Skip to main content

Overview

The configuration endpoints allow you to retrieve and update the server’s proxy list and user agent list. These configurations are used for all attacks to rotate proxies and randomize user agents.
Configuration data is transmitted as base64-encoded strings to safely handle newlines and special characters in proxy URLs and user agent strings.

GET /configuration

Retrieve the current proxy and user agent configuration.

Request

No parameters required.

Response

proxies
string
required
Base64-encoded string containing the proxies file content (one proxy per line)
uas
string
required
Base64-encoded string containing the user agents file content (one user agent per line)

Example Request

curl http://localhost:8080/configuration

Example Response

{
  "proxies": "aHR0cDovL3Byb3h5MS5leGFtcGxlLmNvbTo4MDgwCmh0dHA6Ly9wcm94eTIuZXhhbXBsZS5jb206ODA4MA==",
  "uas": "TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2"
}

Decoding Configuration

To decode the base64 strings: 
fetch('http://localhost:8080/configuration')
  .then(res => res.json())
  .then(data => {
    const proxies = atob(data.proxies);
    const userAgents = atob(data.uas);
    
    console.log('Proxies:', proxies.split('\n'));
    console.log('User Agents:', userAgents.split('\n'));
  });
Or using Node.js: 
const proxies = Buffer.from(data.proxies, 'base64').toString('utf-8');
const userAgents = Buffer.from(data.uas, 'base64').toString('utf-8');

POST /configuration

Update the server’s proxy and user agent configuration.

Request Body

proxies
string
Base64-encoded string containing proxy list (one per line). If omitted, proxies are not updated.
uas
string
Base64-encoded string containing user agent list (one per line). If omitted, user agents are not updated.

Proxy Format

Proxies should be formatted as: 
http://proxy1.example.com:8080
http://username:[email protected]:8080
socks5://proxy3.example.com:1080

User Agent Format

User agents should be one per line: 
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36

Response

Returns 200 OK with body "OK" on success.

Example Request

curl -X POST http://localhost:8080/configuration \
  -H "Content-Type: application/json" \
  -d '{
    "proxies": "aHR0cDovL3Byb3h5MS5leGFtcGxlLmNvbTo4MDgw",
    "uas": "TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCk="
  }'

Example with JavaScript

const proxies = `http://proxy1.example.com:8080
http://proxy2.example.com:8080`;

const userAgents = `Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36`;

fetch('http://localhost:8080/configuration', {
  method: 'POST',
  headers: {
    'Content-Type': 'application/json'
  },
  body: JSON.stringify({
    proxies: btoa(proxies),
    uas: btoa(userAgents)
  })
})
.then(res => res.text())
.then(data => console.log('Configuration updated:', data));

Example with Node.js

const proxies = `http://proxy1.example.com:8080
http://proxy2.example.com:8080`;

const userAgents = `Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36`;

const response = await fetch('http://localhost:8080/configuration', {
  method: 'POST',
  headers: { 'Content-Type': 'application/json' },
  body: JSON.stringify({
    proxies: Buffer.from(proxies).toString('base64'),
    uas: Buffer.from(userAgents).toString('base64')
  })
});

const result = await response.text();
console.log('Result:', result); // "OK"

Socket.IO Events

While configuration is managed via REST endpoints, the Socket.IO connection provides real-time feedback about proxy usage during attacks.

startAttack Event

When starting an attack, the server automatically filters and applies the appropriate proxies based on the attack method.
target
string
required
Target URL or address (e.g., http://example.com or 127.0.0.1:25565)
attackMethod
string
required
Attack method identifier (from /attacks endpoint)
duration
integer
required
Attack duration in seconds
packetDelay
integer
required
Delay between packets in milliseconds
packetSize
integer
required
Size of each packet in bytes
threads
integer
Number of concurrent threads (defaults to CPU count if omitted or 0)

Example

socket.emit('startAttack', {
  target: 'http://example.com',
  attackMethod: 'http_flood',
  duration: 60,
  packetDelay: 100,
  packetSize: 1024,
  threads: 4
});

stats Event

The server emits statistics every second during an attack, including proxy count.
pps
integer
Packets per second in the last interval
totalPackets
integer
Total packets sent since attack start
proxies
integer
Number of proxies being used for this attack
log
string
Log message (if any)

Example

socket.on('stats', (data) => {
  console.log(`PPS: ${data.pps}`);
  console.log(`Total: ${data.totalPackets}`);
  console.log(`Proxies: ${data.proxies}`);
  if (data.log) {
    console.log(`Log: ${data.log}`);
  }
});

attackAccepted Event

Confirms attack started successfully and reports how many proxies are being used.
ok
boolean
Always true when attack is accepted
proxies
integer
Number of proxies being used

Example

socket.on('attackAccepted', (data) => {
  console.log(`Attack started with ${data.proxies} proxies`);
});

attackError Event

Sent when attack cannot start (e.g., no proxies available).
message
string
Error message describing why the attack failed

Example

socket.on('attackError', (error) => {
  console.error('Attack failed:', error.message);
});

stopAttack Event

Manually stop the current attack. 
socket.emit('stopAttack');

socket.on('attackEnd', () => {
  console.log('Attack stopped');
});

Implementation Details

The configuration endpoints are implemented in /cmd/mmb-server/main.go:188-217: 
// GET endpoint
e.GET("/configuration", func(c echo.Context) error {
    pb, _ := osReadFileSafe(cfg.ProxiesFile)
    ub, _ := osReadFileSafe(cfg.UserAgentsFile)
    return c.JSON(http.StatusOK, api.ConfigurationResponse{
        Proxies: base64.StdEncoding.EncodeToString(pb),
        UAs:     base64.StdEncoding.EncodeToString(ub),
    })
})

// POST endpoint
e.POST("/configuration", func(c echo.Context) error {
    type body struct {
        Proxies string `json:"proxies"`
        UAs     string `json:"uas"`
    }
    var b body
    if err := c.Bind(&b); err != nil {
        return err
    }
    if b.Proxies != "" {
        if data, err := base64.StdEncoding.DecodeString(b.Proxies); err == nil {
            _ = osWriteFileSafe(cfg.ProxiesFile, data)
        }
    }
    if b.UAs != "" {
        if data, err := base64.StdEncoding.DecodeString(b.UAs); err == nil {
            _ = osWriteFileSafe(cfg.UserAgentsFile, data)
        }
    }
    return c.String(http.StatusOK, "OK")
})
Configuration changes take effect for new attacks only. Running attacks continue using the proxies and user agents that were active when they started.
If you provide an empty string for proxies or uas in the POST request, that configuration will not be updated. Only non-empty values trigger updates.

Build docs developers (and LLMs) love

Get started for freeTalk to us