Download: pfodProxy.exe (also on Github)
Download: pfodProxy-macOS.tar.gz (also on Github)
pfodProxy-macOS.tar.gz to extract the .app macOS Gatekeeper: the first time you run pfodProxy.app, macOS will block it. See detailed macOS setup steps for how to allow pfodProxy through Privacy & Security. This is only needed once.
Terminal control permission: the first time pfodProxy.app runs, macOS will ask "pfodProxyLauncher wants to control Terminal" — click Allow. This is only needed once.
Download: pfodProxy (also on Github)
chmod +x pfodProxy
./pfodProxypfodProxy starts listening on port 4989.
Serial port access: add your user to the dialout group so pfodProxy can open
USB serial ports without sudo:
sudo usermod -aG dialout $USER
Log out and back in for the group change to take effect.
Close the pfodProxy manually or use the pfodWeb Close pfodProxy button.
That button will only show when the pfodProxy is running.
By default pfodProxy accepts requests from any pfodWeb.html on the same machine. If you're concerned about other software/webpages/scripts running on the same machine sending commands to your pfodDevices via the pfodProxy. You can optionally add a pfodProxy password as the second argument, after the port:
# Windows pfodProxy.exe 4989 mypassword # macOS (from Terminal) pfodProxy.app/Contents/MacOS/pfodProxy 4989 mypassword # Linux ./pfodProxy 4989 mypassword
Once the pfodProxy password is set, open pfodWeb.html with a matching ?pw= on its own URL, e.g.:
file:///path/to/pfodWeb.html?pw=mypassword
The easiest way to use this day-to-day is to create a short cut that
launches pfodProxy.exe 4989 mypassword, and a bookmark that opens
pfodWeb.html?pw=mypassword
pfodWeb will display error messages for miss-matching passwords.
You can have more than one pfodWeb window open at once, each connected to a different device — for example one window talking to a serial-connected Arduino, another talking to a second serial pfodDevice, another to a TCP/IP ESP32, and another to a BLE device — all sharing the same pfodProxy running in the background.
Classic Bluetooth devices (e.g. HC-05, HC-06) connect via the Serial transport. Pair the device with your computer first using the OS Bluetooth settings, then select the COM port / serial device it creates in pfodWeb.
/dev/tty.DeviceName in the serial port list.bluetoothctl:
bluetoothctl pair XX:XX:XX:XX:XX:XX trust XX:XX:XX:XX:XX:XX
sudo rfcomm bind 0 XX:XX:XX:XX:XX:XX
/dev/rfcomm0 — select it in pfodWeb as a serial port.sudo rfcomm release 0
Pass the port number as an argument to change from the default 4989.
Update the via pfodProxy host field in pfodWeb to match, e.g. 4990.
# Windows pfodProxy.exe 4990 # macOS (from Terminal) pfodProxy.app/Contents/MacOS/pfodProxy 4990 # Linux ./pfodProxy 4990
&pw=,
checked with a constant-time comparison. A mismatched or missing password is rejected the
same way as any other malformed request — silently, with no distinguishing error — so it can't
be used for guessing the real password.The following security features are active even if a password has not been set
Host of
localhost:<port> or 127.0.0.1:<port>. Any other value
(including an attacker's rebinding domain) is rejected with 403 Forbidden before
any handler runs. This is the primary DNS-rebinding defence.127.0.0.1 only, never
0.0.0.0. It is not reachable from other machines on the network.file:// (the normal case) sends
Origin: null on every request; an ordinary website has its own real origin instead.
Any request whose Origin is present and isn't null is rejected, blocking
the common case of some unrelated website's script probing 127.0.0.1 for a running
pfodProxy.{...} pfod command, optionally preceded by a single dedup character, or it's
rejected. This stops pfodProxy being used to write arbitrary non-pfod data to a connected
device.