{"id":43488671,"url":"https://github.com/keminar/anyproxy","last_synced_at":"2026-02-03T09:42:20.551Z","repository":{"id":43684359,"uuid":"264066445","full_name":"keminar/anyproxy","owner":"keminar","description":"A transparent proxy written in Golang.","archived":false,"fork":false,"pushed_at":"2025-03-19T09:50:53.000Z","size":2572,"stargazers_count":28,"open_issues_count":1,"forks_count":7,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-03-19T10:37:29.032Z","etag":null,"topics":["anyproxy","charles","golang","http","https","proxifier","tcp"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/keminar.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-05-15T01:32:03.000Z","updated_at":"2025-02-08T00:36:56.000Z","dependencies_parsed_at":"2024-01-09T14:28:24.445Z","dependency_job_id":"7cc78cb4-d5a5-4692-8e1f-cdd62cf0febf","html_url":"https://github.com/keminar/anyproxy","commit_stats":null,"previous_names":[],"tags_count":17,"template":false,"template_full_name":null,"purl":"pkg:github/keminar/anyproxy","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/keminar%2Fanyproxy","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/keminar%2Fanyproxy/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/keminar%2Fanyproxy/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/keminar%2Fanyproxy/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/keminar","download_url":"https://codeload.github.com/keminar/anyproxy/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/keminar%2Fanyproxy/sbom","scorecard":{"id":554618,"data":{"date":"2025-08-11","repo":{"name":"github.com/keminar/anyproxy","commit":"8fb25d1512710ad5411e29e774677f3cb04cc9b0"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":2.3,"checks":[{"name":"Dangerous-Workflow","score":-1,"reason":"no workflows found","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Code-Review","score":0,"reason":"Found 0/5 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Token-Permissions","score":-1,"reason":"No tokens found","details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: containerImage not pinned by hash: Dockerfile:2","Warn: containerImage not pinned by hash: Dockerfile:20","Info:   0 out of   2 containerImage dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":0,"reason":"license file not detected","details":["Warn: project does not have a license file"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":0,"reason":"Project has not signed or included provenance with any releases.","details":["Warn: release artifact v1.9 not signed: https://api.github.com/repos/keminar/anyproxy/releases/207761163","Warn: release artifact v1.9 does not have provenance: https://api.github.com/repos/keminar/anyproxy/releases/207761163"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 30 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":9,"reason":"1 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GO-2025-3595 / GHSA-vvgc-356p-c3xw"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-20T11:59:45.479Z","repository_id":43684359,"created_at":"2025-08-20T11:59:45.479Z","updated_at":"2025-08-20T11:59:45.479Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29039825,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-03T09:33:44.148Z","status":"ssl_error","status_checked_at":"2026-02-03T09:33:43.343Z","response_time":96,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["anyproxy","charles","golang","http","https","proxifier","tcp"],"created_at":"2026-02-03T09:42:19.960Z","updated_at":"2026-02-03T09:42:20.546Z","avatar_url":"https://github.com/keminar.png","language":"Go","readme":"# Any Proxy\n\nanyproxy 是一个部署在Linux系统上的tcp流转发器，可以将收到的请求按域名划分链路发本地请求或者转到下一级代理。可以代替Proxifier做Linux下的客户端， 也可以配合Proxifier当它的服务端。经过跨平台编译，如果只做网络包的转发可以在windows等平台使用。\n\n[下载二进制包](http://cloudme.io/)\n\ntunneld 是一个anyproxy的服务端模式，带密钥验证，部署在服务器上接收anyproxy的请求，并代理发出请求或是转到下一个tunneld。用于跨内网访问资源使用。非anyproxy请求一概拒绝处理\n\n# 路由支持\n\n```\n+----------+      +----------+      +----------+\n| Computer | \u003c==\u003e | anyproxy | \u003c==\u003e | Internet |\n+----------+      +----------+      +----------+\n\n# or\n+----------+      +----------+      +---------+      +----------+\n| Computer | \u003c==\u003e | anyproxy | \u003c==\u003e | tunneld | \u003c==\u003e | Internet |\n+----------+      +----------+      +---------+      +----------+\n\n# or\n+----------+      +----------+      +---------+      +----------+\n| Computer | \u003c==\u003e | anyproxy | \u003c==\u003e | socks5  | \u003c==\u003e | Internet |\n+----------+      +----------+      +---------+      +----------+\n\n# or\n+----------+      +----------+      +---------+      +---------+      +----------+\n| Computer | \u003c==\u003e | anyproxy | \u003c==\u003e | tunneld | \u003c==\u003e | socks5  | \u003c==\u003e | Internet |\n+----------+      +----------+      +---------+      +---------+      +----------+\n\n# or\n+----------+      +---------+      +-----------+  ws  +-----------+      +---------+\n| Computer | \u003c==\u003e | Nginx A | \u003c==\u003e | anyproxy S| \u003c==\u003e | anyproxy C| \u003c==\u003e | Nginx B |\n+----------+      +---------+      +-----------+      +-----------+      +---------+\n```\n\n# 使用案例\n\u003e 案例1:解决Docker pull官方镜像的问题\n\n`使用iptables将本用户下tcp流转到anyproxy，再进行docker pull操作`\n\n\u003e 案例2: 解决相同域名访问网站不同测试环境的问题\n\n`本地通过内网 anyproxy 代理上网，遇到测试服务器域名则跳到外网tunneld转发，网站的nginx根据来源IP进行转发到特定测试环境（有几个环境就需要有几个tunneld服务且IP要不同)`\n\n\u003e 案例3: 解决HTTPS抓包问题\n\n`本地将https请求到服务器，服务器解证书后增加特定头部转到anyproxy websocket服务端，本地另起一个anyproxy的websocket客户端接收并将http请求转发到Charles`\n\n\u003e 案例4： 解决内网tcp端口给外网访问\n\n`假如本机是192网段，容器内是10网段，在本机启动一个程序监听本机端口同时桥接到容器内的应用的端口，这样就可以通过本机端口访问容器内的tcp服务（配置项是tcpcopy）`\n\n# 源码编译\n\n\u003e 安装Go环境并设置GOPROXY\n\nGo环境安装比较简单，这里不做介绍，GOPROXY对不同版本有些差异，设置方法如下\n```\n# Go 版本\u003e=1.11\nexport GOPROXY=https://goproxy.cn\n# Go 版本\u003e=1.13 \ngo env -w GOPROXY=https://goproxy.cn,direct\n```\n\n\u003e 下载编译\n```\ngit clone https://github.com/keminar/anyproxy.git\ncd anyproxy\nmake all\n```\n\n\u003e 本机启动\n\n```\n# 示例1. 以anyproxy用户启动\nsudo -u anyproxy ./anyproxy\n\n# 示例2. 以后台进程方式运行\n./anyproxy -daemon\n\n# 示例3. 启动tunneld\n./anyproxy -mode tunnel\n\n# 示例4. 启动anyproxy并将请求转给tunneld\n./anyproxy -p 'tunnel://127.0.0.1:3001'\n\n# 示例5. 启动anyproxy并将请求转给socks5\n./anyproxy -p 'socks5://127.0.0.1:10000'\n\n# 示例6. 端口转发\n./anyproxy -c conf/tcpcopy.yaml\n\n# 其它帮助\n./anyproxy -h\n```\n\n注：因为本地iptables转发是Linux功能，所以windows系统使用时精简掉了此部分功能\n\n\u003e 平滑重启\n\n```\n# 首先查到进程pid，然后发送HUP信号\nkill -HUP pid\n```\n\n\n\u003e 使用Docker\n\n```\n# 构建\ndocker build -t anyproxy:latest .\n# 运行\ndocker run anyproxy:latest\n# 开放端口并带参数运行\ndocker run  -p 3000:3000 anyproxy:latest -p '127.0.0.1:3001'\n```\n\n# 代理设置\n\n* 防火墙全局代理\n\n```\n#添加一个不可以登录的用户\nsudo useradd -M -s /sbin/nologin anyproxy\n# uid为anyproxy的tcp请求不转发,并用anyproxy用户启动anyproxy程序\nsudo iptables -t nat -A OUTPUT -p tcp -m owner --uid-owner anyproxy -j RETURN\nsudo -u anyproxy ./anyproxy -daemon\n# 指定root账号本地请求不走代理\nsudo iptables -t nat -A OUTPUT -p tcp -d 192.168.0.0/16 -m owner --uid-owner 0 -j RETURN\nsudo iptables -t nat -A OUTPUT -p tcp -d 172.17.0.0/16 -m owner --uid-owner 0 -j RETURN\n# 指定root账号的http/https请求走代理\nsudo iptables -t nat -A OUTPUT -p tcp -m multiport --dport 80,443 -m owner --uid-owner 0 -j REDIRECT --to-port 3000\n```\n\n\u003e 如果删除全局代理\n```\n# 查看当前规则\nsudo iptables -t nat -L -n  --line-number\n\n# 输出\n ...以上省略\n Chain OUTPUT (policy ACCEPT)\n num  target     prot opt source               destination\n 1    RETURN     tcp  --  0.0.0.0/0            0.0.0.0/0            owner UID match 1004\n 2    REDIRECT   tcp  --  0.0.0.0/0            0.0.0.0/0            redir ports 3000\n ...以下省略\n\n# 按顺序依次为OUTPUT的第一条规则，和第二条规则\n# 假如想删除net的OUTPUT的第2条规则\nsudo iptables -t nat -D OUTPUT 2\n```\n* 浏览器 [Chrome设置](https://zhidao.baidu.com/question/204679423955769445.html)\n* 手机端 [苹果](https://jingyan.baidu.com/article/84b4f565add95060f7da3271.html)  [安卓](https://jingyan.baidu.com/article/219f4bf7ff97e6de442d38c8.html)\n\n# Todo\n\n\u003e ~~划线~~ 部分为已实现功能\n* ~~可将请求转发到Tunnel服务~~\n* ~~对域名支持加Host绑定~~\n* ~~对域名配置请求出口~~\n* ~~增加全局默认出口配置~~\n* ~~配置文件支持~~\n* ~~服务间通信增加token验证可配~~\n* ~~日志信息完善~~\n* ~~DNS解析增加cache~~\n* ~~自动路由模式下可设置检测时间和cache~~\n* ~~可以自定义代理server，如果不可用则用全局的~~\n* ~~server多级转发~~\n* ~~加域名黑名单功能，不给请求~~\n* ~~支持转发到socket5服务~~\n* ~~支持HTTP/1.1 keep-alive 一外链接多次请求不同域名~~\n* ~~修复iptables转发后百度贴吧无法访问的问题~~\n* ~~支持windows平台使用~~\n* ~~通过websocket实现内网穿透(必须为http的非CONNECT请求)~~\n* ~~订阅增加邮箱标识，用于辨别在线用户~~\n* ~~与Tunnel功能合并，使用mode区分~~\n* ~~启用ws-listen后的平滑重启问题~~\n* ~~监听配置文件变化重新加载路由~~\n* ~~支持proxy时转换端口号~~\n* ~~支持tcpcopy模式，用此转发连mysql~~\n* ~~支持socks5协议接入~~\n* ~~统计上下行流量~~\n* ~~修复不支持http upgrade socket的问题~~\n* TCP 增加更多协议解析支持，如rtmp，ftp, socks5, https(SNI)等\n* tunel token支持按host配置\n\n# 感谢\n\n\u003chttps://github.com/ryanchapman/go-any-proxy.git\u003e\n\n\u003chttps://zhuanlan.zhihu.com/p/25510419\u003e\n\n\u003chttp://blog.fatedier.com/2018/11/21/service-mesh-traffic-hijack/\u003e\n\n\u003chttps://my.oschina.net/mingyuejingque/blog/754089\u003e\n\n\u003chttps://github.com/darkk/redsocks\u003e\n\n\u003chttps://www.flysnow.org/2016/12/26/golang-socket5-proxy.html\u003e\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkeminar%2Fanyproxy","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fkeminar%2Fanyproxy","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkeminar%2Fanyproxy/lists"}