAction(certificate));
Hot Reload Rules at Runtime
Update proxy rules without restarting.
await using var proxy = new Proxy(setting);
proxy.Run();
// Update rules while proxy is running
proxy.UpdateRules(s => {
s.AddAlterationRules(
new AddResponseHeaderAction("X-Version", "v2"),
AnyFilter.Default
);
});
// Or replace with a new rule set
proxy.UpdateRules(new List<Rule>
{
new Rule(new AddRequestHeaderAction("X-Debug", "true"), AnyFilter.Default)
});
// Get current active rules
var activeRules = proxy.GetActiveRules();
Session Capture and Replay
Capture session data (cookies, auth headers) from browser and replay via other clients.
var yamlRules = """
rules:
# Capture cookies and auth headers from responses
- filter:
typeKind: AnyFilter
action:
typeKind: CaptureSessionAction
captureCookies: true
captureHeaders:
- Authorization
- X-CSRF-Token
# Apply captured session to curl requests
- filter:
typeKind: RequestHeaderFilter
headerName: User-Agent
pattern: curl
operation: Contains
action:
typeKind: ApplySessionAction
applyCookies: true
applyHeaders: true
""";
setting.AddAlterationRules(yamlRules);
Raw Packet Capture (PCAP)
Export decrypted traffic as PCAP files for Wireshark analysis.
// Requires: dotnet add package Fluxzy.Core.Pcap
var setting = FluxzySetting
.CreateDefault(IPAddress.Loopback, 44344)
.SetOutDirectory("capture_dump");
// Enable BouncyCastle for NSS key log extraction
setting.UseBouncyCastleSslEngine();
await using var tcpProvider = await CapturedTcpConnectionProvider.CreateInProcessCapture();
await using var proxy = new Proxy(setting, tcpConnectionProvider: tcpProvider);
proxy.Run();
// After capture, export with SSL keys for Wireshark decryption
var archiveReader = new DirectoryArchiveReader("capture_dump");
var exchange = archiveReader.ReadAllExchanges().First();
var rawStream = archiveReader.GetRawCaptureStream(exchange.ConnectionId);
var sslKeys = archiveReader.GetRawCaptureKeyStream(exchange.ConnectionId);
await using var pcapFile = File.Create("capture.pcapng");
await PcapngUtils.CreatePcapngFileWithKeysAsync(sslKeys, rawStream, pcapFile);
Core Features
| Feature | Description |
|---|---|
| Traffic Interception | HTTP/1.1, HTTP/2, WebSocket over plain or TLS |
| System Proxy Mode | OS-wide traffic capture with auto-revert |
| Raw Packet Capture | PCAP export with SSL key log (via Fluxzy.Core.Pcap) |
| TLS Providers | .NET native SSL or BouncyCastle engine |
| Archive Formats | HAR and Fluxzy Archive (.fxzy) export |
| Certificate Management | Auto-generate and install root CA |
| Session Capture/Replay | Share sessions across clients |
| Hot Reload Rules | Update rules at runtime without restart |
Traffic Modification
50+ built-in actions for traffic manipulation. Browse all actions.
Headers & Body: Add/remove/modify headers, transform bodies, mock responses, inject HTML/JS
Routing & Security: Forward requests, spoof DNS, abort connections, add auth headers, client certs
Caching & Content: Remove cache directives, add cookies, serve static directories
Packages
| Package | Description | Install |
|---|---|---|
| Fluxzy.Core | Core MITM engine | dotnet add package Fluxzy.Core |
| Fluxzy.Core.Pcap | Raw packet capture | dotnet add package Fluxzy.Core.Pcap |
Requirements: .NET 8.0 or .NET 10.0
CLI & Docker
CLI
| Platform | Download |
|---|---|
| Windows | |
| macOS | |
| Linux |
Docker
docker run -it -p 44344:44344 fluxzy/fluxzy:latest start
Documentation
- Getting Started Guide - Step-by-step introduction
- API Reference - Complete API documentation
- Examples - 20+ sample projects
- Rule Actions - All built-in filters and actions
For CLI and Desktop documentation, visit fluxzy.io.
License
See LICENSE for details.