{"id":20392519,"url":"https://github.com/equim-chan/h2s","last_synced_at":"2025-06-15T06:33:33.484Z","repository":{"id":57510305,"uuid":"125224558","full_name":"Equim-chan/h2s","owner":"Equim-chan","description":":electric_plug: A simple tool that wraps HTTPS proxies into a SOCKS5 proxy.","archived":false,"fork":false,"pushed_at":"2019-06-17T20:29:27.000Z","size":45,"stargazers_count":124,"open_issues_count":1,"forks_count":19,"subscribers_count":11,"default_branch":"master","last_synced_at":"2025-06-11T21:15:51.503Z","etag":null,"topics":["connect","http","proxy","socks5","wrapper"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Equim-chan.png","metadata":{"files":{"readme":"README.adoc","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2018-03-14T14:21:31.000Z","updated_at":"2025-04-07T04:28:06.000Z","dependencies_parsed_at":"2022-09-26T17:50:53.892Z","dependency_job_id":null,"html_url":"https://github.com/Equim-chan/h2s","commit_stats":null,"previous_names":[],"tags_count":14,"template":false,"template_full_name":null,"purl":"pkg:github/Equim-chan/h2s","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Equim-chan%2Fh2s","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Equim-chan%2Fh2s/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Equim-chan%2Fh2s/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Equim-chan%2Fh2s/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Equim-chan","download_url":"https://codeload.github.com/Equim-chan/h2s/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Equim-chan%2Fh2s/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":259934759,"owners_count":22934329,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["connect","http","proxy","socks5","wrapper"],"created_at":"2024-11-15T03:44:13.359Z","updated_at":"2025-06-15T06:33:33.464Z","avatar_url":"https://github.com/Equim-chan.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"= h2s\nEquim \u003chttps://github.com/Equim-chan[@Equim-chan]\u003e\n\nimage:http://img.shields.io/badge/godoc-reference-5272B4.svg[GoDoc, link=https://godoc.org/ekyu.moe/h2s]\nimage:https://img.shields.io/github/release/Equim-chan/h2s.svg[Release, link=https://github.com/Equim-chan/h2s/releases/latest]\nimage:https://img.shields.io/circleci/project/github/Equim-chan/h2s.svg[CircleCI, link=https://circleci.com/gh/Equim-chan/h2s]\nimage:https://goreportcard.com/badge/github.com/Equim-chan/h2s[Go Report Card, link=https://goreportcard.com/report/github.com/Equim-chan/h2s]\nimage:https://img.shields.io/github/license/Equim-chan/h2s.svg[License, link=https://github.com/Equim-chan/h2s/blob/master/LICENSE]\n\nh2s is a tiny CLI tool that wraps one or multiple HTTPS proxies into a SOCKS5 proxy. It does something like https://www.irif.fr/~jch/software/polipo/[polipo] and http://www.privoxy.org/[privoxy] do, but in a reversed way.\n\nThere are already some SOCKS to HTTPS tools out there, but I can hardly find a reversed one (HTTPS to SOCKS), so I decided to make one on my own.\n\n== Install\nYou can view the https://github.com/Equim-chan/h2s/releases[release] page for handy prebuilt binaries.\n\n== Build from Source\nh2s relies on stadard libs only.\n\n[source,bash]\n----\n$ go get -u ekyu.moe/h2s/cmd/h2s\n----\n\n== Configure\nAn example config file:\n\n[source,js]\n----\n{\n  // bind is the address h2s will listen to.\n  // Note that since HTTPS proxy support only TCP, the h2s wrapped SOCKS5\n  // proxy consequently support only TCP as well.\n  \"bind\": \"127.0.0.1:1080\",\n\n  // upstreams are HTTPS proxy upstreams.\n  // h2s will do a simple round-robin load balance.\n  \"upstreams\": [{\n    // If no port is specified, 80 is assumed by default.\n    \"address\": \"proxy1.example.com\",\n  }, {\n    \"address\": \"proxy2.example.com:3128\",\n\n    // username and password are optional for proxy authentication.\n    \"username\": \"Alice\",\n    \"password\": \"secret here\"\n  }, {\n    // An HTTPS proxy over TLS upstream.\n    // You have to specify port explicitly (usually 443), and set the tls field.\n    \"address\": \"secure.proxy.example.com:443\",\n    \"username\": \"Secure\",\n    \"password\": \"Yeah!\",\n\n    // h2s only provides some basic TLS settings. If you are an advanced user and\n    // looking for other settings, you may use stunnel(1) to handle TLS instead,\n    // and simply leave a naive TCP interface to h2s.\n    \"tlsConfig\": {\n      // If empty, serverName is set to the hostname from address.\n      // Most users could just leave it empty.\n      \"serverName\": \"secure.proxy.example.com\",\n\n      // If you prefer to set a fingerprint instead of providing certs, you can\n      // set this to true.\n      // Do not set to true unless you know what you are doing.\n      \"insecureSkipVerify\": false,\n      // Server's SHA256 fingerprint, used to verify as an alternative to providing\n      // the whole server certs, should be used with insecureSkipVerify to true.\n      // If both rootCA and sha256Fingerprint are provided, they will both be\n      // verified.\n      //\n      // An example to get fingerprint of a given cert:\n      //     openssl x509 -fingerprint -sha256 -noout -in cert.cer | cut -f2 -d'=' | sed s/://g\n      // or of a server with TLS enabled:\n      //      openssl s_client -showcerts -connect example.com:443 \u003c /dev/null | \\\n      //        openssl x509 -fingerprint -sha256 -noout | cut -f2 -d'=' | sed s/://g\n      \"sha256fingerprint\": \"22B975A1409850EF7F4522183E9C5A8955758FC899D70FE257112DA2FC430CCC\",\n\n      // rootCA is useful for self-signed certs. Be careful with it.\n      // If the server has a trusted cert, you don't have to set it.\n      \"rootCA\": \"/path/to/the/ca/cert\",\n\n      // certFile and keyFile are advanced options for client authentication.\n      // Most users could just leave it empty.\n      \"certFile\": \"/path/to/the/client/cert\",\n      \"keyFile\": \"/path/to/the/client/key\"\n    }\n  }],\n\n  // accounts is an optional array of accounts for SOCKS5 authentication\n  // with no accounts, authentication is disabled\n  \"accounts\": [{\n    \"username\": \"test server\",\n    \"password\": \"test\"\n  }],\n\n  // timeout optionally sets timeout value when dialing to a upstream\n  // default \"20s\"\n  \"timeout\": \"20s\",\n  // retries optionally specifies the max retries count of dialing to upstreams\n  // default 3.\n  \"retries\": 3\n}\n----\n\n== Usage\n[source,bash]\n----\n$ h2s [-config h2s.json]\n----\n\n== References\n* https://tools.ietf.org/html/rfc1928[RFC 1928 - SOCKS Protocol Version 5]\n* https://tools.ietf.org/html/rfc1929[RFC 1929 - Username/Password Authentication for SOCKS V5]\n* https://tools.ietf.org/html/rfc7231[RFC 7231 - Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content]\n\n== License\nhttps://github.com/Equim-chan/h2s/blob/master/LICENSE[MIT]\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fequim-chan%2Fh2s","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fequim-chan%2Fh2s","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fequim-chan%2Fh2s/lists"}