Multi-protocol MITM proxy for torrent trackers with Cloudflare bypass, TLS interception, and UDP relay.
- SOCKS5 + HTTP proxy with automatic protocol detection
- TLS interception (MITM) with dynamic certificate generation
- Cloudflare bypass via JA3 fingerprinting (Chrome/Firefox/Safari impersonation)
- UDP relay for tracker announce/scrape translation
- REST API for request/response inspection and modification (Burp Suite-style)
- Hot-reloadable config (JSON, auto-reloads every 5s)
- Rule-based routing : per-domain actions (mitm, tunnel, drop), header injection/removal
Download trackerproxy.exe from Releases, create a proxy-config.json, and run:
trackerproxy.exe proxy-config.json
cd go/
go build -o trackerproxy .
./trackerproxy proxy-config.jsonpip install mitmproxy curl_cffi
python mitm_proxy.pyCreate a proxy-config.json:
{
"listen": "127.0.0.1:8080",
"ca_cert": "certs/ca.pem",
"ca_key": "certs/ca-key.pem",
"cert_cache_dir": "certs/dynamic",
"log_dir": "logs",
"max_connections": 600,
"tls_profiles": {
"chrome": {"fingerprint": "chrome_auto"}
},
"rules": [
{
"name": "Example Cloudflare bypass",
"match": {"domain": "*.example.com", "port": [443]},
"action": "mitm",
"tls_profile": "chrome",
"log": true
}
],
"default_action": "tunnel",
"udp": {
"enabled": true,
"tracker_translate": true,
"tracker_ports": [80, 443, 1337, 2710, 6881, 6969]
},
"api": {
"listen": "127.0.0.1:8082",
"max_history": 2000
}
}Generate a root CA for TLS interception:
mkdir -p certs
openssl genrsa -out certs/ca-key.pem 4096
openssl req -new -x509 -key certs/ca-key.pem -out certs/ca.pem -days 3650 -subj "/CN=TrackerProxy CA"Install certs/ca.pem as trusted root CA on your system for MITM to work transparently.
Configure your torrent client to use the proxy:
- qBittorrent: Settings > Connection > Proxy > SOCKS5 or HTTP, host
127.0.0.1, port8080 - Prowlarr: Settings > Indexers > add HTTP proxy
127.0.0.1:8080
The REST API runs on 127.0.0.1:8082 by default:
| Endpoint | Description |
|---|---|
GET /api/history |
Recent request/response log |
GET /api/stats |
Connection stats and uptime |
GET /api/config |
Current configuration |
POST /api/config/reload |
Hot-reload config file |
| Action | Description |
|---|---|
mitm |
Full TLS interception, decrypt + re-encrypt with dynamic cert |
tunnel |
Pass-through (no decryption), just relay TCP |
drop |
Block the connection |