@fanboynz/network-scanner 2.0.50 → 2.0.52

package/lib/proxy.js

@@ -0,0 +1,279 @@
+/**
+ * Proxy Module for NWSS Network Scanner
+ * ======================================
+ * Routes specific site URLs through SOCKS5, SOCKS4, HTTP, or HTTPS proxies.
+ *
+ * Chromium's --proxy-server flag is browser-wide, so sites requiring a proxy
+ * need a separate browser instance. This module handles:
+ *   - Parsing proxy URLs (all supported protocols)
+ *   - Generating Chromium launch args
+ *   - Per-page authentication via Puppeteer
+ *   - Proxy bypass lists
+ *   - Proxy health checks
+ *
+ * CONFIG EXAMPLES:
+ *
+ *   SOCKS5 (no auth):
+ *     "proxy": "socks5://127.0.0.1:1080"
+ *
+ *   SOCKS5 with auth:
+ *     "proxy": "socks5://user:pass@127.0.0.1:1080"
+ *
+ *   HTTP proxy (corporate):
+ *     "proxy": "http://proxy.corp.com:3128"
+ *
+ *   HTTP proxy with auth:
+ *     "proxy": "http://user:pass@proxy.corp.com:8080"
+ *
+ *   HTTPS proxy:
+ *     "proxy": "https://secure-proxy.example.com:8443"
+ *
+ *   With bypass list and remote DNS:
+ *     "proxy": "socks5://127.0.0.1:1080",
+ *     "proxy_bypass": ["localhost", "127.0.0.1", "*.local"],
+ *     "proxy_remote_dns": true
+ *
+ *   Debug mode:
+ *     "proxy": "socks5://127.0.0.1:1080",
+ *     "proxy_debug": true
+ *
+ *   Legacy key (backwards compatible):
+ *     "socks5_proxy": "socks5://127.0.0.1:1080"
+ *
+ * INTEGRATION (in nwss.js):
+ *   const { needsProxy, getProxyArgs, applyProxyAuth, getProxyInfo } = require('./lib/proxy');
+ *
+ *   // Before browser launch
+ *   if (needsProxy(siteConfig)) {
+ *     const proxyArgs = getProxyArgs(siteConfig, forceDebug);
+ *     browserArgs.push(...proxyArgs);
+ *   }
+ *
+ *   // After page creation, before page.goto()
+ *   await applyProxyAuth(page, siteConfig, forceDebug);
+ *
+ * @version 1.1.0
+ */
+
+const { formatLogMessage } = require('./colorize');
+
+const PROXY_MODULE_VERSION = '1.1.0';
+const SUPPORTED_PROTOCOLS = ['socks5', 'socks4', 'http', 'https'];
+
+const DEFAULT_PORTS = {
+  socks5: 1080,
+  socks4: 1080,
+  http: 8080,
+  https: 8443
+};
+
+/**
+ * Returns the configured proxy URL string from siteConfig.
+ * Supports both "proxy" (preferred) and "socks5_proxy" (legacy) keys.
+ *
+ * @param {object} siteConfig
+ * @returns {string|null}
+ */
+function getConfiguredProxy(siteConfig) {
+  return siteConfig.proxy || siteConfig.socks5_proxy || null;
+}
+
+/**
+ * Parses a proxy URL into components.
+ * Accepts: protocol://host:port, protocol://user:pass@host:port, bare host:port
+ *
+ * @param {string} proxyUrl - Proxy URL string
+ * @returns {object|null} Parsed proxy or null if invalid
+ */
+function parseProxyUrl(proxyUrl) {
+  if (!proxyUrl || typeof proxyUrl !== 'string') return null;
+
+  let cleaned = proxyUrl.trim();
+
+  // Normalise bare host:port to socks5:// URL
+  if (!cleaned.includes('://')) {
+    cleaned = `socks5://${cleaned}`;
+  }
+
+  try {
+    const url = new URL(cleaned);
+    const protocol = url.protocol.replace(':', '');
+
+    if (!SUPPORTED_PROTOCOLS.includes(protocol)) return null;
+
+    const host = url.hostname;
+    if (!host) return null;
+
+    const port = parseInt(url.port, 10) || DEFAULT_PORTS[protocol] || 1080;
+    const username = url.username ? decodeURIComponent(url.username) : null;
+    const password = url.password ? decodeURIComponent(url.password) : null;
+
+    return { protocol, host, port, username, password };
+  } catch (_) {
+    return null;
+  }
+}
+
+/**
+ * Checks if a site config requires a proxy
+ *
+ * @param {object} siteConfig
+ * @returns {boolean}
+ */
+function needsProxy(siteConfig) {
+  return !!getConfiguredProxy(siteConfig);
+}
+
+/**
+ * Returns Chromium launch arguments for the configured proxy.
+ *
+ * @param {object} siteConfig
+ * @param {boolean} forceDebug
+ * @returns {string[]} Array of Chromium args (empty if no proxy configured)
+ */
+function getProxyArgs(siteConfig, forceDebug = false) {
+  const proxyUrl = getConfiguredProxy(siteConfig);
+  if (!proxyUrl) return [];
+
+  const parsed = parseProxyUrl(proxyUrl);
+  if (!parsed) {
+    console.warn(formatLogMessage('proxy', `Invalid proxy URL: ${proxyUrl}`));
+    return [];
+  }
+
+  const args = [
+    `--proxy-server=${parsed.protocol}://${parsed.host}:${parsed.port}`
+  ];
+
+  // Remote DNS: resolve hostnames through the proxy (prevents DNS leaks)
+  // Only meaningful for SOCKS proxies; HTTP proxies resolve remotely by default
+  const remoteDns = siteConfig.proxy_remote_dns ?? siteConfig.socks5_remote_dns;
+  if ((parsed.protocol === 'socks5' || parsed.protocol === 'socks4') && remoteDns !== false) {
+    args.push('--host-resolver-rules=MAP * ~NOTFOUND , EXCLUDE 127.0.0.1');
+  }
+
+  // Bypass list: domains that skip the proxy
+  const bypass = siteConfig.proxy_bypass || siteConfig.socks5_bypass || [];
+  if (bypass.length > 0) {
+    args.push(`--proxy-bypass-list=${bypass.join(';')}`);
+  }
+
+  const debug = forceDebug || siteConfig.proxy_debug || siteConfig.socks5_debug;
+  if (debug) {
+    console.log(formatLogMessage('proxy', `[${parsed.protocol}] Args: ${args.join(' ')}`));
+  }
+
+  return args;
+}
+
+/**
+ * Applies proxy authentication to a page via Puppeteer's authenticate API.
+ * Must be called BEFORE page.goto().
+ *
+ * @param {object} page - Puppeteer page instance
+ * @param {object} siteConfig
+ * @param {boolean} forceDebug
+ * @returns {Promise<boolean>} True if auth was applied
+ */
+async function applyProxyAuth(page, siteConfig, forceDebug = false) {
+  const proxyUrl = getConfiguredProxy(siteConfig);
+  if (!proxyUrl) return false;
+
+  const parsed = parseProxyUrl(proxyUrl);
+  if (!parsed || !parsed.username) return false;
+
+  try {
+    await page.authenticate({
+      username: parsed.username,
+      password: parsed.password || ''
+    });
+
+    const debug = forceDebug || siteConfig.proxy_debug || siteConfig.socks5_debug;
+    if (debug) {
+      console.log(formatLogMessage('proxy', `Auth set for ${parsed.username}@${parsed.host}:${parsed.port}`));
+    }
+
+    return true;
+  } catch (err) {
+    console.warn(formatLogMessage('proxy', `Failed to set proxy auth: ${err.message}`));
+    return false;
+  }
+}
+
+/**
+ * Tests proxy connectivity by attempting a TCP connection.
+ *
+ * @param {object} siteConfig
+ * @param {number} timeoutMs - Connection timeout (default 5000ms)
+ * @returns {Promise<object>} { reachable, latencyMs, error }
+ */
+async function testProxy(siteConfig, timeoutMs = 5000) {
+  const proxyUrl = getConfiguredProxy(siteConfig);
+  if (!proxyUrl) {
+    return { reachable: false, latencyMs: 0, error: 'No proxy configured' };
+  }
+
+  const parsed = parseProxyUrl(proxyUrl);
+  if (!parsed) {
+    return { reachable: false, latencyMs: 0, error: 'Invalid proxy URL' };
+  }
+
+  const net = require('net');
+  const start = Date.now();
+
+  return new Promise((resolve) => {
+    const socket = new net.Socket();
+
+    const onError = (err) => {
+      socket.destroy();
+      resolve({ reachable: false, latencyMs: Date.now() - start, error: err.message });
+    };
+
+    socket.setTimeout(timeoutMs);
+    socket.on('error', onError);
+    socket.on('timeout', () => onError(new Error('Connection timeout')));
+
+    socket.connect(parsed.port, parsed.host, () => {
+      const latency = Date.now() - start;
+      socket.destroy();
+      resolve({ reachable: true, latencyMs: latency, error: null });
+    });
+  });
+}
+
+/**
+ * Returns human-readable proxy info string for logging.
+ *
+ * @param {object} siteConfig
+ * @returns {string}
+ */
+function getProxyInfo(siteConfig) {
+  const proxyUrl = getConfiguredProxy(siteConfig);
+  if (!proxyUrl) return 'none';
+
+  const parsed = parseProxyUrl(proxyUrl);
+  if (!parsed) return 'invalid';
+
+  const auth = parsed.username ? `${parsed.username}@` : '';
+  return `${parsed.protocol}://${auth}${parsed.host}:${parsed.port}`;
+}
+
+/**
+ * Returns module version information
+ */
+function getModuleInfo() {
+  return { version: PROXY_MODULE_VERSION, name: 'Proxy Handler' };
+}
+
+module.exports = {
+  parseProxyUrl,
+  needsProxy,
+  getProxyArgs,
+  applyProxyAuth,
+  testProxy,
+  getProxyInfo,
+  getModuleInfo,
+  getConfiguredProxy,
+  PROXY_MODULE_VERSION,
+  SUPPORTED_PROTOCOLS
+};

package/nwss.js

@@ -1,4 +1,4 @@
-// === Network scanner script (nwss.js) v2.0.33 ===
+// === Network scanner script (nwss.js) v2.0.51 ===
 
 // puppeteer for browser automation, fs for file system operations, psl for domain parsing.
 // const pLimit = require('p-limit'); // Will be dynamically imported
@@ -44,6 +44,7 @@ const { performPageInteraction, createInteractionConfig } = require('./lib/inter
 const { createGlobalHelpers, getTotalDomainsSkipped, getDetectedDomainsCount } = require('./lib/domain-cache');
 const { createSmartCache } = require('./lib/smart-cache'); // Smart cache system
 const { clearPersistentCache } = require('./lib/smart-cache');
+const { needsProxy, getProxyArgs, applyProxyAuth, getProxyInfo, testProxy } = require('./lib/proxy');
 // Dry run functionality
 const { initializeDryRunCollections, addDryRunMatch, addDryRunNetTools, processDryRunResults, writeDryRunOutput } = require('./lib/dry-run');
 // Enhanced site data clearing functionality
@@ -1354,7 +1355,7 @@ function setupFrameHandling(page, forceDebug) {
    * Uses system Chrome and temporary directories to minimize disk usage
    * @returns {Promise<import('puppeteer').Browser>} Browser instance
    */
-  async function createBrowser() {
+  async function createBrowser(extraArgs = []) {
     // Create temporary user data directory that we can fully control and clean up
     const tempUserDataDir = `/tmp/puppeteer-${Date.now()}-${Math.random().toString(36).substring(7)}`;
     userDataDir = tempUserDataDir; // Store for cleanup tracking (use outer scope variable)
@@ -1366,9 +1367,17 @@ function setupFrameHandling(page, forceDebug) {
     if (launchHeadless) {
       const puppeteerInfo = detectPuppeteerVersion();
       
+      // Check if any site needs fingerprint protection — use stealth-friendly headless mode
+      const needsStealth = sites.some(site => site.fingerprint_protection);
+      
       if (puppeteerInfo.useShellMode) {
-        headlessMode = 'shell'; // Use fast chrome-headless-shell for 22.x+
-        if (forceDebug) console.log(formatLogMessage('debug', `Using chrome-headless-shell (Puppeteer ${puppeteerInfo.version || 'v' + puppeteerInfo.majorVersion + '.x'})`));
+        if (needsStealth) {
+          headlessMode = 'new'; // Full Chrome in headless — harder to detect than chrome-headless-shell
+          if (forceDebug) console.log(formatLogMessage('debug', `Using headless=new for stealth (fingerprint_protection detected)`));
+        } else {
+          headlessMode = 'shell'; // Use fast chrome-headless-shell for 22.x+
+          if (forceDebug) console.log(formatLogMessage('debug', `Using chrome-headless-shell (Puppeteer ${puppeteerInfo.version || 'v' + puppeteerInfo.majorVersion + '.x'})`));
+        }
       } else {
         headlessMode = true; // Use regular headless for older versions
         if (forceDebug) console.log(formatLogMessage('debug', 'Could not detect Puppeteer version, using regular headless mode'));
@@ -1438,7 +1447,7 @@ function setupFrameHandling(page, forceDebug) {
         '--disable-features=SafeBrowsing',
         '--disable-dev-shm-usage',
         '--disable-sync',
-        '--disable-gpu',
+        '--use-gl=swiftshader',  // Software WebGL — prevents ad script crashes in headless
         '--mute-audio',
         '--disable-translate',
         '--window-size=1920,1080',
@@ -1458,6 +1467,7 @@ function setupFrameHandling(page, forceDebug) {
         '--disable-background-timer-throttling',
         '--disable-features=site-per-process', // Better for single-site scanning
         '--no-zygote', // Better process isolation
+        ...extraArgs,
         ],
         // Optimized timeouts for Puppeteer 23.x performance
         protocolTimeout: TIMEOUTS.PROTOCOL_TIMEOUT,
@@ -1492,7 +1502,9 @@ function setupFrameHandling(page, forceDebug) {
 
   // Log which headless mode is being used
   if (forceDebug && launchHeadless) {
-    console.log(formatLogMessage('debug', `Using chrome-headless-shell for maximum performance`));
+    const needsStealth = sites.some(site => site.fingerprint_protection);
+    const modeLabel = needsStealth ? 'headless=new (stealth mode)' : 'chrome-headless-shell (performance mode)';
+    console.log(formatLogMessage('debug', `Using ${modeLabel}`));
   }
 
   // Initial cleanup of any existing Chrome temp files - always comprehensive on startup
@@ -1650,6 +1662,11 @@ function setupFrameHandling(page, forceDebug) {
     let cdpSessionManager = null;
     // Use Map to track domains and their resource types for --adblock-rules or --dry-run
     const matchedDomains = (adblockRulesMode || siteConfig.adblock_rules || dryRunMode) ? new Map() : new Set();
+
+    // Local domain dedup scoped to THIS processUrl call only
+    // Prevents cross-config contamination from the global domain cache
+    const localDetectedDomains = new Set();
+    const isLocallyDetected = (domain) => localDetectedDomains.has(domain);
     
     // Initialize dry run matches collection
     if (dryRunMode) {
@@ -2130,6 +2147,11 @@ function setupFrameHandling(page, forceDebug) {
         }
       }
 
+      // --- Apply proxy authentication if configured ---
+      if (needsProxy(siteConfig)) {
+        await applyProxyAuth(page, siteConfig, forceDebug);
+      }
+
       // --- Apply all fingerprint spoofing (user agent, Brave, fingerprint protection) ---
       try {
         await applyAllFingerprintSpoofing(page, siteConfig, forceDebug, currentUrl);
@@ -2423,6 +2445,7 @@ function setupFrameHandling(page, forceDebug) {
 
       // Mark full subdomain as detected for future reference
       markDomainAsDetected(cacheKey);
+      localDetectedDomains.add(cacheKey);
       
       // Also mark in smart cache with context (if cache is enabled)
       if (smartCache) {
@@ -2492,7 +2515,7 @@ function setupFrameHandling(page, forceDebug) {
           if (forceDebug) {
             console.log(formatLogMessage('debug', `Blocking potential infinite iframe loop: ${checkedUrl}`));
           }
-          request.abort();
+          request.abort('blockedbyclient');
           return;
         }
 
@@ -2527,7 +2550,7 @@ function setupFrameHandling(page, forceDebug) {
               if (forceDebug) {
                 console.log(formatLogMessage('debug', `${messageColors.blocked('[adblock]')} ${checkedUrl} (${result.reason})`));
               }
-              request.abort();
+              request.abort('blockedbyclient');
               return;
             }
             adblockStats.allowed++;
@@ -2607,7 +2630,7 @@ function setupFrameHandling(page, forceDebug) {
             }
           }
           
-          request.abort();
+          request.abort('blockedbyclient');
           return;
         }
 
@@ -2717,7 +2740,7 @@ function setupFrameHandling(page, forceDebug) {
                 dryRunCallback: dryRunMode ? createEnhancedDryRunCallback(matchedDomains, forceDebug) : null,
                 matchedDomains,
                 addMatchedDomain,
-                isDomainAlreadyDetected,
+                isDomainAlreadyDetected: isLocallyDetected,
                 onWhoisResult: smartCache ? (domain, result) => smartCache.cacheNetTools(domain, 'whois', result) : undefined,
                 onDigResult: smartCache ? (domain, result, recordType) => smartCache.cacheNetTools(domain, 'dig', result, recordType) : undefined,
                 cachedWhois: smartCache ? smartCache.getCachedNetTools(reqDomain, 'whois') : null,
@@ -2766,8 +2789,8 @@ function setupFrameHandling(page, forceDebug) {
              }
             } else if (hasNetTools && !hasSearchString && !hasSearchStringAnd) {
              // If nettools are configured (whois/dig), perform checks on the domain
-             // Skip nettools check if full subdomain was already detected
-             if (isDomainAlreadyDetected(fullSubdomain)) {
+             // Skip nettools check if full subdomain was already detected in THIS scan
+             if (localDetectedDomains.has(fullSubdomain)) {
                if (forceDebug) {
                  console.log(formatLogMessage('debug', `Skipping nettools check for already detected subdomain: ${fullSubdomain}`));
                }
@@ -2826,7 +2849,7 @@ function setupFrameHandling(page, forceDebug) {
                dryRunCallback: dryRunMode ? createEnhancedDryRunCallback(matchedDomains, forceDebug) : null,
                matchedDomains,
                addMatchedDomain,
-               isDomainAlreadyDetected,
+               isDomainAlreadyDetected: isLocallyDetected,
                // Add cache callbacks if smart cache is available and caching is enabled
                onWhoisResult: smartCache ? (domain, result) => {
                  smartCache.cacheNetTools(domain, 'whois', result);
@@ -2856,8 +2879,8 @@ function setupFrameHandling(page, forceDebug) {
              }
            } else {
              // If searchstring or searchstring_and IS defined (with or without nettools), queue for content checking
-             // Skip searchstring check if full subdomain was already detected
-             if (isDomainAlreadyDetected(fullSubdomain)) {
+             // Skip searchstring check if full subdomain was already detected in THIS scan
+             if (localDetectedDomains.has(fullSubdomain)) {
                if (forceDebug) {
                  console.log(formatLogMessage('debug', `Skipping searchstring check for already detected subdomain: ${fullSubdomain}`));
                }
@@ -2913,7 +2936,7 @@ function setupFrameHandling(page, forceDebug) {
                    searchStringsAnd,
                    matchedDomains,
                    addMatchedDomain, // Pass the helper function
-                   isDomainAlreadyDetected,
+                   isDomainAlreadyDetected: isLocallyDetected,
                    onContentFetched: smartCache && !ignoreCache ? (url, content) => {
                      // Only cache if not bypassing cache
                      if (!shouldBypassCacheForUrl(url, siteConfig)) {
@@ -2949,7 +2972,7 @@ function setupFrameHandling(page, forceDebug) {
                    regexes,
                    matchedDomains,
                    addMatchedDomain,
-                   isDomainAlreadyDetected,
+                   isDomainAlreadyDetected: isLocallyDetected,
                    onContentFetched: smartCache && !ignoreCache ? (url, content) => {
                      // Only cache if not bypassing cache
                      if (!shouldBypassCacheForUrl(url, siteConfig)) {
@@ -3020,7 +3043,7 @@ function setupFrameHandling(page, forceDebug) {
          matchedDomains,
          addMatchedDomain, // Pass the helper function
          bypassCache: (url) => shouldBypassCacheForUrl(url, siteConfig),
-         isDomainAlreadyDetected,
+         isDomainAlreadyDetected: isLocallyDetected,
          onContentFetched: smartCache && !ignoreCache ? (url, content) => {
            // Only cache if not bypassing cache
            if (!shouldBypassCacheForUrl(url, siteConfig)) {
@@ -3337,6 +3360,25 @@ function setupFrameHandling(page, forceDebug) {
           siteCounter++;
           // Continue processing with the redirected URL instead of throwing error
         } else {
+          // Detect proxy-specific failures and provide clear diagnostics
+          if (needsProxy(siteConfig) && err.message) {
+            const proxyErrors = [
+              'ERR_PROXY_CONNECTION_FAILED',
+              'ERR_SOCKS_CONNECTION_FAILED',
+              'ERR_TUNNEL_CONNECTION_FAILED',
+              'ERR_PROXY_AUTH_UNSUPPORTED',
+              'ERR_PROXY_AUTH_REQUESTED',
+              'ERR_SOCKS_CONNECTION_HOST_UNREACHABLE',
+              'ERR_PROXY_CERTIFICATE_INVALID',
+              'ERR_NO_SUPPORTED_PROXIES'
+            ];
+            const proxyErr = proxyErrors.find(e => err.message.includes(e));
+            if (proxyErr) {
+              const info = getProxyInfo(siteConfig);
+              console.error(formatLogMessage('error', `[proxy] ${proxyErr} — proxy: ${info} — URL: ${currentUrl}`));
+              console.error(formatLogMessage('error', `[proxy] Check: is the proxy running? Are credentials correct? Is the target reachable from the proxy?`));
+            }
+          }
           console.error(formatLogMessage('error', `Failed on ${currentUrl}: ${err.message}`));
           throw err;
         }
@@ -3348,8 +3390,16 @@ function setupFrameHandling(page, forceDebug) {
         
         // Mark page as processing during interactions
         updatePageUsage(page, true);
-        // Use enhanced interaction module
-        await performPageInteraction(page, currentUrl, interactionConfig, forceDebug);
+        // Use enhanced interaction module with hard abort timeout
+        const INTERACTION_HARD_TIMEOUT = 15000;
+        try {
+          await Promise.race([
+            performPageInteraction(page, currentUrl, interactionConfig, forceDebug),
+            new Promise((_, reject) => setTimeout(() => reject(new Error('interaction hard timeout')), INTERACTION_HARD_TIMEOUT))
+          ]);
+        } catch (interactTimeoutErr) {
+          if (forceDebug) console.log(formatLogMessage('debug', `[interaction] Aborted after ${INTERACTION_HARD_TIMEOUT}ms: ${interactTimeoutErr.message}`));
+        }
       }
 
       const delayMs = DEFAULT_DELAY;
@@ -3662,6 +3712,26 @@ function setupFrameHandling(page, forceDebug) {
       }
       
     } catch (err) {
+      // Detect proxy-specific failures at top level
+      if (needsProxy(siteConfig) && err.message) {
+        const proxyErrors = [
+          'ERR_PROXY_CONNECTION_FAILED',
+          'ERR_SOCKS_CONNECTION_FAILED',
+          'ERR_TUNNEL_CONNECTION_FAILED',
+          'ERR_PROXY_AUTH_UNSUPPORTED',
+          'ERR_PROXY_AUTH_REQUESTED',
+          'ERR_SOCKS_CONNECTION_HOST_UNREACHABLE',
+          'ERR_PROXY_CERTIFICATE_INVALID',
+          'ERR_NO_SUPPORTED_PROXIES'
+        ];
+        const proxyErr = proxyErrors.find(e => err.message.includes(e));
+        if (proxyErr) {
+          const info = getProxyInfo(siteConfig);
+          console.error(formatLogMessage('error', `[proxy] ${proxyErr} — proxy: ${info} — URL: ${currentUrl}`));
+          console.error(formatLogMessage('error', `[proxy] Check: is the proxy running? Are credentials correct? Is the target reachable from the proxy?`));
+        }
+      }
+
       // Only restart for truly fatal browser errors
       const isFatalError = CRITICAL_BROWSER_ERRORS.some(errorType => 
         err.message.includes(errorType)
@@ -3789,6 +3859,14 @@ function setupFrameHandling(page, forceDebug) {
     }
   }
 
+  // Helper to get a stable proxy key for grouping browser instances
+  const proxyKeyFor = (siteConfig) => {
+    if (!needsProxy(siteConfig)) return '';
+    return getProxyInfo(siteConfig);
+  };
+
+  // Sort tasks so proxy groups are contiguous — direct connections first, then each proxy
+  allTasks.sort((a, b) => proxyKeyFor(a.config).localeCompare(proxyKeyFor(b.config)));
 
   let results = [];
   let processedUrlCount = 0;
@@ -3832,6 +3910,7 @@ function setupFrameHandling(page, forceDebug) {
 
  // Process URLs in batches with exception handling
  let siteGroupIndex = 0;
+ let currentProxyKey = '';  // Track active proxy config — '' means direct connection
  try {
    for (let batchStart = 0; batchStart < totalUrls; batchStart += RESOURCE_CLEANUP_INTERVAL) {
     const batchEnd = Math.min(batchStart + RESOURCE_CLEANUP_INTERVAL, totalUrls);
@@ -3952,14 +4031,67 @@ function setupFrameHandling(page, forceDebug) {
         if (forceDebug) console.log(formatLogMessage('debug', `Browser cleanup warning: ${browserCloseErr.message}`));
       }
       
-      // Create new browser for next batch
-      browser = await createBrowser();
+      // Create new browser for next batch (preserve current proxy config)
+      const restartProxyArgs = currentProxyKey ? getProxyArgs(currentBatch[0].config, forceDebug) : [];
+      browser = await createBrowser(restartProxyArgs);
       if (forceDebug) console.log(formatLogMessage('debug', `New browser instance created for batch ${Math.floor(batchStart / RESOURCE_CLEANUP_INTERVAL) + 1}`));
       
       // Reset cleanup counter and add delay
       urlsSinceLastCleanup = 0;
       await fastTimeout(TIMEOUTS.BROWSER_STABILIZE_DELAY);
     }
+
+    // --- Proxy-aware browser restart ---
+    // --proxy-server is browser-wide, so if the batch needs a different proxy we must restart
+    const batchProxyKey = proxyKeyFor(currentBatch[0].config);
+    if (batchProxyKey !== currentProxyKey) {
+      const debug = forceDebug || currentBatch[0].config.proxy_debug || currentBatch[0].config.socks5_debug;
+      if (debug) {
+        const from = currentProxyKey || 'direct';
+        const to = batchProxyKey || 'direct';
+        console.log(formatLogMessage('proxy', `Switching proxy: ${from} → ${to}`));
+      }
+
+      try {
+        await handleBrowserExit(browser, {
+          forceDebug, timeout: 10000, exitOnFailure: false,
+          cleanTempFiles: true, comprehensiveCleanup: removeTempFiles
+        });
+        if (userDataDir && fs.existsSync(userDataDir)) {
+          fs.rmSync(userDataDir, { recursive: true, force: true });
+        }
+      } catch (proxyRestartErr) {
+        if (forceDebug) console.log(formatLogMessage('debug', `Proxy switch browser cleanup: ${proxyRestartErr.message}`));
+      }
+
+      const proxyArgs = batchProxyKey ? getProxyArgs(currentBatch[0].config, forceDebug) : [];
+
+      // Pre-flight: verify proxy is reachable before launching browser
+      if (proxyArgs.length > 0) {
+        const health = await testProxy(currentBatch[0].config, 5000);
+        if (!health.reachable) {
+          const info = getProxyInfo(currentBatch[0].config);
+          console.error(formatLogMessage('error', `[proxy] Unreachable: ${info} — ${health.error}`));
+          console.error(formatLogMessage('error', `[proxy] Skipping ${currentBatch.length} URL(s) in this batch`));
+          const skipResults = currentBatch.map(task => ({
+            success: false, url: task.url, rules: [],
+            error: `Proxy unreachable: ${health.error}`
+          }));
+          results.push(...skipResults);
+          processedUrlCount += currentBatch.length;
+          urlsSinceLastCleanup += currentBatch.length;
+          continue;
+        }
+        if (forceDebug) {
+          console.log(formatLogMessage('proxy', `Proxy reachable (${health.latencyMs}ms)`));
+        }
+      }
+
+      browser = await createBrowser(proxyArgs);
+      currentProxyKey = batchProxyKey;
+      urlsSinceLastCleanup = 0;
+      await fastTimeout(TIMEOUTS.BROWSER_STABILIZE_DELAY);
+    }
     
     if (forceDebug) {
       console.log(formatLogMessage('debug', `Processing batch ${Math.floor(batchStart / RESOURCE_CLEANUP_INTERVAL) + 1}: ${batchSize} URL(s) (total processed: ${processedUrlCount})`));
@@ -3986,7 +4118,8 @@ function setupFrameHandling(page, forceDebug) {
      console.log(formatLogMessage('error', `[TIMEOUT] Batch hung. Restarting browser.`));
      try {
        await handleBrowserExit(browser, { forceDebug, timeout: 5000, exitOnFailure: false });
-       browser = await createBrowser();
+       const timeoutProxyArgs = currentProxyKey ? getProxyArgs(currentBatch[0].config, forceDebug) : [];
+       browser = await createBrowser(timeoutProxyArgs);
        urlsSinceLastCleanup = 0;
      } catch (restartErr) {
        throw restartErr;
@@ -4104,7 +4237,7 @@ function setupFrameHandling(page, forceDebug) {
             comprehensive: true 
           });
         }
-        browser = await createBrowser();
+        browser = await createBrowser(currentProxyKey ? getProxyArgs(currentBatch[0].config, forceDebug) : []);
         urlsSinceLastCleanup = 0; // Reset counter
         await fastTimeout(TIMEOUTS.EMERGENCY_RESTART_DELAY); // Give browser time to stabilize
       } catch (emergencyRestartErr) {
@@ -4116,7 +4249,7 @@ function setupFrameHandling(page, forceDebug) {
       console.log(`\n${messageColors.fileOp('🔄 Emergency hang detection restart:')} Browser appears hung, forcing restart`);
       try {
         await handleBrowserExit(browser, { forceDebug, timeout: 5000, exitOnFailure: false, cleanTempFiles: true });
-        browser = await createBrowser();
+        browser = await createBrowser(currentProxyKey ? getProxyArgs(currentBatch[0].config, forceDebug) : []);
         urlsSinceLastCleanup = 0;
         forceRestartFlag = false; // Reset flag
         await fastTimeout(TIMEOUTS.EMERGENCY_RESTART_DELAY);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@fanboynz/network-scanner",
-  "version": "2.0.50",
+  "version": "2.0.52",
   "description": "A Puppeteer-based network scanner for analyzing web traffic, generating adblock filter rules, and identifying third-party requests. Features include fingerprint spoofing, Cloudflare bypass, content analysis with curl/grep, and multiple output formats.",
   "main": "nwss.js",
   "scripts": {
@@ -48,7 +48,7 @@
   },
   "homepage": "https://github.com/ryanbr/network-scanner",
   "devDependencies": {
-    "eslint": "^9.32.0",
+    "eslint": "^10.0.2",
     "globals": "^16.3.0"
   }
 }