v1.3.3 — single-file revival, JSON API, network checks, replay-able headers

First release of the modernised, single-file PHProxy. The whole product is now one index.php you drop into a PHP 8.1+ web root — no Composer, no files/, no vendor/.

Highlights since v1.2.0

Architecture

• Single file. index.php is the entire product. .htaccess dropped; no rewrite rules needed.
• Docker: docker compose up -d and open http://localhost:8080.
• Tested on PHP 8.1 and 8.5; zero deprecations under E_ALL.

New JSON API

• POST /?api=fetch — proxy makes the HTTP request for you, returns either a JSON envelope or the raw upstream response. SSRF blocklist enforced.

New utility endpoints (pure PHP built-ins, no external libraries)

Endpoint	What it does
?api=portcheck	TCP reach + latency. Accepts a single port (443), inclusive range (80-443), or comma list (22,80,443,8000-8010). NDJSON streaming mode (&stream=1) shows results live as each port comes back. Cap 128 ports.
?api=dns	A / AAAA / MX / TXT / NS / SOA / CAA / CNAME / SRV / ANY via dns_get_record().
?api=cert	Full certificate chain inspection: TLS 1.0/1.1/1.2/1.3 version probes, cipher per version, public-key type / size / curve, every X.509 extension OpenSSL parsed (keyUsage, EKU, AIA, CRL points, SAN, SCTs, …), SHA-256/SHA-1/MD5 fingerprints, and raw PEM blocks.
?api=ipinfo	Client / server / outgoing IP + reverse DNS + request headers + host info.

Panel UI

• Tabs reorganised. Entry page: Options · Cookies · Headers · IP · Port · DNS · SSL · CLI. Proxied page: Options · Cookies · Headers · (SSL on HTTPS) · Trace · CLI · Network.
• SSL tab auto-inspects the current host on first open when browsing an HTTPS page.
• Headers tab → Request headers section auto-populates with the actual headers PHProxy sent. Edit any value, click Save & replay, and the override kicks in on reload. Overrides replace the matching default (no more duplicate headers).
• CLI tab — copy-pasteable snippets in curl / PHP / Python / JavaScript / Go. Both direct-to-upstream and via-PHProxy variants, plus one example per check endpoint.
• Network tab — dev-tools-style log of every URL the proxy has fetched this session.
• Top bar on proxied pages: house icon (was "Home" text), "Up" button removed; layout is [🏠 URL Go … ⚙].

Security / anonymity

• Encrypted-URL mode by default — each URL wrapped in AES-CTR ciphertext keyed off a rotating session seed (1-hour cookie). Configurable seed TTL and key length (AES-128 / 192 / 256) via Options → Address bar.
• Outbound header set built from a known-safe whitelist. Targets never see X-Forwarded-For, X-Real-IP, Via, or Forwarded from the client side.

Install

git clone https://github.com/PHProxy/phproxy.git
cd phproxy
docker compose up -d   # then open http://localhost:8080/

Or drop index.php into any PHP 8.1+ web root. See README for shared-hosting and built-in-server instructions.

PHProxy v1.1.1

• fixes some errors on other systems.

PHProxy v1.1.0

Changelog

• Bugfixes

PHProxy v1.0.2

This is a follow-up minor release of PHProxy.

• Fixed index release version.

PHProxy v1.0.1

This is a follow-up minor release of PHProxy.

• Fixed a bug in the url field auto fill.
• Improved support for ESPN website.

PHProxy v1.0

This is a first major release of PHProxy.

• Fixed issues with html entity encoded urls.
• Added "change User-Agent config variable".
• Algorithm: removes clutter if javascript is disabled.
• Fixes breaking of some SVG related tag-attributes.
• Revamped regex patterns for better modern website support.
• Removed domain policies to maximize compatibility.
• CSS proxifier improved to support fonts.
• Update for a new user interface.

This is considered a stable release.