Paprika - TLS/Header Spoofing Client & Proxy for Privacy and Scraping.
Project description
Paprika
version: 1.0.0
Paprika is a specialized, programmatic local Man-in-the-Middle (MITM) proxy engineered to prevent client-side profiling, tracking, and anti-bot fingerprinting. By synchronizing Layer 4 (TCP/TLS) handshakes, Layer 7 (HTTP/2) settings framing, and Client Runtime (JavaScript V8/Gecko/WebKit Engine) configurations, Paprika mitigates advanced device-fingerprinting vectors used by modern anti-bot systems (e.g., Akamai, Cloudflare, PerimeterX).
Unlike standard forward proxies that merely modify the User-Agent string, Paprika intercepts, reconstructs, and patches incoming traffic bi-directionally to ensure absolute cryptographic and semantic cohesion.
Deployment & Installation Architecture
Paprika is available in both GitHub and Codeberg and as a pip package.
System Prerequisites
Before initializing Paprika, your host environment must have OpenSSL installed and accessible via the system PATH. Paprika’s automated zero-dependency certificate manager shells out to the OpenSSL binary to generate the 2048-bit Root CA and self-signed certificates for local HTTPS MITM decryption.
- Windows:
winget install OpenSSL.OpenSSL(or via Git for Windows) - macOS:
brew install openssl - Linux:
sudo apt install openssl
Installation via pip
For production or standard daemonized usage, install the pre-compiled package directly via pip:
pip install paprika-proxy
Installation
Via GitHub:
git clone https://github.com/yourusername/paprika.git
cd paprika
pip install -r requirements.txt
Via Codeberg:
git clone https://codeberg.org/yourusername/paprika.git
cd paprika
pip install -r requirements.txt
(Dependencies primarily include curl_cffi for Layer-4 impersonation and proxy.py for the localized routing server).
Usage
Paprika operates under two distinct execution topologies: Fetch Mode (a single-shot, headless request execution) and Proxy Mode (a persistent, multi-threaded MITM interceptor).
If executed without arguments, Paprika drops into an interactive REPL (Read-Eval-Print Loop) shell (paprika-cli>) for session-persistent command execution.
1. Fetch Mode (Single-Shot Emulation)
Fetch mode is designed for CI/CD pipelines, quick endpoint validation, or localized scraping where spinning up a full proxy daemon is unnecessary. It routes a single request through the curl_cffi engine and prints the raw response.
Syntax:
paprika --mode fetch --url <TARGET_URL> [--method <METHOD>] [--browser <PROFILE>]
Example: Fetch a highly protected JSON endpoint while strictly impersonating Firefox 135 on Windows:
paprika --mode fetch -u "https://api.protected-site.com/v1/data" -m GET --browser firefox135
2. Proxy Mode (MITM Intercept Daemon)
Proxy mode binds a local listener that intercepts all outgoing browser or script traffic. It dynamically rewrites Layer 7 headers, injects the JS prototype hooks into HTML responses, and seamlessly handles TLS decryption/re-encryption.
Note: Upon boot, Paprika will automatically attempt to rewrite your host OS proxy settings (Windows Registry, macOS networksetup, or Linux gsettings) to route traffic through itself, restoring them upon a graceful exit.
Syntax:
paprika --mode proxy [--port <PORT>] [--browser <PROFILE>] [--ca-key-file <PATH> ...]
Example: Spin up the localized MITM proxy on port 8899, enforcing the Apple Silicon Safari 18.4 fingerprint constraint matrix:
paprika --mode proxy --port 8899 --browser safari184
Command Line Arguments
| Argument | Context | Description | Default |
|---|---|---|---|
--mode |
Global | Execution topology: fetch or proxy. |
fetch |
-u, --url |
Fetch | The fully qualified target URI. | None |
-m, --method |
Fetch | The HTTP verb (e.g., GET, POST, OPTIONS). |
GET |
--browser |
Global | The configuration profile matrix to map against (chrome124, firefox135, safari184). |
chrome124 |
--port |
Proxy | The local loopback port to bind the MITM listener to. | 8899 |
--ca-key-file |
Proxy | Explicit path to a custom Root CA Private Key. | Auto-Generated |
--ca-cert-file |
Proxy | Explicit path to a custom Root CA Public Certificate. | Auto-Generated |
Author: nulsie License: GNU GPL v3
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file paprika_proxy-1.0.0.tar.gz.
File metadata
- Download URL: paprika_proxy-1.0.0.tar.gz
- Upload date:
- Size: 29.8 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: python-requests/2.34.1
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
4c5bc6dba3d796e03d65e89a42a9d7b3b815782e98b12e1ac8f626e9077f350d
|
|
| MD5 |
e0308f2b350b4cd2658943148011a3f5
|
|
| BLAKE2b-256 |
aa93eec823a42effeda92b2d95a70b38031018a78fb0e1a9d853a4e8b5fed6d4
|
File details
Details for the file paprika_proxy-1.0.0-py2.py3-none-any.whl.
File metadata
- Download URL: paprika_proxy-1.0.0-py2.py3-none-any.whl
- Upload date:
- Size: 29.2 kB
- Tags: Python 2, Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: python-requests/2.34.1
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
5edb411bcbf6386f811c6cc6db6fa655f2c85d2a73162503394fa1809eadbaaf
|
|
| MD5 |
e23e4f152d882807b9ce0e516f022da5
|
|
| BLAKE2b-256 |
847263a9b047b78772ec867e2b09c1c93fadaa7acc3dbe905b81408d92fea6b9
|