Docs / Getting started / FoxyProxy
Use FoxyProxy with Crusader
The short version. Use Crusader's built-in test browser first. It launches a Chromium-family browser in an isolated profile, routes it to Crusader automatically, trusts the Crusader CA without changing your daily browser, and is the path we recommend for WAF-sensitive testing. FoxyProxy is still useful when you want manual browser control, URL patterns, per-tab or per-container routing, or a quick toggle in your normal browser. In Crusader testing, some FoxyProxy-routed browser sessions triggered WAF or bot controls that the built-in test browser did not, so treat FoxyProxy as a convenience workflow, not the cleanest fingerprint workflow.
01When to use FoxyProxy
FoxyProxy is a browser extension for switching a browser across one or more proxy servers. It is convenient if you already use a daily browser profile for testing, need URL-pattern rules, want to proxy one browser tab differently from another, or use Firefox containers and private windows during a test.
It is not the best default for fingerprint-sensitive work. The extension changes how the browser is routed, but it does not make the browser look more natural to a WAF. For Crusader, the built-in test browser is the recommended baseline because it starts a controlled Chromium profile with known proxy and certificate settings, and Crusader's browser-oriented transport has better JA3 and browser-like behavior in the cases we test. If a site reacts differently under FoxyProxy, reproduce the test in the built-in browser before calling it a security finding.
| Use this | When |
|---|---|
| Built-in test browser | First capture, WAF-sensitive flows, login journeys, bot-sensitive targets, and anything where TLS/browser fingerprint parity matters. |
| FoxyProxy | Manual routing in your normal browser, URL pattern routing, Firefox containers, per-tab experiments, and quick proxy on/off toggles. |
Do not use a WAF block caused only by FoxyProxy as proof of target behavior. Confirm through Crusader's built-in browser or another clean baseline first.
02Start Crusader and note the listener
Open Crusader and confirm the proxy status pill is green. The default listener is 127.0.0.1:8080. If another process already owns 8080, Crusader auto-heals to a nearby free port and reports the actual value, such as 127.0.0.1:8081.
Use the exact host and port Crusader reports. FoxyProxy does not start Crusader for you, and it will silently fail if it points to the wrong port.
03Download FoxyProxy
Install FoxyProxy only from official sources or browser stores. The main FoxyProxy download page links the current browser versions, and the extension source for version 8 and newer is public on GitHub.
- FoxyProxy downloads - official download and browser instructions.
- FoxyProxy for Chrome / Chromium browsers - Chrome Web Store listing.
- FoxyProxy Standard for Firefox - Mozilla Add-ons listing.
- FoxyProxy browser-extension source - source repository for version 8 and newer.
After install, pin the FoxyProxy icon to the browser toolbar so you can see when it is active and turn it off cleanly when the test is done.
04Configure the proxy entry
- Open the FoxyProxy extension and choose Options or Manage Proxies.
- Add a new proxy named Crusader.
- Set proxy type to HTTP.
- Set host to
127.0.0.1. - Set port to the Crusader listener port, usually
8080. - Leave username and password blank unless you put another proxy in front of Crusader. Crusader's local listener does not require proxy authentication.
- Save the proxy.
For a first check, select the Crusader proxy for all URLs. Once capture works, switch to URL patterns if you only want target traffic routed through Crusader. A simple target pattern looks like *://*.example.com/*.
05Trust the CA
Proxy routing and certificate trust are separate. FoxyProxy can send HTTPS traffic to Crusader, but the browser still has to trust the Crusader root CA or HTTPS pages will fail with certificate warnings.
Use the CA wizard in Crusader, or follow Trust the Crusader CA. For Chrome, Edge, Brave, and most Chromium browsers, OS trust is usually enough. Firefox can use its own certificate store, so confirm Firefox trusts the CA before testing HTTPS targets.
If you do not want to modify your browser or OS trust store, use Open test browser in Crusader instead. It uses an isolated profile and trusts Crusader by pin without changing your daily browser.
06Verify capture
- Enable the Crusader proxy in FoxyProxy.
- Open a target you are authorized to test.
- Open Crusader History.
- Confirm the request appears with the expected host, method, status, headers, and response.
After verification, set Target scope so Crusader stores and surfaces the hosts you actually intend to test.
07Troubleshooting
| Symptom | Check |
|---|---|
| No traffic in History | Make sure the Crusader proxy is active, FoxyProxy is enabled, and the FoxyProxy port matches the port Crusader reports. |
| HTTPS certificate errors | Trust the Crusader CA for that browser. Firefox may need explicit browser-store trust even when the OS store is correct. |
| Site behaves differently or WAF blocks | Retest in Crusader's built-in test browser. FoxyProxy is useful, but in our testing it can trigger some WAF/bot paths that the built-in browser does not. |
| Browser stops loading after Crusader closes | Turn FoxyProxy off or switch it back to direct connection. The browser is still pointing at a local proxy that is no longer listening. |
| Only some URLs are captured | Review FoxyProxy patterns. Start with all URLs, then narrow to target patterns after capture works. |
Keep testing authorized and scoped. FoxyProxy is just a routing switch; Crusader's scope and safety model still applies once traffic reaches the app.
The other major browser proxy switcher for Chrome, Edge, and Firefox. Your first capture
Use Crusader's built-in browser or manual proxy setup. Trust the Crusader CA
Per-OS certificate trust and the zero-install test browser. Fingerprint
JA3/JA4, HTTP/2, and browser-like transport behavior.
Want a guide that isn't here yet? Email [email protected].