ProxSec is an open-source browser extension designed for bug bounty hunters and security professionals. It streamlines your workflow with efficient proxy management, bug bounty program tracking, and scope checking capabilities - all in a clean, minimalist interface.
Here's a visual tour of ProxSec's key features and interface:
|
Dashboard Overview |
Proxy Management |
|
Program Management |
Active Monitoring |
- Streamlined Testing: Quickly toggle proxies on/off without opening multiple tabs or navigating away from your work
- Stay In Scope: Avoid out-of-scope testing with real-time domain validation
- Time Saving: Manage all your proxies and programs in one central location
- Lightweight: Minimal impact on browser performance
- Privacy-Focused: Your data never leaves your browser
- Quick Toggle: Enable/disable proxies from any tab with a single click
- Multiple Configurations: Store and switch between various proxy setups
- Protocol Support: Compatible with HTTP and HTTPS proxies
- Credentials: Securely store authentication details for proxies that require them
- Visual Status: Clear indicators for active/inactive state
- Program Tracking: Store details of multiple bug bounty programs
- Scope Awareness: Check if domains are in scope for your enrolled programs
- Domain Patterns: Support for wildcard domain patterns (e.g., *.example.com)
- Program Notes: Keep notes specific to each program
- Local Storage: All data remains in your browser - nothing is sent to external servers
- Encrypted Storage: Sensitive data is encrypted using browser's built-in storage encryption
- Open Source: Transparent codebase with MIT license
Coming soon to Chrome Web Store, Firefox Add-ons, and Edge Add-ons
-
Clone this repository
git clone https://github.com/aacle/proxsec.git
-
Open your browser's extension management page:
- Chrome: Navigate to
chrome://extensions/ - Firefox (Comming Soon)
- Chrome: Navigate to
-
Enable Developer Mode
-
Click "Load unpacked" (Chrome/Edge) select the extension directory
- Click the ProxSec icon in your browser toolbar
- Use the quick toggle in the header to enable/disable your active proxy
- Navigate to the "Proxies" tab to add, edit, or remove proxies
- Fill in the required details for each proxy:
- Name: A descriptive name
- Protocol: HTTP or HTTPS
- IP Address: Typically 127.0.0.1 for local proxies
- Port: Common ports include 8080 for Burp Suite, 8090 for OWASP ZAP
- Username/Password: If required by your proxy
- Navigate to the "Programs" tab
- Click "Add Program" to create a new entry
- Enter the program details:
- Name: Organization or program name
- URL: Program URL
- Scope Domains: List of in-scope domains, one per line
- Notes: Any additional information
- Visit any website
- Open the extension
- The dashboard will show if the current domain is in scope for any of your programs
Here's a typical workflow example using ProxSec:
-
Setup your testing proxies
β Add Burp Suite proxy (127.0.0.1:8080) β Add OWASP ZAP proxy (127.0.0.1:8090) -
Configure bug bounty programs
β Add "Example Corp" program β Add domains: *.example.com, api.example.com β Add program notes and details -
Begin testing
β Navigate to target site β Toggle proxy ON with one click β Extension automatically checks if site is in scope β Begin your testing -
Switch tools effortlessly
β Toggle current proxy OFF β Select different proxy configuration β Toggle new proxy ON β Continue testing without disruption
- Note-taking for vulnerabilities
- Customizable recon tools
- Vulnerability report templates
Contributions are welcome! Please feel free to submit a Pull Request.
- Fork the repository
- Create your feature branch:
git checkout -b feature/amazing-feature - Commit your changes:
git commit -m 'Add some amazing feature' - Push to the branch:
git push origin feature/amazing-feature - Open a Pull Request
If you discover any security issues, please report them via GitHub Issues instead of opening a public issue.
If you find ProxSec helpful for your work:
- Star the GitHub repository
- Share with other security professionals
- Report bugs or suggest features through GitHub Issues
- Consider contributing to the codebase
This project is licensed under the MIT License - see the LICENSE file for details.