Skip to content

Comments

Add --no-fireprox flag for direct connection mode#98

Open
altjx wants to merge 1 commit intoknavesec:masterfrom
altjx:feature/no-fireprox
Open

Add --no-fireprox flag for direct connection mode#98
altjx wants to merge 1 commit intoknavesec:masterfrom
altjx:feature/no-fireprox

Conversation

@altjx
Copy link

@altjx altjx commented Dec 4, 2025
edited
Loading

Summary

This PR adds a --no-fireprox flag that allows users to avoid AWS API Gateway (FireProx) and connect directly to target endpoints.

Why this feature?

CredMaster's core value proposition is evasive password spraying via FireProx IP rotation - and that remains the recommended approach for most use cases. However, there are legitimate scenarios where direct connections are preferable:

  • Local testing/development: Quickly test plugins or validate target connectivity without AWS setup
  • Complementary tooling: Users who want CredMaster's plugin ecosystem and features (jitter, delay, notifications, logging) but handle IP rotation through other means (VPN, proxychains, etc.)

Rather than requiring users to fork and modify the codebase for these use cases, this flag provides a simple opt-in escape hatch while preserving FireProx as the default behavior.

Changes

  • Added --no-fireprox CLI flag (also supported in config files as "no_fireprox": true)
  • When enabled:
    • Skips AWS credential validation
    • Creates direct URL entries instead of API Gateways
    • Skips API cleanup on exit
    • Displays "Direct Connection" mode in stats
  • All existing functionality remains unchanged when flag is not used

Usage

# Direct connection (no AWS credentials required)
python3 credmaster.py --plugin msol -u users.txt -p passwords.txt --no-fireprox

# Config file support
{
    "no_fireprox": true,
    "plugin": "msol",
    ...
}

A warning is displayed when using this mode to remind users that all requests will originate from their IP address.

@altjx @claude
Add --no-fireprox flag for direct connection mode
d08cde2 
Implemented the --no-fireprox flag that allows users to bypass AWS API
Gateway (FireProx) and connect directly to targets. This feature provides
flexibility for users who don't need IP rotation or don't have AWS
credentials configured.

Changes:
- Added --no-fireprox CLI argument to fireprox utility options
- Modified parse_all_args() to handle no_fireprox configuration
- Updated do_input_error_handling() to skip AWS credential validation
  when --no-fireprox is enabled
- Modified load_apis() to create direct connection entries instead of
  FireProx API gateways when flag is set
- Updated destroy_apis() to skip API cleanup in direct mode
- Enhanced display_stats() to show "Direct Connection" mode info

When enabled, the tool will:
- Connect directly to the target URL without creating AWS API Gateways
- Display warning that requests originate from user's IP address
- Skip AWS credential requirements
- Skip API cleanup steps

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@altjx