> ## Documentation Index
> Fetch the complete documentation index at: https://mintlify.com/sammwyy/mikuMikuBeam/llms.txt
> Use this file to discover all available pages before exploring further.

# Web Interface

> Guide to using the Miku Miku Beam web control panel

## Overview

The Miku Miku Beam web interface provides a user-friendly graphical control panel for launching and monitoring attacks. It communicates with the backend server via Socket.IO for real-time statistics.

## Starting the Server

Launch the web server using the `mmb-server` binary:

```bash theme={null}
./bin/mmb-server
```

By default, the server listens on port `3000`. You'll see output like:

```
Server listening on :3000
Serving static files from bin/web-client
```

### Server Flags

<ParamField path="--no-proxy" type="boolean" default="false">
  Allow attacks without proxies. Can also be set via `ALLOW_NO_PROXY=true` environment variable.
</ParamField>

### Environment Variables

<ParamField path="LOG_FORMAT" type="string" default="console">
  Set to `json` for JSON-formatted logs, or leave unset for human-readable console output
</ParamField>

<ParamField path="ALLOW_NO_PROXY" type="boolean" default="false">
  Set to `true` to allow attacks without proxies (equivalent to `--no-proxy` flag)
</ParamField>

## Accessing the Interface

Once the server is running, open your browser and navigate to:

```
http://localhost:3000
```

<Info>
  The web interface is served from either `bin/web-client` or `web-client/dist` depending on your build configuration.
</Info>

## Features

### Attack Configuration

The web interface provides an intuitive form for configuring attacks:

<Steps>
  <Step title="Select Attack Method">
    Choose from available attack types:

    * `http_flood` - Standard HTTP flood
    * `http_bypass` - Bypass-focused HTTP attack
    * `http_slowloris` - Slowloris attack
    * `tcp_flood` - TCP-level flood
    * `minecraft_ping` - Minecraft server ping flood
  </Step>

  <Step title="Enter Target">
    Specify the target URL or address:

    * HTTP: `http://example.com` or `https://example.com:8443`
    * TCP: `tcp://192.168.1.100:80`
    * Minecraft: `mc.example.com:25565`
  </Step>

  <Step title="Configure Parameters">
    Set attack parameters:

    * **Duration** - Attack length in seconds (default: 60)
    * **Packet Delay** - Delay between packets in ms (default: 500)
    * **Packet Size** - Size of each packet in bytes (default: 512)
    * **Threads** - Number of concurrent threads (0 = auto)
  </Step>

  <Step title="Launch Attack">
    Click the attack button to begin. The interface immediately switches to monitoring mode.
  </Step>
</Steps>

### Real-Time Statistics

Once an attack is running, the interface displays live statistics:

<ResponseField name="PPS" type="int">
  Packets per second - current attack rate
</ResponseField>

<ResponseField name="Total Packets" type="int">
  Cumulative packets sent since attack started
</ResponseField>

<ResponseField name="Proxies" type="int">
  Number of proxies currently in use
</ResponseField>

<ResponseField name="Log" type="string">
  Detailed attack logs and status messages (always verbose in web mode)
</ResponseField>

### Configuration Management

The web interface allows you to manage proxies and user agents directly from the browser:

<Tabs>
  <Tab title="View Configuration">
    The server exposes a `GET /configuration` endpoint that returns current proxy and user agent lists (base64 encoded).

    ```json theme={null}
    {
      "proxies": "<base64-encoded proxy list>",
      "uas": "<base64-encoded user agent list>"
    }
    ```
  </Tab>

  <Tab title="Update Configuration">
    Send a `POST /configuration` request with updated lists:

    ```json theme={null}
    {
      "proxies": "<base64-encoded proxy list>",
      "uas": "<base64-encoded user agent list>"
    }
    ```

    The server writes changes to the configured files (`data/proxies.txt` and `data/uas.txt` by default).
  </Tab>
</Tabs>

## Socket.IO Communication

The web interface uses Socket.IO for bidirectional real-time communication.

### Client Events

<ParamField path="startAttack" type="object">
  Initiates a new attack with specified parameters:

  ```javascript theme={null}
  socket.emit('startAttack', {
    target: 'http://example.com',
    attackMethod: 'http_flood',
    duration: 60,
    packetDelay: 500,
    packetSize: 512,
    threads: 0
  });
  ```
</ParamField>

<ParamField path="stopAttack" type="void">
  Immediately stops the current attack:

  ```javascript theme={null}
  socket.emit('stopAttack');
  ```
</ParamField>

### Server Events

<ParamField path="stats" type="object">
  Real-time statistics updated every second:

  ```javascript theme={null}
  socket.on('stats', (data) => {
    console.log('PPS:', data.pps);
    console.log('Total:', data.totalPackets);
    console.log('Proxies:', data.proxies);
    console.log('Log:', data.log); // Optional
  });
  ```
</ParamField>

<ParamField path="attackAccepted" type="object">
  Confirmation that attack has started:

  ```javascript theme={null}
  socket.on('attackAccepted', (data) => {
    console.log('Attack started with', data.proxies, 'proxies');
  });
  ```
</ParamField>

<ParamField path="attackError" type="object">
  Error message if attack cannot start:

  ```javascript theme={null}
  socket.on('attackError', (data) => {
    console.error('Attack failed:', data.message);
  });
  ```
</ParamField>

<ParamField path="attackEnd" type="void">
  Notification that attack has completed or been stopped:

  ```javascript theme={null}
  socket.on('attackEnd', () => {
    console.log('Attack ended');
  });
  ```
</ParamField>

## REST API Endpoints

In addition to Socket.IO, the server provides HTTP endpoints:

### List Available Attacks

```bash theme={null}
GET /attacks
```

**Response:**

```json theme={null}
{
  "attacks": [
    "http_flood",
    "http_bypass",
    "http_slowloris",
    "tcp_flood",
    "minecraft_ping"
  ]
}
```

### Get Configuration

```bash theme={null}
GET /configuration
```

**Response:**

```json theme={null}
{
  "proxies": "aHR0cDovLzEuMi4zLjQ6ODA4MA==",
  "uas": "TW96aWxsYS81LjA..."
}
```

Proxy and user agent lists are base64-encoded.

### Update Configuration

```bash theme={null}
POST /configuration
Content-Type: application/json

{
  "proxies": "<base64-encoded proxy list>",
  "uas": "<base64-encoded user agent list>"
}
```

**Response:**

```
OK
```

## CORS Configuration

The server supports CORS to allow frontend development servers to connect. By default, it allows:

* **Origin:** `http://localhost:5173` (Vite dev server)
* **Methods:** GET, POST
* **Headers:** Content-Type

To change the allowed origin, update your [configuration file](/configuration#allowed-origin).

## Running Without Proxies

By default, the web server requires proxies. To allow attacks without proxies:

<CodeGroup>
  ```bash Using Flag theme={null}
  ./bin/mmb-server --no-proxy
  ```

  ```bash Using Environment Variable theme={null}
  ALLOW_NO_PROXY=true ./bin/mmb-server
  ```
</CodeGroup>

<Warning>
  Running without proxies exposes your server's IP address. Only use this for local testing.
</Warning>

## Multiple Clients

The server supports multiple simultaneous connections. Each client gets its own attack instance:

* Client attacks are tracked by Socket.IO client ID
* Each client can run one attack at a time
* Starting a new attack automatically stops the previous one
* Disconnecting automatically stops the client's attack

## Monitoring Server Logs

The server provides detailed logging of all operations:

<Tabs>
  <Tab title="Console Format (Default)">
    Human-readable logs for development:

    ```
    2026-03-03T10:15:30Z INF socket connected id=abc123
    2026-03-03T10:15:35Z INF startAttack received: method=http_flood target=http://example.com duration=60s
    2026-03-03T10:15:35Z INF attack started: id=client-abc123 method=http_flood proxies=1250
    ```
  </Tab>

  <Tab title="JSON Format">
    Machine-readable logs for production:

    ```bash theme={null}
    LOG_FORMAT=json ./bin/mmb-server
    ```

    Output:

    ```json theme={null}
    {"level":"info","time":"2026-03-03T10:15:30Z","message":"socket connected id=abc123"}
    {"level":"info","time":"2026-03-03T10:15:35Z","message":"startAttack received: method=http_flood..."}
    ```
  </Tab>
</Tabs>

## Troubleshooting

### Static Assets Not Found

```
Static web assets not found (bin/web-client or web-client/dist). Panel will be unavailable.
```

**Solution:** Build the web client first:

```bash theme={null}
cd web-client
npm install
npm run build
cd ..
make build
```

### No Proxies Available

```json theme={null}
{"message": "No proxies available; set ALLOW_NO_PROXY=true or --no-proxy to run without proxies"}
```

**Solution:** Either add proxies to your config file or start the server with `--no-proxy`.

### CORS Errors

If developing the frontend separately, update the `allowed_origin` in your [configuration file](/configuration#allowed-origin) to match your dev server URL.

## Best Practices

<CardGroup cols={2}>
  <Card title="Use HTTPS" icon="lock">
    Deploy behind a reverse proxy with TLS for production use
  </Card>

  <Card title="Restrict Access" icon="user-shield">
    Use firewall rules or authentication to prevent unauthorized access
  </Card>

  <Card title="Monitor Resources" icon="gauge">
    Keep an eye on server CPU/memory, especially with multiple clients
  </Card>

  <Card title="Log Everything" icon="file-lines">
    Use JSON logging in production for better monitoring and debugging
  </Card>
</CardGroup>