简体中文 | English
This is a simple transparent proxy tool developed in Go, leveraging eBPF. It enables transparent proxying for network traffic either globally or targeted by specific IP addresses, process IDs, or process name.
The program offers direct transparent proxy network forwarding with SOCKS5 support, serving as a modern alternative to tools like redsocks and proxychains. Furthermore, it can be integrated with other proxy software or Layer 7 proxies to implement advanced functionalities such as traffic splitting, firewalls, or creating a Mock Server.
Installation
Download binary from release or build from source:
- Clone the repository:
git clone https://github.com/Dream95/gotproxy.git cd gotproxy git submodule update --init --recursive ./init_env.sh - Build from source:
make build-bpf && make
Usage
gotproxy requires root privileges to function.
sudo ./gotproxy [flags]| Flag | Description |
|---|---|
| --cmd | The command name to be proxied. If not provided, all traffic will be proxied globally. |
| --pids | The pid to be proxied, seperate by ','. |
| --ip | The Target IP address to be proxied. Supports IPv4 and IPv4 CIDR notation. |
| --p-pid | The process ID of the proxy. If not provided, the program will automatically start a forwarding proxy. |
| --p-port | The proxy port. |
| --socks5 | The SOCKS5 proxy Server network address. If configured, SOCKS5 proxying will be used. |
| --socks5-user | SOCKS5 username (RFC1929). Must be set together with --socks5-pass. |
| --socks5-pass | SOCKS5 password (RFC1929). Must be set together with --socks5-user. |
| --proto | Proxy protocol selection: both (default) / tcp / udp. When set to tcp, only TCP traffic will be redirected; when set to udp, only UDP traffic will be redirected. |
Features Under Development: IPv6 support
Examples
- Proxy a specific command:
sudo ./gotproxy --cmd "curl"- Proxy network traffic and forward via SOCKS5:
sudo ./gotproxy --socks5 192.168.1.2:1080Where '192.168.1.2:1080' is the IP and port of the SOCKS5 proxy server.
SOCKS5 with username/password:
sudo ./gotproxy --socks5 192.168.1.2:1080 --socks5-user alice --socks5-pass 'secret'- TCP-only proxy:
sudo ./gotproxy --proto tcp- UDP-only proxy:
sudo ./gotproxy --proto udp-
Theoretically, a connection should be determined by a 5-tuple, but for most cases, connection mapping is currently based only on protocol type and source port.
-
In scenarios where proxying is based on process name, if a process starts a child process and uses execve to execute a new command, proxying will not work.
-
The current implementation of UDP proxy is not perfect, and there may be issues in certain scenarios.
Some code is referenced from