{"id":13826082,"url":"https://github.com/krrr/wstan","last_synced_at":"2025-07-08T23:30:57.993Z","repository":{"id":62589656,"uuid":"44646492","full_name":"krrr/wstan","owner":"krrr","description":"Tunneling TCP in WebSocket (ssh -D alternative)","archived":false,"fork":false,"pushed_at":"2020-10-15T15:44:55.000Z","size":217,"stargazers_count":39,"open_issues_count":1,"forks_count":11,"subscribers_count":3,"default_branch":"master","last_synced_at":"2024-04-24T13:19:32.639Z","etag":null,"topics":["proxy","socks-proxy","tunnel","websockets"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/krrr.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2015-10-21T01:59:19.000Z","updated_at":"2024-04-19T12:54:47.000Z","dependencies_parsed_at":"2022-11-03T17:56:34.097Z","dependency_job_id":null,"html_url":"https://github.com/krrr/wstan","commit_stats":null,"previous_names":[],"tags_count":8,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/krrr%2Fwstan","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/krrr%2Fwstan/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/krrr%2Fwstan/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/krrr%2Fwstan/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/krrr","download_url":"https://codeload.github.com/krrr/wstan/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":225470635,"owners_count":17479366,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["proxy","socks-proxy","tunnel","websockets"],"created_at":"2024-08-04T09:01:31.863Z","updated_at":"2025-07-08T23:30:57.986Z","avatar_url":"https://github.com/krrr.png","language":"Python","funding_links":[],"categories":["\u003ca id=\"01e6651181d405ecdcd92a452989e7e0\"\u003e\u003c/a\u003e工具"],"sub_categories":["\u003ca id=\"9d6789f22a280f5bb6491d1353b02384\"\u003e\u003c/a\u003e隧道\u0026\u0026穿透"],"readme":"# wstan\n[![PyPI](https://img.shields.io/pypi/v/wstan.svg)](https://pypi.python.org/pypi/wstan)\n[![PyPI](https://img.shields.io/pypi/pyversions/wstan.svg)](https://pypi.python.org/pypi/wstan)\n\nTunneling TCP/UDP connections in WebSocket to circumvent firewall.\nIt's light and can run on some PaaS (SSL supported).\n\n`User-Agent(SOCKS/HTTP) \u003c--\u003e (wstan)Client \u003c-- Internet --\u003e (wstan)Server \u003c--\u003e Target`\n\n## Features\n* Encryption\n* Proxy support (using HTTP CONNECT; [test yours](http://www.websocket.org/echo.html))\n* Display error message in browser (plain HTTP only)\n* SOCKSv4/v5 and HTTP (slower) in the same port\n\nWARN: Do not rely it on security when not using SSL\n\n## Usage\n```\nusage: wstan [-h] [-g] [-c | -s] [-d] [-z] [-i INI] [-y PROXY] [-a ADDR] [-p PORT] [--pool-size POOL_SIZE]\n             [--pool-max-idle POOL_MAX_IDLE] [-t TUN_ADDR] [-r TUN_PORT] [--x-forward]\n             [uri] [key]\n\npositional arguments:\n  uri                   URI of server\n  key                   password or generated key\n\noptions:\n  -h, --help            show this help message and exit\n  -g, --gen-key         generate a 16 byte base64 key and exit\n  -c, --client          run as client (default, also act as SOCKS/HTTP server)\n  -s, --server          run as server\n  -d, --debug\n  -z, --compatible      useful when server is behind WS proxy\n  -i INI, --ini INI     load config file\n\nclient options:\n  -y PROXY, --proxy PROXY\n                        use HTTP proxy to connect to wstan server (host:port)\n  -a ADDR, --addr ADDR  listen address of SOCKS/HTTP server (defaults localhost)\n  -p PORT, --port PORT  listen port of SOCKS/HTTP server (defaults 1080)\n  --pool-size POOL_SIZE\n                        max size of connection pool (defaults 16)\n  --pool-max-idle POOL_MAX_IDLE\n                        max idle timeout of connection pool in sec (defaults 300)\n\nserver options:\n  -t TUN_ADDR, --tun-addr TUN_ADDR\n                        listen address of server, overrides URI\n  -r TUN_PORT, --tun-port TUN_PORT\n                        listen port of server, overrides URI\n  --x-forward           use X-Forwarded-For as client IP address when behind proxy\n```\n\n#### Setup:\n```sh\n# generate a key using \"wstan -g\"\nwstan ws://yourserver.com KEY -s  # server\nwstan ws://yourserver.com KEY  # client\n# a proxy server is listening at localhost:1080 now (at client side)\n```\n\n#### Setup for OpenShift v3:\n1. [Generate a key](http://rextester.com/TZXL63621)\n2. Pull [Docker image](https://hub.docker.com/r/krrr/wstan/) and set environment variable `KEY`\n3. Add default route\n4. `http://xxx.openshiftapps.com` will return 200 if everything goes right; Run client `wstan ws://xxx.openshiftapps.com KEY`\n\n## It's a reinvented wheel\n* [chisel](https://github.com/jpillora/chisel)\n* https://github.com/mhzed/wstunnel\n* https://github.com/ffalcinelli/wstunnel\n* shadowsocks-dotcloud\n* [multitun](https://github.com/covertcodes/multitun) (VPN)\n* etherws (VPN)\n* websockify (not for circumventing FW)\n* [gost](https://github.com/ginuerzh/gost/)\n* [v2ray](https://www.v2ray.com)\n\n## Details\nOriginal Goal: make active probing against server side more difficult while\nstill keeping low latency of connection establishment and being stateless (inspired by shadowsocks).\n\nWeakness: can't prevent MITM attack; client can't detect fake server (may receive garbage data);\nreplay attack detection may fail\n\nTech Detail:\n* request frame has HMAC and timestamp (data frame has nothing), and all frames are encrypted using AES-128-CTR\n* server will save encryption nonce and timestamp when receiving valid request (to detect replay attack)\n* the first request frame will be encoded into URI of WS handshake (to achieve low latency)\n* it has a connection pool\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkrrr%2Fwstan","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fkrrr%2Fwstan","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkrrr%2Fwstan/lists"}