{"id":13564427,"url":"https://github.com/foomo/tlssocks","last_synced_at":"2025-05-04T22:31:58.726Z","repository":{"id":54285403,"uuid":"143316731","full_name":"foomo/tlssocks","owner":"foomo","description":"secure socks5 over tls / tcp","archived":false,"fork":false,"pushed_at":"2021-03-09T13:08:43.000Z","size":75,"stargazers_count":28,"open_issues_count":1,"forks_count":5,"subscribers_count":11,"default_branch":"master","last_synced_at":"2025-04-08T13:50:10.551Z","etag":null,"topics":["proxy","socks5","tls"],"latest_commit_sha":null,"homepage":null,"language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/foomo.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2018-08-02T15:59:47.000Z","updated_at":"2024-03-29T13:08:30.000Z","dependencies_parsed_at":"2022-08-13T11:00:43.027Z","dependency_job_id":null,"html_url":"https://github.com/foomo/tlssocks","commit_stats":null,"previous_names":[],"tags_count":9,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/foomo%2Ftlssocks","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/foomo%2Ftlssocks/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/foomo%2Ftlssocks/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/foomo%2Ftlssocks/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/foomo","download_url":"https://codeload.github.com/foomo/tlssocks/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":252408451,"owners_count":21743123,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["proxy","socks5","tls"],"created_at":"2024-08-01T13:01:31.171Z","updated_at":"2025-05-04T22:31:58.431Z","avatar_url":"https://github.com/foomo.png","language":"Go","funding_links":[],"categories":["Go"],"sub_categories":[],"readme":"# socks5 over multiple network zones tunneled through a tls tcp connection\n\n```ascii\n+-------------------+ +--------------+ +--------------+ +-----------------+\n| source zone | | zone A | | zone ... | | target zone |\n| +---------------+ | | | | | | +-------------+ |\n| | | | | | | | | | | |\n| | client A | | | | | | | | service A | |\n| | | | | | | | | | | |\n| +-------+-------+ | | | | | | +------^------+ |\n| | | | | | | | | |\n| +-------v-------+ | | +----------+ | | +----------+ | | +------+------+ |\n| | | | | | | | | | | | | | | |\n| | tlssocksproxy +-------\u003e tcpproxy +-------\u003e tcpproxy +-------\u003e tlssocks | |\n| | | | | | | | | | | | | | | |\n| +-------^-------+ | | +----------+ | | +----------+ | | +------+------+ |\n| | | | | | | | | |\n| +-------+-------+ | | | | | | +------v------+ |\n| | | | | | | | | | | |\n| | client ... | | | | | | | | service ... | |\n| | | | | | | | | | | |\n| +---------------+ | | | | | | +-------------+ |\n| | +--------------+ +--------------+ | |\n| | | |\n| +-----------------------------------------\u003e |\n| | tls connection over n zones | |\n+-------------------+ +-----------------+\n```\n## example project\n\nExample docker-compose project in docker/localtest - should help to understand the configuration\n\n```bash\n# run example project\nmake docker-local-test\n```\n\n```bash\n# try it\n\n# works for jan\ncurl -vvv --proxy socks5h://jan:secret@127.0.0.1:8000 http://echo:8080/\n* Trying 127.0.0.1...\n* TCP_NODELAY set\n* SOCKS5 communication to echo:8080\n* SOCKS5 request granted.\n* Connected to 127.0.0.1 (127.0.0.1) port 8000 (#0)\n\u003e GET / HTTP/1.1\n\u003e Host: echo:8080\n\u003e User-Agent: curl/7.54.0\n\u003e Accept: */*\n\u003e\n\u003c HTTP/1.1 200 OK\n\u003c X-App-Name: http-echo\n\u003c X-App-Version: 0.2.3\n\u003c Date: Mon, 06 Aug 2018 09:44:03 GMT\n\u003c Content-Length: 12\n\u003c Content-Type: text/plain; charset=utf-8\n\u003c\nhello-world\n* Connection #0 to host 127.0.0.1 left intact\n\n# does not work for peter\ncurl -vvv --proxy socks5h://peter:secret@127.0.0.1:8000 http://echo:8080/\n* Trying 127.0.0.1...\n* TCP_NODELAY set\n* SOCKS5 communication to echo:8080\n* Can't complete SOCKS5 connection to 0.0.0.0:0. (2)\n* Closing connection 0\ncurl: (7) Can't complete SOCKS5 connection to 0.0.0.0:0. (2)\n\n```\n\n## tlssocksproxy\n\nOpens an tls encrypted connection to tlssocks - optionally through one or multiple tcpproxies and makes it available as a \"normal\" socks5 server.\n\n```bash\n# running a tlssocksproxy locally to connect a remote tlssocks using tls encryption\ndocker run --rm -p=\"8000:8000\" foomo/tlssocksproxy:latest -addr=\"0.0.0.0:8000\" -server=\"tlssocks.example.com:8765\"\n```\n\n## tcpproxy\n\nVery light weight wrapper around googles [https://github.com/google/tcpproxy](https://github.com/google/tcpproxy) - can be daisychained.\n\n## tlssocks\n\nBased on [github.com/armon/go-socks5](github.com/armon/go-socks5) wrapped by [https://golang.org/pkg/crypto/tls/](https://golang.org/pkg/crypto/tls/).\n\n- tls protection\n- authentication with bcrypt hashed passwords (htpasswd compatible)\n- destinations configuration\n\nManaging credentials:\n\nCan be done with good old htpasswd - in case of doubt `man htpasswd`\n\n```bash\n# set the password for a user in an existing file using bcrypt\nhtpasswd -B path/to/users.htpasswd \u003cuser-name\u003e\n```\n\nConfiguring destinations:\n\nBy default every proxy request is denied, except it is explicitly allowed through the destinations configuration. \n\nDestinations are configured on a name basis and allowed for ports and users.\n\nWARNING - if you are running multiple vhosts on one destination all of them are accessible, since tlssocks is not inspecting the incoming traffic.\n\n```yaml\n---\n# destination www.heise.de will be accessible trough ports 80, 443 for users jan and peter\nwww.heise.de:\n ports: \n - 80\n - 443\n users:\n - jan\n - peter\n# destination echo is acce\necho:\n ports: \n - 8080\n users:\n - jan\n\nwww.google.com:\n ports: \n - 443\n users:\n - peter\n...\n```\n\n## caveats / todos\n\n- only name based destinations are supported\n\n## security concerns\n\nAll vhosts on a destination can be accessed through the allowed ports - there is no traffic inspection to prevent this.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffoomo%2Ftlssocks","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ffoomo%2Ftlssocks","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffoomo%2Ftlssocks/lists"}