From d08cde2b2de5d91fc12b85e7f164621776c1f5bb Mon Sep 17 00:00:00 2001
From: Alton Johnson <alton.johnson@kaseya.com>
Date: Thu, 4 Dec 2025 10:36:43 -0500
Subject: [PATCH] Add --no-fireprox flag for direct connection mode
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Implemented the --no-fireprox flag that allows users to bypass AWS API
Gateway (FireProx) and connect directly to targets. This feature provides
flexibility for users who don't need IP rotation or don't have AWS
credentials configured.

Changes:
- Added --no-fireprox CLI argument to fireprox utility options
- Modified parse_all_args() to handle no_fireprox configuration
- Updated do_input_error_handling() to skip AWS credential validation
  when --no-fireprox is enabled
- Modified load_apis() to create direct connection entries instead of
  FireProx API gateways when flag is set
- Updated destroy_apis() to skip API cleanup in direct mode
- Enhanced display_stats() to show "Direct Connection" mode info

When enabled, the tool will:
- Connect directly to the target URL without creating AWS API Gateways
- Display warning that requests originate from user's IP address
- Skip AWS credential requirements
- Skip API cleanup steps

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
---
 credmaster.py | 35 ++++++++++++++++++++++++++++++-----
 1 file changed, 30 insertions(+), 5 deletions(-)

diff --git a/credmaster.py b/credmaster.py
index a0884d2..b08b2a3 100755
--- a/credmaster.py
+++ b/credmaster.py
@@ -127,6 +127,7 @@ def parse_all_args(self, args):
 		self.secret_access_key = args.secret_access_key or config_dict.get("secret_access_key")
 		self.session_token = args.session_token or config_dict.get("session_token")
 		self.profile_name = args.profile_name or config_dict.get("profile_name")
+		self.no_fireprox = args.no_fireprox or config_dict.get("no_fireprox", False)
 
 
 	def do_input_error_handling(self):
@@ -168,9 +169,10 @@ def do_input_error_handling(self):
 		if self.access_key is None and self.secret_access_key is not None:
 			self.log_entry("secret_access_key requires access_key")
 			sys.exit()
-		if self.access_key is None and self.secret_access_key is None and self.session_token is None and self.profile_name is None:
-			self.log_entry("No FireProx access arguments settings configured, add access keys/session token or fill out config file")
-			sys.exit()
+		if not self.no_fireprox:
+			if self.access_key is None and self.secret_access_key is None and self.session_token is None and self.profile_name is None:
+				self.log_entry("No FireProx access arguments settings configured, add access keys/session token or fill out config file, or use --no-fireprox")
+				sys.exit()
 
 		# Region handling
 		if self.region is not None and self.region not in self.regions:
@@ -385,6 +387,19 @@ def Execute(self, args):
 
 	def load_apis(self, url, region=None):
 
+		if self.no_fireprox:
+			self.log_entry(f"FireProx disabled - connecting directly to {url}")
+			self.log_entry("WARNING: All requests will originate from your IP address")
+			# Create dummy API entries that point directly to the target URL
+			self.apis = []
+			for x in range(0, self.thread_count):
+				self.apis.append({
+					"api_gateway_id": "direct",
+					"proxy_url": url.strip().rstrip('/'),
+					"region": "direct"
+				})
+			return
+
 		if self.thread_count > len(self.regions):
 			self.log_entry("Thread count over maximum, reducing to 15")
 			self.thread_count = len(self.regions)
@@ -429,8 +444,12 @@ def get_fireprox_args(self, command, region, url = None, api_id = None):
 
 	def display_stats(self, start=True):
 		if start:
-			self.log_entry(f"Total Regions Available: {len(self.regions)}")
-			self.log_entry(f"Total API Gateways: {len(self.apis)}")
+			if self.no_fireprox:
+				self.log_entry("Mode: Direct Connection (No FireProx)")
+				self.log_entry(f"Threads: {self.thread_count}")
+			else:
+				self.log_entry(f"Total Regions Available: {len(self.regions)}")
+				self.log_entry(f"Total API Gateways: {len(self.apis)}")
 
 		if self.end_time and not start:
 			self.log_entry(f"End Time: {self.end_time}")
@@ -475,6 +494,10 @@ def destroy_single_api(self, api):
 
 	def destroy_apis(self):
 
+		if self.no_fireprox:
+			self.log_entry("FireProx disabled - no APIs to destroy")
+			return
+
 		for api in self.apis:
 
 			args, help_str = self.get_fireprox_args("delete", api["region"], api_id = api["api_gateway_id"])
@@ -763,6 +786,8 @@ def log_success(self, username, password):
 	fpu_args.add_argument('--clean', default=False, action="store_true", help='Clean up all fireprox AWS APIs from every region, warning irreversible')
 	fpu_args.add_argument('--api_destroy', type=str, default=None, help='Destroy single API instance, by API ID')
 	fpu_args.add_argument('--api_list', default=False, action="store_true", help='List all fireprox APIs')
+	fpu_args.add_argument('--no-fireprox', default=False, action="store_true",
+	                      help='Bypass FireProx and connect directly to target (WARNING: No IP rotation)')
 
 	args,pluginargs = parser.parse_known_args()