Overview Miku Miku Beam supports multiple proxy protocols for routing attack traffic. Proxies are loaded from a text file and randomly distributed across worker threads.
Supported Protocols
HTTP/HTTPS Layer 7 proxies using HTTP CONNECT tunneling
SOCKS4 Layer 4 proxies for TCP connections
SOCKS5 Layer 4 proxies with authentication support
Proxies are loaded from a text file (default: data/proxies.txt). Each line represents one proxy.
[protocol://][username:password@]host:port
Examples # HTTP proxy without auth http://proxy.example.com:8080 # HTTPS proxy with authentication https://user:[email protected] :8443 # SOCKS5 with auth socks5://admin:[email protected] :1080 # SOCKS4 (no auth support) socks4://socks4-proxy.org:1080 # Implicit protocol (defaults to HTTP) 192.168.1.100:3128 # No port specified (defaults to 8080) proxy.local
# This is a comment http://proxy1.example.com:8080 # Empty lines are ignored http://proxy2.example.com:8080 # Another proxy socks5://user:[email protected] :1080
Lines starting with # are treated as comments and ignored during parsing.
Proxy Parsing Location: internal/proxy/loader.go
Loading Process func LoadProxies ( path string ) ([] engine . Proxy , error )
Steps :
Open file and scan line-by-line
Skip empty lines and comments
Parse protocol (defaults to http if not specified)
Extract authentication credentials if present
Split host and port
Create Proxy struct
Proxy Structure type Proxy struct { Username string // Empty if no auth Password string // Empty if no auth Protocol string // "http", "https", "socks4", "socks5" Host string // IP address or hostname Port int // Port number (default: 8080) }
Default Values Component Default Value Protocol httpPort 8080Username “ (empty) Password “ (empty)
Protocol-Specific Behavior HTTP/HTTPS Proxies Implementation : Uses Go’s net/http proxy support with CONNECT tunneling.proxyURL := & url . URL { Scheme : p . Protocol , Host : net . JoinHostPort ( p . Host , strconv . Itoa ( p . Port )), } if p . Username != "" { proxyURL . User = url . UserPassword ( p . Username , p . Password ) } transport . Proxy = http . ProxyURL ( proxyURL )
Authentication : Basic auth with Base64 encodingtoken := base64 . StdEncoding . EncodeToString ([] byte ( p . Username + ":" + p . Password )) transport . ProxyConnectHeader . Set ( "Proxy-Authorization" , "Basic " + token )
CONNECT Request Example :CONNECT target.com:443 HTTP / 1.1 Host : target.com:443 Proxy-Authorization : Basic dXNlcjpwYXNz Proxy-Connection : Keep-Alive
SOCKS4/SOCKS5 Proxies Implementation : Uses h12.io/socks library for SOCKS protocol handling.proxyAddr := p . Protocol + "://" + net . JoinHostPort ( p . Host , strconv . Itoa ( p . Port )) dialSocks := socks . Dial ( proxyAddr ) transport . DialContext = func ( ctx context . Context , network , address string ) ( net . Conn , error ) { return dialSocks ( network , address ) }
Key Differences :Feature SOCKS4 SOCKS5 Authentication ❌ ✅ UDP Support ❌ ✅ IPv6 Support ❌ ✅ DNS Resolution Client-side Proxy-side (optional)
SOCKS proxies provide lower-level control and are required for Layer 4 attacks (TCP Flood, Slowloris, Minecraft Ping).
Method-Based Filtering Proxies are automatically filtered based on attack method compatibility.
Filter Rules Location: internal/proxy/loader.go:72
allowed := map [ engine . AttackKind ] map [ string ] bool { engine . AttackHTTPFlood : { "http" : true , "https" : true , "socks4" : true , "socks5" : true }, engine . AttackHTTPBypass : { "http" : true , "https" : true , "socks4" : true , "socks5" : true }, engine . AttackHTTPSlowloris : { "socks4" : true , "socks5" : true }, engine . AttackTCPFlood : { "socks4" : true , "socks5" : true }, engine . AttackMinecraftPing : { "socks4" : true , "socks5" : true }, }
Why Layer 4 Attacks Require SOCKS HTTP/HTTPS proxies work at Layer 7 and only support HTTP protocol. Methods that need raw TCP control (Slowloris, TCP Flood, Minecraft Ping) require SOCKS proxies for direct TCP socket access.
If you load only HTTP/HTTPS proxies and use a Layer 4 attack method, filtering will result in zero usable proxies.
Proxy Distribution Location: internal/engine/engine.go:179
Random Selection For each packet dispatch, a random proxy is selected:
var p Proxy if proxyCount > 0 { p = proxies [ rand . Intn ( proxyCount )] }
Load Distribution With multiple threads and high packet rates, proxies receive roughly equal distribution:
Thread 0: [Proxy 3] [Proxy 1] [Proxy 5] [Proxy 2] ... Thread 1: [Proxy 2] [Proxy 4] [Proxy 1] [Proxy 3] ... Thread 2: [Proxy 5] [Proxy 2] [Proxy 4] [Proxy 1] ... ...
Random selection prevents predictable patterns but doesn’t guarantee perfect balance. With enough packets, distribution approaches uniform.
HTTP Client Configuration Location: internal/netutil/httpdial.go
Client Settings func DialedHTTPClient ( p core . Proxy , timeout time . Duration , maxRedirects int ) * http . Client
Default Values :
Timeout : 5-6 seconds (method-dependent)Max Redirects : 3TLS Verification : Disabled (InsecureSkipVerify: true)Keep-Alive : Enabled via Connection: keep-alive header
TLS Configuration transport := & http . Transport { TLSClientConfig : & tls . Config { InsecureSkipVerify : true }, }
TLS certificate verification is disabled for all connections. This is intentional for stress testing but should never be used in production client code.
TCP Connection Handling Location: internal/netutil/tcpdial.go
Connection Flow func DialedTCPClient ( ctx context . Context , scheme string , // "tcp" or "tls" host string , port int , p * core . Proxy // nil for direct connection ) ( net . Conn , error )
HTTP CONNECT Tunneling For HTTP/HTTPS proxies with TCP targets:
1. Connect to proxy :proxyAddr := net . JoinHostPort ( p . Host , strconv . Itoa ( p . Port )) conn , err := base ( ctx , "tcp" , proxyAddr )
2. Send CONNECT request :CONNECT target.com:443 HTTP / 1.1 Host : target.com:443 Proxy-Connection : Keep-Alive Proxy-Authorization : Basic <base64_credentials>
3. Parse response :line , err := br . ReadString ( ' \n ' ) if ! strings . HasPrefix ( line , "HTTP/1.1 200" ) { return nil , errors . New ( "proxy connect failed" ) }
4. Drain headers and use established tunnel TLS Wrapping if scheme == "tls" { tlsConn := tls . Client ( c , & tls . Config { ServerName : host , InsecureSkipVerify : true , }) return tlsConn , nil }
TLS is applied AFTER proxy tunneling, encrypting traffic between client and target (not proxy).
User Agent Rotation While not strictly proxy-related, user agents are distributed similarly.
Loading User Agents Location: internal/proxy/loader.go:54
func LoadUserAgents ( path string ) ([] string , error )
File format (default: data/uas.txt):# Modern browsers Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36... Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7)... Mozilla/5.0 (X11; Linux x86_64)... # Mobile browsers Mozilla/5.0 (iPhone; CPU iPhone OS 14_6 like Mac OS X)...
Random Selection var ua string if uaCount > 0 { ua = userAgents [ rand . Intn ( uaCount )] }
Each packet gets a random user agent, independent of proxy selection.
Configuration Reference config.toml # Proxy configuration file path proxies_file = "data/proxies.txt" # User agent list file path user_agents_file = "data/uas.txt" # Web server port (for GUI) server_port = 3000 # CORS allowed origin allowed_origin = "http://localhost:5173"
Path Resolution func ResolvePath ( baseDir , p string ) string
Absolute paths : Used as-isRelative paths : Resolved from baseDir (or current working directory)
Example:
Config: proxies_file = "data/proxies.txt"
Base dir: /home/user/mikumikubeam
Resolved: /home/user/mikumikubeam/data/proxies.txt
Best Practices Proxy Selection
Match Proxy Type to Attack Method
Use SOCKS proxies for Layer 4 attacks
HTTP/HTTPS proxies work for HTTP Flood and Bypass
Mix both types for maximum flexibility
Optimize Proxy Count
More proxies = better distribution
Dead proxies waste threads (timeouts reduce throughput)
Test proxies before using in attacks
Security
Protect Credentials
Store proxy files outside version control
Use restrictive file permissions (chmod 600)
Avoid plain-text credentials when possible
Testing
Validate Proxy List
Test connectivity before attacks
Check protocol compatibility with attack method
Monitor for proxy failures during attacks
Troubleshooting No Proxies Loaded Symptom : Attack runs but uses direct connectionCauses :
File path incorrect
All lines commented or empty
File doesn’t exist (silently ignored)
Solution : Check file path and formatZero Usable Proxies Symptom : Attack starts but no traffic generatedCauses :
Proxy protocol incompatible with attack method
All proxies filtered out
Solution : Use SOCKS proxies for Layer 4 attacksSlow Attack Rate Symptom : Packets/second lower than expectedCauses :
Proxy timeouts (dead proxies)
High latency proxies
Authentication failures
Solution : Remove slow/dead proxies, test connectivityAuthentication Failures Symptom : Connections fail with 407 Proxy Authentication RequiredCauses :
Incorrect username/password
Special characters not URL-encoded
Solution : Verify credentials, escape special charactersExample Configurations Mixed Protocol Setup # data/proxies.txt # HTTP proxies (for HTTP Flood/Bypass) http://proxy1.example.com:8080 http://proxy2.example.com:3128 # SOCKS5 proxies (for all attack types) socks5://user:[email protected] :1080 socks5://admin:[email protected] :1080 # SOCKS4 proxies (no auth) socks4://socks3.example.com:1080
# 100+ proxies for maximum distribution http://pool1.provider.com:8080 http://pool2.provider.com:8080 # ... (98 more)
Authenticated Enterprise Proxies Testing Setup (No Proxies) # Empty file or all commented - uses direct connection # Useful for local testing