proxy-mcp

Overview Schema Related Servers Score Discussions

proxy_start_transparent

Start a transparent proxy listener to intercept iptables-redirected HTTP/HTTPS traffic. Requires the explicit proxy to be running first.

Instructions

Start the transparent proxy listener. Receives iptables-redirected traffic (no CONNECT tunnels). Shares the same CA cert, rules, and traffic buffer as the explicit proxy. The explicit proxy must be started first.

Input Schema

TableJSON Schema

Name	Required	Description	Default
`port`	No	Port for the transparent listener (default: 8443)

Implementation Reference

src/tools/transparent.ts:10-38 (registration)

Registration of the 'proxy_start_transparent' tool via server.tool(), with a handler that calls proxyManager.startTransparent(port) and returns the result.

export function registerTransparentTools(server: McpServer): void {
  server.tool(
    "proxy_start_transparent",
    "Start the transparent proxy listener. Receives iptables-redirected traffic (no CONNECT tunnels). Shares the same CA cert, rules, and traffic buffer as the explicit proxy. The explicit proxy must be started first.",
    {
      port: z.number().optional().default(8443).describe("Port for the transparent listener (default: 8443)"),
    },
    async ({ port }) => {
      try {
        const result = await proxyManager.startTransparent(port);
        const localIP = getLocalIP();
        return {
          content: [{
            type: "text",
            text: JSON.stringify({
              status: "success",
              port: result.port,
              instructions: [
                `Transparent listener active on ${localIP}:${result.port}`,
                "Traffic will be captured in the same buffer as the explicit proxy (tagged as 'transparent')",
              ],
            }),
          }],
        };
      } catch (e) {
        return { content: [{ type: "text", text: JSON.stringify({ status: "error", error: String(e) }) }] };
      }
    },
  );

src/tools/transparent.ts:15-15 (schema)
Input schema for the proxy_start_transparent tool: optional port number with default 8443.
```
port: z.number().optional().default(8443).describe("Port for the transparent listener (default: 8443)"),
```

src/state.ts:443-458 (handler)

Core handler logic: ProxyManager.startTransparent() validates state, delegates to buildAndStartTransparent(), and returns the port.

async startTransparent(port: number = 8443): Promise<{ port: number }> {
  if (this._transparentRunning) {
    throw new Error("Transparent proxy is already running. Stop it first.");
  }
  if (!this.cert) {
    throw new Error("No certificate. Start the explicit proxy first to generate the CA.");
  }

  this.transparentPort = port;
  await this.buildAndStartTransparent();
  this._transparentRunning = true;
  this.transparentPort = this.transparentServer!.port;
  this.transparentTrafficCount = 0;

  return { port: this.transparentServer!.port };
}

src/state.ts:1283-1318 (helper)

Helper that builds and starts a mockttp transparent proxy server with the same CA cert, rules, and event listeners as the explicit proxy.

private async buildAndStartTransparent(): Promise<void> {
  if (!this.cert) throw new Error("No certificate");

  const mockttp = await getMockttp();
  const server = mockttp.getLocal({
    https: { key: this.cert.key, cert: this.cert.cert },
  });

  // Wire event listeners to the SAME ring buffer, tagged as "transparent"
  this.setupEventListeners(server, "transparent");

  // Apply the same rules as the explicit proxy
  const proxyConfig = this.resolveProxyConfig();
  const enabledRules = [...this.rules.values()]
    .filter((r) => r.enabled)
    .sort((a, b) => a.priority - b.priority);

  for (const rule of enabledRules) {
    const builder = this.buildMatcher(server, rule.matcher).always();
    await this.buildHandler(builder, rule, proxyConfig);
  }

  // Default passthrough — same logic as explicit proxy but no JA3 spoofing
  // (transparent traffic is from mobile devices, not browsers needing spoof)
  await server.forAnyRequest().always()
    .thenPassThrough({
      ignoreHostHttpsErrors: true,
      proxyConfig,
    });

  await server.start(this.transparentPort || 0);
  this.transparentServer = server;

  // TLS capture on the transparent server too
  this.setupTlsCapture(server);
}

src/index.ts:32-75 (registration)

Import and registration call: registerTransparentTools is imported from './tools/transparent.js' and invoked during server setup.

import { registerTransparentTools } from "./tools/transparent.js";
import { registerMobileTools } from "./tools/mobile.js";
import { registerCamoufoxTools } from "./tools/camoufox.js";
import { registerResources } from "./resources.js";
import { initInterceptors } from "./interceptors/init.js";

/* ------------------------------------------------------------------ */
/*  CLI helpers                                                        */
/* ------------------------------------------------------------------ */

function arg(name: string, fallback: string): string {
  const prefix = `--${name}=`;
  const found = process.argv.find((a) => a.startsWith(prefix));
  if (found) return found.slice(prefix.length);

  const idx = process.argv.indexOf(`--${name}`);
  if (idx !== -1 && idx + 1 < process.argv.length) return process.argv[idx + 1];

  return process.env[name.toUpperCase().replace(/-/g, "_")] ?? fallback;
}

/* ------------------------------------------------------------------ */
/*  Server factory                                                     */
/* ------------------------------------------------------------------ */

function createMcpServer(): McpServer {
  const server = new McpServer({ name: "proxy", version: "3.3.2" });

  initInterceptors();

  registerLifecycleTools(server);
  registerUpstreamTools(server);
  registerRuleTools(server);
  registerTrafficTools(server);
  registerModificationTools(server);
  registerTlsTools(server);
  registerInterceptorTools(server);
  registerDevToolsTools(server);
  registerSessionTools(server);
  registerHumanizerTools(server);
  registerTransparentTools(server);
  registerMobileTools(server);
  registerCamoufoxTools(server);
  registerResources(server);

Tool Definition Quality

A4/5.0

Behavior3/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

No annotations provided, so description carries full burden. Discloses shared resources (CA cert, rules, traffic buffer) and traffic type, but doesn't mention system changes (e.g., iptables modifications) or other behavioral traits.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness5/5

Is the description appropriately sized, front-loaded, and free of redundancy?

Three sentences, front-loaded with purpose, then traffic type and prerequisite. No redundant words.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness4/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given low complexity (1 optional param, no output schema), description sufficiently covers purpose, traffic type, shared resources, and prerequisite. Could mention return value or stopping behavior for completeness.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters3/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Schema coverage is 100% with a description for the single parameter. Description adds no additional meaning beyond schema's 'Port for the transparent listener (default: 8443)'. Baseline 3 applies.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose5/5

Does the description clearly state what the tool does and how it differs from similar tools?

Clearly states it starts the transparent proxy listener, distinguishes from explicit proxy by mentioning iptables-redirected traffic and no CONNECT tunnels.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines4/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

Explicitly states prerequisite: 'The explicit proxy must be started first.' Implicitly differentiates from sibling proxy_start, but could be more explicit about when to choose this tool.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Other Tools

Latest Blog Posts

Lightport: Open-Sourcing Glama's AI Gateway
By punkpeye on April 27, 2026.
open source
OpenAI
Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/yfe404/proxy-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server