{"id":28949642,"url":"https://github.com/shadowy-pycoder/go-http-proxy-to-socks","last_synced_at":"2026-03-17T07:25:07.392Z","repository":{"id":296170290,"uuid":"991746753","full_name":"shadowy-pycoder/go-http-proxy-to-socks","owner":"shadowy-pycoder","description":"Simple CLI tool to transform SOCKS proxy into HTTP proxy with  IPv4/IPv6 support for TCP/UDP Transparent Proxy (Redirect and TProxy), Proxychains, ARP spoofing and Traffic Sniffing","archived":false,"fork":false,"pushed_at":"2026-03-03T07:37:32.000Z","size":1837,"stargazers_count":48,"open_issues_count":2,"forks_count":2,"subscribers_count":1,"default_branch":"main","last_synced_at":"2026-03-03T07:52:45.838Z","etag":null,"topics":["arp","arp-spoofing","arpspoof","bettercap","cli","golang","hacking","http","proxy","proxychains","sniffing","socket-programming","socks5","spoofing","tproxy"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/shadowy-pycoder.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-05-28T05:07:31.000Z","updated_at":"2026-03-03T07:35:56.000Z","dependencies_parsed_at":"2025-07-21T05:23:55.176Z","dependency_job_id":"361ab562-183a-4bad-b39e-58429b6146e1","html_url":"https://github.com/shadowy-pycoder/go-http-proxy-to-socks","commit_stats":null,"previous_names":["shadowy-pycoder/go-http-proxy-to-socks"],"tags_count":39,"template":false,"template_full_name":null,"purl":"pkg:github/shadowy-pycoder/go-http-proxy-to-socks","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shadowy-pycoder%2Fgo-http-proxy-to-socks","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shadowy-pycoder%2Fgo-http-proxy-to-socks/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shadowy-pycoder%2Fgo-http-proxy-to-socks/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shadowy-pycoder%2Fgo-http-proxy-to-socks/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/shadowy-pycoder","download_url":"https://codeload.github.com/shadowy-pycoder/go-http-proxy-to-socks/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shadowy-pycoder%2Fgo-http-proxy-to-socks/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30038678,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-03T06:58:30.252Z","status":"ssl_error","status_checked_at":"2026-03-03T06:58:15.329Z","response_time":61,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["arp","arp-spoofing","arpspoof","bettercap","cli","golang","hacking","http","proxy","proxychains","sniffing","socket-programming","socks5","spoofing","tproxy"],"created_at":"2025-06-23T12:37:22.815Z","updated_at":"2026-03-17T07:25:07.377Z","avatar_url":"https://github.com/shadowy-pycoder.png","language":"Go","readme":"# GoHPTS - HTTP(S) and TCP/UDP transparent proxy to SOCKS5 proxy (chain) written in Go\n\n[![License: GPL v3](https://img.shields.io/badge/License-GPLv3-yellow.svg)](https://www.gnu.org/licenses/gpl-3.0)\n[![Go Reference](https://pkg.go.dev/badge/github.com/shadowy-pycoder/go-http-proxy-to-socks.svg)](https://pkg.go.dev/github.com/shadowy-pycoder/go-http-proxy-to-socks)\n![GitHub go.mod Go version](https://img.shields.io/github/go-mod/go-version/shadowy-pycoder/go-http-proxy-to-socks)\n[![Go Report Card](https://goreportcard.com/badge/github.com/shadowy-pycoder/go-http-proxy-to-socks)](https://goreportcard.com/report/github.com/shadowy-pycoder/go-http-proxy-to-socks)\n![GitHub Release](https://img.shields.io/github/v/release/shadowy-pycoder/go-http-proxy-to-socks)\n![GitHub Downloads (all assets, all releases)](https://img.shields.io/github/downloads/shadowy-pycoder/go-http-proxy-to-socks/total)\n![GitHub Downloads (all assets, latest release)](https://img.shields.io/github/downloads/shadowy-pycoder/go-http-proxy-to-socks/latest/total)\n\n\u003cp align=\"center\"\u003e\u003cimg alt=\"MrGopher\" src=\"resources/mr_gopher_small.png\"/\u003e\n\n## Table of contents\n\n- [Introduction](#introduction)\n- [Features](#features)\n- [Installation](#installation)\n- [Usage](#usage)\n  - [Configuration via CLI flags](#configuration-via-cli-flags)\n  - [Configuration via YAML file](#configuration-via-yaml-file)\n- [Transparent proxy](#transparent-proxy)\n  - [redirect (via NAT and SO_ORIGINAL_DST)](#redirect-via-nat-and-so_original_dst)\n  - [tproxy (via MANGLE and IP_TRANSPARENT)](#tproxy-via-mangle-and-ip_transparent)\n  - [ARP spoofing](#arp-spoofing)\n  - [UDP support](#udp-support)\n  - [Android support](#android-support)\n  - [IPv6 support](#ipv6-support)\n  - [NDP spoofing](#ndp-spoofing)\n- [Traffic sniffing](#traffic-sniffing)\n  - [JSON format](#json-format)\n  - [Colored format](#colored-format)\n- [Links](#links)\n- [Contributing](#contributing)\n- [License](#license)\n\n## Introduction\n\n[[Back]](#table-of-contents)\n\n`GoHPTS` CLI tool is a bridge between HTTP clients and a SOCKS5 proxy server or multiple servers (chain). It listens locally as an HTTP proxy, accepts standard HTTP\nor HTTPS (via CONNECT) requests and forwards the connection through a SOCKS5 proxy. Inspired by [http-proxy-to-socks](https://github.com/oyyd/http-proxy-to-socks) and [Proxychains](https://github.com/rofl0r/proxychains-ng)\n\nPossible use case: you need to connect to external API via Postman, but this API only available from some remote server.\nThe following commands will help you to perform such a task:\n\nCreate SOCKS5 proxy server via `ssh`:\n\n```shell\nssh \u003cremote server\u003e -D 1080 -Nf\n```\n\nCreate HTTP-to-SOCKS5 connection with `gohpts`\n\n```shell\ngohpts -s :1080 -l :8080\n```\n\nSpecify http server in proxy configuration of Postman\n\n## Features\n\n[[Back]](#table-of-contents)\n\n- **Proxy Chain functionality**\\\n  Supports `strict`, `dynamic`, `random`, `round_robin` chains of SOCKS5 proxy\n\n- **Transparent proxy**\\\n  Supports `redirect` (SO_ORIGINAL_DST) and `tproxy` (IP_TRANSPARENT) modes\n\n- **TCP and UDP Transparent proxy**\\\n  `tproxy` (IP_TRANSPARENT) handles TCP and UDP traffic\n\n- **Traffic sniffing**\\\n  Proxy is able to parse HTTP headers, TLS handshake, DNS messages and more\n\n- **ARP spoofing**\\\n  Proxy entire subnets with ARP spoofing approach\n\n- **NDP spoofing**\\\n  Proxy IPv6 connections using Router/Neighbor Advertisement and RDNSS injections.\n\n- **DNS Leak Protection**\\\n  DNS resolution occurs on SOCKS5 server side.\n\n- **CONNECT Method Support**\\\n  Supports HTTP CONNECT tunneling, enabling HTTPS and other TCP-based protocols.\n\n- **Trailer Headers Support**\\\n  Handles HTTP trailer headers\n\n- **Chunked Transfer Encoding**\\\n  Handles chunked and streaming responses\n\n- **SOCKS5 Authentication Support**\\\n  Supports username/password authentication for SOCKS5 proxies.\n\n- **HTTP Authentication Support**\\\n  Supports username/password authentication for HTTP proxy server.\n\n- **Lightweight and Fast**\\\n  Designed with minimal overhead and efficient request handling.\n\n- **Cross-Platform**\\\n  Compatible with all major operating systems.\n\n## Installation\n\n[[Back]](#table-of-contents)\n\n1. Arch Linux/CachyOS/EndeavourOS\n\n```shell\nyay -S gohpts\n```\n\n2. You can download the binary for your platform from [Releases](https://github.com/shadowy-pycoder/go-http-proxy-to-socks/releases) page.\n\nExample:\n\n```shell\nGOHPTS_RELEASE=v1.12.3; wget -v https://github.com/shadowy-pycoder/go-http-proxy-to-socks/releases/download/$GOHPTS_RELEASE/gohpts-$GOHPTS_RELEASE-linux-amd64.tar.gz -O gohpts \u0026\u0026 tar xvzf gohpts \u0026\u0026 mv -f gohpts-$GOHPTS_RELEASE-linux-amd64 gohpts \u0026\u0026 ./gohpts -h\n```\n\n3. Alternatively, you can install it using `go install` command (requires Go [1.26](https://go.dev/doc/install) or later):\n\n```shell\nCGO_ENABLED=0 go install -ldflags \"-s -w\" -trimpath github.com/shadowy-pycoder/go-http-proxy-to-socks/cmd/gohpts@latest\n```\n\nThis will install the `gohpts` binary to your `$GOPATH/bin` directory.\n\n4. Another alternative is to build from source:\n\n```shell\ngit clone https://github.com/shadowy-pycoder/go-http-proxy-to-socks.git\ncd go-http-proxy-to-socks\nmake build\n./bin/gohpts\n```\n\n## Usage\n\n[[Back]](#table-of-contents)\n\n```shell\ngohpts -h\n   _____       _    _ _____ _______ _____\n  / ____|     | |  | |  __ \\__   __/ ____|\n | |  __  ___ | |__| | |__) | | | | (___\n | | |_ |/ _ \\|  __  |  ___/  | |  \\___ \\\n | |__| | (_) | |  | | |      | |  ____) |\n  \\_____|\\___/|_|  |_|_|      |_| |_____/\n\nGoHPTS (HTTP(S) Proxy to SOCKS5 proxy) by shadowy-pycoder\nGitHub: https://github.com/shadowy-pycoder/go-http-proxy-to-socks\n\nUsage: gohpts [OPTIONS]\nOPTIONS:\n  General:\n  -h        Show this help message and exit\n  -v        Show version and build information\n  -D        Run as a daemon (provide -logfile to see logs)\n  -I        Display list of network interfaces and exit\n\n  Proxy:\n  -l        Address of HTTP proxy server (Default: \"127.0.0.1:8080\")\n  -s        Address of SOCKS5 proxy server (Default: \"127.0.0.1:1080\")\n  -c        Path to certificate PEM encoded file\n  -k        Path to private key PEM encoded file\n  -U        User for HTTP proxy (basic auth). This flag invokes prompt for password (not echoed to terminal)\n  -u        User for SOCKS5 proxy authentication. This flag invokes prompt for password (not echoed to terminal)\n  -i        Bind proxy to specific network interface (either by interface name or index)\n  -f        Path to server configuration file in YAML format (overrides proxy flags above)\n  -6        Enable IPv6 support for TCP and UDP\n\n  Logs:\n  -d        Show logs in DEBUG mode\n  -j        Show logs in JSON format\n  -logfile  Log file path (Default: stdout)\n  -nocolor  Disable colored output for logs (no effect if -j flag specified)\n  -pprof    Address of pprof server with profiling data\n\n  Sniffing:\n  -sniff    Enable traffic sniffing for HTTP and TLS\n  -snifflog Sniffed traffic log file path (Default: the same as -logfile)\n  -body     Collect request and response body for HTTP traffic (credentials, tokens, etc)\n\n  TProxy:\n  -t        Address of transparent proxy server (it starts along with HTTP proxy server)\n  -T        Address of transparent proxy server (no HTTP)\n  -Tu       Address of transparent UDP proxy server\n  -M        Transparent proxy mode: (redirect, tproxy)\n  -w        Number of instances of transparent proxy server (Default: number of CPU cores)\n  -wu       Number of instances of transparent UDP proxy server (Default: number of CPU cores)\n  -auto     Automatically setup iptables for transparent proxy (requires elevated privileges)\n  -arpspoof Enable ARP spoof proxy for selected targets (Example: \"targets 10.0.0.1,10.0.0.5-10,192.168.1.*,192.168.10.0/24;fullduplex false;debug true;interval 10s\")\n  -ndpspoof Enable NDP spoof proxy for selected targets (Example: \"ra true;na true;targets fe80::3a1c:7bff:fe22:91a4;fullduplex false;debug true;interval 10s\")\n  -mark     Set mark for each packet sent through transparent proxy (Default: redirect 0, tproxy 100)\n  -P        Comma separated list of ports to ignore when proxying traffic (Example: \"22,80,443,9092\")\n  -dump     Dump iptables rules and other system settings generated by -auto flag\n```\n\n### Configuration via CLI flags\n\n[[Back]](#table-of-contents)\n\n```shell\ngohpts -s 1080 -l 8080 -d -j\n```\n\nOutput:\n\n```shell\n{\"level\":\"info\",\"time\":\"2025-05-28T06:15:18+00:00\",\"message\":\"SOCKS5 Proxy: :1080\"}\n{\"level\":\"info\",\"time\":\"2025-05-28T06:15:18+00:00\",\"message\":\"HTTP Proxy: :8080\"}\n{\"level\":\"debug\",\"time\":\"2025-05-28T06:15:22+00:00\",\"message\":\"HTTP/1.1 - CONNECT - www.google.com:443\"}\n```\n\nSpecify username and password for SOCKS5 proxy server:\n\n```shell\ngohpts -s 1080 -l 8080 -d -j -u user\nSOCKS5 Password: #you will be prompted for password input here\n```\n\nSpecify username and password for HTTP proxy server:\n\n```shell\ngohpts -s 1080 -l 8080 -d -j -U user\nHTTP Password: #you will be prompted for password input here\n```\n\nWhen both `-u` and `-U` are present, you will be prompted twice\n\nRun http proxy over TLS connection\n\n```shell\ngohpts -s 1080 -l 8080 -c \"path/to/certificate\" -k \"path/to/private/key\"\n```\n\nRun proxy as a daemon (logfile is needed for logging output, otherwise you will see nothing)\n\n```shell\ngohpts -D -logfile /tmp/gohpts.log\n```\n\n```shell\n# output\ngohpts pid: \u003cpid\u003e\n```\n\n```shell\n# kill the process\nkill \u003cpid\u003e\n#or\nkill $(pidof gohpts)\n```\n\n`-u` and `-U` flags do not work in a daemon mode (and therefore authentication), but you can provide a config file (see below)\n\n### Configuration via YAML file\n\n[[Back]](#table-of-contents)\n\nRun http proxy in SOCKS5 proxy chain mode (specify server settings via YAML configuration file)\n\n```shell\ngohpts -f \"path/to/proxychain/config\" -d -j\n```\n\nConfig example:\n\n```yaml\n# Explanations for chains taken from /etc/proxychains4.conf\n\n# strict - Each connection will be done via chained proxies\n# all proxies chained in the order as they appear in the list\n# all proxies must be online to play in chain\n\n# dynamic - Each connection will be done via chained proxies\n# all proxies chained in the order as they appear in the list\n# at least one proxy must be online to play in chain\n# (dead proxies are skipped)\n\n# random - Each connection will be done via random proxy\n# (or proxy chain, see  chain_len) from the list.\n# this option is good to test your IDS :)\n\n# round_robin - Each connection will be done via chained proxies\n# of chain_len length\n# all proxies chained in the order as they appear in the list\n# at least one proxy must be online to play in chain\n# (dead proxies are skipped).\n# the start of the current proxy chain is the proxy after the last\n# proxy in the previously invoked proxy chain.\n# if the end of the proxy chain is reached while looking for proxies\n# start at the beginning again.\n# These semantics are not guaranteed in a multithreaded environment.\n\nchain:\n  type: strict # dynamic, strict, random, round_robin\n  length: 2 # maximum number of proxy in a chain (works only for random chain and round_robin chain)\nproxy_list:\n  - address: 127.0.0.1:1080\n    username: username # username and password are optional\n    password: password\n  - address: 127.0.0.1:1081\n  - address: :1082 # empty host means localhost\nserver:\n  address: 127.0.0.1:8080 # the only required field in this section (ignored when -T flag specified)\n  interface: \"eth0\" # if specified, overrides server address\n  # these are for adding basic authentication\n  username: username\n  password: password\n  # comment out these to use HTTP instead of HTTPS\n  cert_file: ~/local.crt\n  key_file: ~/local.key\n```\n\nTo learn more about proxy chains visit [Proxychains Github](https://github.com/rofl0r/proxychains-ng)\n\n## Transparent proxy\n\n[[Back]](#table-of-contents)\n\n\u003e Also known as an `intercepting proxy`, `inline proxy`, or `forced proxy`, a transparent proxy intercepts normal application layer communication without requiring any special client configuration. Clients need not be aware of the existence of the proxy. A transparent proxy is normally located between the client and the Internet, with the proxy performing some of the functions of a gateway or router\n\u003e\n\u003e -- _From [Wiki](https://en.wikipedia.org/wiki/Proxy_server)_\n\nThis functionality available only on Linux systems and Android (arm64) and requires additional setup (`iptables`, ip route, etc)\n\n`-T address` flag specifies the address of transparent proxy server (`GoHPTS` will be running without HTTP server).\n\n`-t address` flag specifies the address of transparent proxy server (`HTTP` proxy and other functionality stays the same).\n\nIn other words, `-T` spins up a single server, but `-t` two servers, `http` and `tcp`.\n\nThere are two modes `redirect` and `tproxy` that can be specified with `-M` flag\n\n## `redirect` (via _NAT_ and _SO_ORIGINAL_DST_)\n\nIn this mode proxying happens with `iptables` `nat` table and `REDIRECT` target. Host of incoming packet changes to the address of running `redirect` transparent proxy, but it also contains original destination that can be retrieved with `getsockopt(SO_ORIGINAL_DST)`\n\nTo run `GoHPTS` in this mode you use `-t` or `-T` flags with `-M redirect`\n\n### Example\n\n```shell\n# run the proxy\ngohpts -s 1080 -t 1090 -M redirect -d\n```\n\n```shell\n# run socks5 server on 127.0.0.1:1080\nssh remote -D 1080 -Nf\n```\n\nSetup your operating system:\n\n```shell\n# commands below require elevated privileges (you can run it with `sudo -i`)\n\n#enable ip forwarding\nsysctl -w net.ipv4.ip_forward=1\n\n# create `GOHPTS` nat chain\niptables -t nat -N GOHPTS\n\n# set no redirection rules for local, http proxy, ssh and redirect procy itself\niptables -t nat -A GOHPTS -d 127.0.0.0/8 -j RETURN\niptables -t nat -A GOHPTS -p tcp --dport 8080 -j RETURN\niptables -t nat -A GOHPTS -p tcp --dport 1090 -j RETURN\niptables -t nat -A GOHPTS -p tcp --dport 22 -j RETURN\n\n# redirect traffic to transparent proxy\niptables -t nat -A GOHPTS -p tcp -j REDIRECT --to-ports 1090\n\n# setup prerouting by adding our proxy\niptables -t nat -A PREROUTING -p tcp -j GOHPTS\n\n# intercept local traffic for testing\niptables -t nat -A OUTPUT -p tcp -j GOHPTS\n```\n\nTest connection:\n\n```shell\n#traffic should be redirected via 127.0.0.1:1090\ncurl http://example.com\n```\n\n```shell\n#traffic should be redirected via 127.0.0.1:8080\ncurl --proxy http://127.0.0.1:8080 http://example.com\n```\n\nUndo everything:\n\n```shell\nsysctl -w net.ipv4.ip_forward=0\niptables -t nat -D PREROUTING -p tcp -j GOHPTS\niptables -t nat -D OUTPUT -p tcp -j GOHPTS\niptables -t nat -F GOHPTS\niptables -t nat -X GOHPTS\n```\n\n### Auto configuration for `redirect` mode\n\n[[Back]](#table-of-contents)\n\nTo configure your system automatically, run the following command:\n\n```shell\nsudo env PATH=$PATH gohpts -d -T 8888 -M redirect -auto\n```\n\nPlease note, automatic configuration requires `sudo` and is very generic, which might not be suitable for your needs.\n\nYou can optionally specify `-mark \u003cvalue\u003e` to prevent possible proxy loops\n\n```shell\nsudo env PATH=$PATH gohpts -d -T 8888 -M redirect -auto -mark 100\n```\n\n## `tproxy` (via _MANGLE_ and _IP_TRANSPARENT_)\n\n[[Back]](#table-of-contents)\n\nIn this mode proxying happens with `iptables` `mangle` table and `TPROXY` target. Transparent proxy sees destination address as is, it is not being rewrited by the kernel. For this to work the proxy binds with socket option `IP_TRANSPARENT`, `iptables` intercepts traffic using TPROXY target, routing rules tell marked packets to go to the local proxy without changing their original destination.\n\nThis mode requires elevated privileges to run `GoHPTS`. You can do that by running the follwing command:\n\n```shell\nsudo setcap 'cap_net_admin+ep' ~/go/bin/gohpts\n```\n\nTo run `GoHPTS` in this mode you use `-t` or `-T` flags with `-M tproxy`\n\n### Example\n\n```shell\n# run the proxy\ngohpts -s 1080 -T 0.0.0.0:1090 -M tproxy -d\n```\n\n```shell\n# run socks5 server on 127.0.0.1:1080\nssh remote -D 1080 -Nf\n```\n\nSetup your operating system:\n\n```shell\nip netns exec ns-client ip route add default via 10.0.0.1\nsysctl -w net.ipv4.ip_forward=1\n\niptables -t mangle -A PREROUTING -i veth1 -p tcp -j TPROXY --on-port 1090 --tproxy-mark 0x1/0x1\n\nip rule add fwmark 1 lookup 100\nip route add local 0.0.0.0/0 dev lo table 100\n```\n\nTest connection:\n\n```shell\nip netns exec ns-client curl http://1.1.1.1\n```\n\nUndo everything:\n\n```shell\nsysctl -w net.ipv4.ip_forward=0\niptables -t mangle -F\nip rule del fwmark 1 lookup 100\nip route flush table 100\nip netns del ns-client\nip link del veth1\n```\n\n### Auto configuration for `tproxy` mode\n\n[[Back]](#table-of-contents)\n\nTo configure your system automatically, run the following command (for example, on a separate VM):\n\n```shell\nssh remote -D 1080 -Nf\nsudo env PATH=$PATH gohpts -d -T 8888 -M tproxy -auto -mark 100\n```\n\nRun the following on your host:\n\n```shell\nip route show default \u003e /tmp/default-route.txt\n\nip route add 0.0.0.0/1 via 192.168.0.1 # change with ip of your VM\nip route add 128.0.0.0/1 via 192.168.0.1\n```\n\nTest connection:\n\n```shell\ncurl http://example.com #check logs on your VM\n```\n\nUndo everything:\n\n```shell\nip route del 0.0.0.0/1 via 192.168.0.1 2\u003e/dev/null || true\nip route del 128.0.0.0/1 via 192.168.0.1 2\u003e/dev/null || true\n\nif [[ -f /tmp/default-route.txt ]]; then\n    eval $(awk '{print \"ip route add \"$0}' /tmp/default-route.txt)\n    rm -f /tmp/default-route.txt\nelse\n    echo \"Something went wrong\"\nfi\n```\n\n### ARP spoofing\n\n[[Back]](#table-of-contents)\n\n`GoHPTS` has in-built ARP spoofer that can be used to make all TCP talking devices of your LAN to use proxy server to connect to the Internet.\nThis is achieved by adding `-arpspoof` flag with couple of parameters, separated by semicolon.\n\nExample:\n\n```shell\nssh remote -D 1080 -Nf\nsudo env PATH=$PATH gohpts -d -T 8888 -M tproxy -sniff -body -auto -mark 100 -arpspoof \"targets 192.168.10.0/24;fullduplex true;debug true\"\n```\n\nProxy will scan for devices in subnet `192.168.10.0/24` and send them ARP packets to pretend to be a gateway, if `fullduplex` is true,\nproxy will send ARP packets to gateway as well to make it believe our proxy has each IP on the subnet.\n\nAfter proxy is stopped with `Ctrl+C`, it will automatically unspoof all targets.\n\n`GoHPTS` can also be used with tools like [Bettercap](https://github.com/bettercap/bettercap) to proxy ARP spoofed traffic.\n\nRun the proxy:\n\n```shell\nssh remote -D 1080 -Nf\nsudo env PATH=$PATH gohpts -d -T 8888 -M tproxy -sniff -body -auto -mark 100\n```\n\nRun `bettercap` with this command (see [documentation](https://www.bettercap.org/)):\n\n```shell\nsudo bettercap -eval \"net.probe on;net.recon on;set arp.spoof.fullduplex true;arp.spoof on\"\n```\n\nCheck proxy logs for traffic from other devices from your LAN\n\nFor more information about arpspoof options see `gohpts -h` and [https://github.com/shadowy-pycoder/arpspoof](https://github.com/shadowy-pycoder/arpspoof)\n\n### UDP support\n\n[[Back]](#table-of-contents)\n\n`GoHPTS` has UDP support that can be enabled in `tproxy` mode. For this setup to work you need to connect to a socks5 server capable of serving UDP connections (`UDP ASSOCIATE`). For example, you can use [https://github.com/wzshiming/socks5](https://github.com/wzshiming/socks5) to deploy UDP capable socks5 server on some remote or local machine. Once you have the server to connect to, run the following command:\n\n```shell\nsudo env PATH=$PATH gohpts -s remote -Tu :8989 -M tproxy -auto -mark 100 -d\n```\n\nThis command will configure your operating system and setup server on `0.0.0.0:8989` address.\n\nTo test it locally, you can combine UDP transparent proxy with `-arpspoof` flag. For example:\n\n1. Setup VM on your system with any Linux distributive that supports `tproxy` (Kali Linux, for instance).\n2. Enable `bridged` network so that VM could access your host machine.\n3. Move `gohpts` binary to VM (via `ssh`, for instance) or build it there in case of different OS/arch.\n4. On your VM run the following command:\n\n```shell\n# Do not forget to replace \u003csocks5 server\u003e and \u003cyour host\u003e with actual addresses\nsudo ./gohpts -s \u003csocks5 server\u003e -T 8888 -Tu :8989 -M tproxy -sniff -body -auto -mark 100 -d -arpspoof \"targets \u003cyour host\u003e;fullduplex true;debug false\"\n```\n\n5. Check connection on your host machine, the traffic should go through Kali machine.\n\n### Android support\n\nTransparent proxy can be enabled on Android devices (arm64) with root access. You can install [Termux](https://github.com/termux/termux-app) and run `GoHPTS` as a CLI tool there:\n\n```shell\n# you need to root your device first\npkg install tsu iproute2\n# Android support added in v1.10.2\nGOHPTS_RELEASE=v1.10.2; wget -v https://github.com/shadowy-pycoder/go-http-proxy-to-socks/releases/download/$GOHPTS_RELEASE/gohpts-$GOHPTS_RELEASE-android-arm64.tar.gz -O gohpts \u0026\u0026 tar xvzf gohpts \u0026\u0026 mv -f gohpts-$GOHPTS_RELEASE-android-arm64 gohpts \u0026\u0026 ./gohpts -h\n# use your phone as router for LAN devices redirecting their traffic to remote socks5 server\nsudo ./gohpts -s remote -t 8888 -Tu :8989 -M tproxy -sniff -body -auto -mark 100 -d -arpspoof \"fullduplex true;debug false\"\n```\n\n### IPv6 support\n\nTo enable IPv6 handling just add `-6` flag, for example when using with transparent proxy:\n\n```shell\nsudo ./gohpts -T 8888 -M redirect -sniff -body -auto -mark 100 -d -6\n```\n\nFor this to work, your ISP and remote socks5 proxy should have active IPv6 support, you can visit [https://test-ipv6.com/](https://test-ipv6.com/) to find out you can access IPv6 addresses.\nTo test proxy in IPv6 mode you can use any Linux VM:\n\n1. On your virtual machine:\n\n```shell\n# add your host machine as gateway for VM\nexport GATEWAY=\"\u003chost IPv4 address\u003e\"\nip route add 0.0.0.0/1 via \"$GATEWAY\"\nip route add 128.0.0.0/1 via \"$GATEWAY\"\n\n# add your host machine as gateway IPv6 for VM\nexport GATEWAY6=\"\u003chost IPv6 address\u003e\"\nip -6 route add ::/1 via \"$GATEWAY6\" dev eth0\nip -6 route add 8000::/1 via \"$GATEWAY6\" dev eth0\n```\n\n2. On your host:\n\n```shell\n# run proxy on your host\nsudo ./gohpts -T 8888 -Tu 8889 -M tproxy -sniff -body -auto -d -6\n```\n\n3. Visit any website on your virtual machine and see traffic in proxy logs\n\n### NDP spoofing\n\n[[Back]](#table-of-contents)\n\n`GoHPTS` has in-built functionality to perform NDP spoofing in IPv6 networks with Router Advertisement (RA) and Neighbor Advertisement (NA) packets. It also includes RDNSS option in RA packets to put host as a IPv6 nameserver for affected clients. When combined with transparent proxy mode (TCP/UDP), NDP spoofing allows `gohpts` to proxy traffic for clients in the local networks. As is the case with [ARP spoofing](#arp-spoofing), you can set ndp spoof options with single `-ndpspoof` flag:\n\nExample:\n\n```shell\nsudo env PATH=$PATH gohpts -d -T 8888 -M tproxy -sniff -body -auto -mark 100 -ndpspoof \"ra true;na true;targets fe80::3a1c:7bff:fe22:91a4;fullduplex false;debug true\"\n```\n\nFor more information about ndpspoof options see `gohpts -h` and [https://github.com/shadowy-pycoder/ndpspoof](https://github.com/shadowy-pycoder/ndpspoof)\n\nPlese note that some options like `rdnss`, `gateway`, `interface` are set automatically by `gohpts` itself to properly function as a proxy.\n\nSince `gohpts` proxies all connections via upstream SOCKS5 server, you need to have a working server with IPv4/IPv6 and TCP/UDP support. Obviously, a remote machine (e.g. VPS) should also have IPv6 connectivity working. Needless to say, the machine on which `gohpts` is installed should be part of network with IPv6 support.\n\nExample setup for NDP spoofing to work correctly:\n\n1. Connect to VPS\n\n```shell\nssh remote@203.0.113.10\n```\n\n2. Install dependencies\n\n```shell\nGO_VERSION=$(curl 'https://go.dev/VERSION?m=text' | head -n1)\ncd ~/Downloads/ \u0026\u0026 wget https://go.dev/dl/$GO_VERSION.linux-amd64.tar.gz\nsudo rm -rf /usr/local/go \u0026\u0026 sudo tar -C /usr/local -xzf $GO_VERSION.linux-amd64.tar.gz\n```\n\n3. Setup SOCKS5 server (make sure firewall rules do not block used ports)\n\n```shell\ngit clone https://github.com/wzshiming/socks5.git \u0026\u0026 cd socks5\ngo build -o ./bin/socks5_server ./cmd/socks5/*.go\n./bin/socks5_server -a :3000\n```\n\n4. Go back to your host machine and install `gohpts` (see [Installation](#installation))\n\n5. Run `gohtps`:\n\n```shell\nsudo env PATH=$PATH gohpts -s 203.0.113.10:3000 -T 8888 -Tu 8889 -M tproxy -sniff -body -auto -mark 100 -arpspoof \"fullduplex true;debug true\" -ndpspoof \"ra true;debug true\n\" -6 -d\n```\n\n6. Get another device (phone, tablet, etc) and connect it to the same network. Try to access Internet and check if some traffic appears on your host machine. Check public IP address with some online tools (it should match your VPS address `203.0.113.10` in this case or global IPv6 address)\n\n7. Stop proxy by hitting Ctrl+C\n\n8. Profit!\n\n## Traffic sniffing\n\n[[Back]](#table-of-contents)\n\n`GoHPTS` proxy allows one to capture and monitor traffic that goes through the service. This procces is known as `traffic sniffing`, `packet sniffing` or just `sniffing`. In particular, proxy tries to identify whether it is a plain text (HTTP) or TLS traffic, and after identification is done, it parses request/response metadata and writes it to the file or console. In the case of `GoHTPS` proxy a parsed metadata looks like the following (TLS Handshake):\n\n### JSON format\n\n```json\n[\n  {\n    \"connection\": {\n      \"tproxy_mode\": \"redirect\",\n      \"src_local\": \"127.0.0.1:8888\",\n      \"src_remote\": \"192.168.0.107:51142\",\n      \"dst_local\": \"127.0.0.1:56256\",\n      \"dst_remote\": \"127.0.0.1:1080\",\n      \"original_dst\": \"216.58.209.206:443\"\n    }\n  },\n  {\n    \"tls_request\": {\n      \"sni\": \"www.youtube.com\",\n      \"type\": \"Client hello (1)\",\n      \"version\": \"TLS 1.2 (0x0303)\",\n      \"session_id\": \"2670a6779b4346e5e84d46890ad2aaf7a53b08adcfe0c9f6868c2d9882242e39\",\n      \"cipher_suites\": [\n        \"TLS_AES_128_GCM_SHA256 (0x1301)\",\n        \"TLS_CHACHA20_POLY1305_SHA256 (0x1303)\",\n        \"TLS_AES_256_GCM_SHA384 (0x1302)\",\n        \"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b)\",\n        \"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)\",\n        \"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca9)\",\n        \"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca8)\",\n        \"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02c)\",\n        \"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)\",\n        \"TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a)\",\n        \"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009)\",\n        \"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)\",\n        \"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)\",\n        \"TLS_RSA_WITH_AES_128_GCM_SHA256 (0x9c)\",\n        \"TLS_RSA_WITH_AES_256_GCM_SHA384 (0x9d)\",\n        \"TLS_RSA_WITH_AES_128_CBC_SHA (0x2f)\",\n        \"TLS_RSA_WITH_AES_256_CBC_SHA (0x35)\"\n      ],\n      \"extensions\": [\n        \"server_name (0)\",\n        \"extended_master_secret (23)\",\n        \"renegotiation_info (65281)\",\n        \"supported_groups (10)\",\n        \"ec_point_formats (11)\",\n        \"session_ticket (35)\",\n        \"application_layer_protocol_negotiation (16)\",\n        \"status_request (5)\",\n        \"delegated_credential (34)\",\n        \"signed_certificate_timestamp (18)\",\n        \"key_share (51)\",\n        \"supported_versions (43)\",\n        \"signature_algorithms (13)\",\n        \"psk_key_exchange_modes (45)\",\n        \"record_size_limit (28)\",\n        \"compress_certificate (27)\",\n        \"encrypted_client_hello (65037)\"\n      ],\n      \"alpn\": [\"h2\", \"http/1.1\"]\n    }\n  },\n  {\n    \"tls_response\": {\n      \"type\": \"Server hello (2)\",\n      \"version\": \"TLS 1.2 (0x0303)\",\n      \"session_id\": \"2670a6779b4346e5e84d46890ad2aaf7a53b08adcfe0c9f6868c2d9882242e39\",\n      \"cipher_suite\": \"TLS_AES_128_GCM_SHA256 (0x1301)\",\n      \"extensions\": [\"key_share (51)\", \"supported_versions (43)\"],\n      \"supported_version\": \"TLS 1.3 (0x0304)\"\n    }\n  }\n]\n```\n\nAnd HTTP request with curl:\n\n```json\n[\n  {\n    \"connection\": {\n      \"tproxy_mode\": \"redirect\",\n      \"src_local\": \"127.0.0.1:8888\",\n      \"src_remote\": \"192.168.0.107:45736\",\n      \"dst_local\": \"127.0.0.1:37640\",\n      \"dst_remote\": \"127.0.0.1:1080\",\n      \"original_dst\": \"96.7.128.198:80\"\n    }\n  },\n  {\n    \"http_request\": {\n      \"host\": \"example.com\",\n      \"uri\": \"/\",\n      \"method\": \"GET\",\n      \"proto\": \"HTTP/1.1\",\n      \"header\": {\n        \"Accept\": [\"*/*\"],\n        \"My\": [\"Header\"],\n        \"User-Agent\": [\"curl/7.81.0\"]\n      }\n    }\n  },\n  {\n    \"http_response\": {\n      \"proto\": \"HTTP/1.1\",\n      \"status\": \"200 OK\",\n      \"content-length\": 1256,\n      \"header\": {\n        \"Cache-Control\": [\"max-age=2880\"],\n        \"Connection\": [\"keep-alive\"],\n        \"Content-Length\": [\"1256\"],\n        \"Content-Type\": [\"text/html\"],\n        \"Date\": [\"Tue, 17 Jun 2025 14:43:24 GMT\"],\n        \"Etag\": [\"\\\"84238dfc8092e5d9c0dac8ef93371a07:1736799080.121134\\\"\"],\n        \"Last-Modified\": [\"Mon, 13 Jan 2025 20:11:20 GMT\"]\n      }\n    }\n  }\n]\n```\n\nUsage as simple as specifying `-sniff` flag along with regular flags\n\n```shell\ngohpts -d -t 8888 -M redirect -sniff -j\n```\n\nYou can also specify a file to which write sniffed traffic:\n\n```shell\ngohpts -sniff -snifflog ~/sniff.log -j\n```\n\n### Colored format\n\n[[Back]](#table-of-contents)\n\n![GoHPTS - Colors example](resources/sniffing_color.png)\n\nYou can see the example of colored output in the picture above. In this mode, `GoHPTS` tries to highlight import information such as TLS Handshake, HTTP metadata, something that looks line login/passwords or different types of auth and secret tokens. The output is limited comparing to JSON but way easier to read for humans.\n\nTo run `GoHPTS` in this mode you use the following flags:\n\n```shell\ngohpts -sniff -body\n```\n\nYou can combine sniffing with transparent mode:\n\n```shell\n./gohpts -T 8888 -M redirect -sniff -body\n```\n\nTo disable colors add `-nocolor`:\n\n```shell\ngohpts -sniff -body -nocolor\n```\n\n## Links\n\n[[Back]](#table-of-contents)\n\nLearn more about transparent proxies by visiting the following links:\n\n- [Transparent proxy support in Linux Kernel](https://docs.kernel.org/networking/tproxy.html)\n- [Transparent proxy tutorial by Gost](https://latest.gost.run/en/tutorials/redirect/)\n- [Simple tproxy example](https://github.com/FarFetchd/simple_tproxy_example)\n- [Golang TProxy](https://github.com/KatelynHaworth/go-tproxy)\n- [Transparent Proxy Implementation using eBPF and Go](https://medium.com/all-things-ebpf/building-a-transparent-proxy-with-ebpf-50a012237e76)\n- [https://github.com/heiher/hev-socks5-tproxy](https://github.com/heiher/hev-socks5-tproxy)\n\n  `socks5` proxy with `UDP ASSOCIATE` support:\n\n- [https://github.com/wzshiming/socks5](https://github.com/wzshiming/socks5)\n- [https://github.com/things-go/go-socks5](https://github.com/things-go/go-socks5)\n- [https://github.com/0990/socks5](https://github.com/0990/socks5)\n- [https://github.com/dizda/fast-socks5](https://github.com/dizda/fast-socks5)\n- [https://github.com/semigodking/redsocks](https://github.com/semigodking/redsocks)\n- [https://github.com/ginuerzh/gost](https://github.com/ginuerzh/gost)\n\nIPv4/IPv6 network security:\n\n- [https://caster0x00.com/legless/](https://caster0x00.com/legless/)\n- [https://caster0x00.com/intercept/](https://caster0x00.com/intercept/)\n- [https://www.prosec-networks.com/en/blog/ipv6-mitm/](https://www.prosec-networks.com/en/blog/ipv6-mitm/)\n\n## Contributing\n\n[[Back]](#table-of-contents)\n\nAre you a developer?\n\n- Fork the repository\n- Create your feature branch: `git switch -c my-new-feature`\n- Commit your changes: `git commit -am 'Add some feature'`\n- Push to the branch: `git push origin my-new-feature`\n- Submit a pull request\n\n## License\n\n[[Back]](#table-of-contents)\n\nGPLv3\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fshadowy-pycoder%2Fgo-http-proxy-to-socks","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fshadowy-pycoder%2Fgo-http-proxy-to-socks","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fshadowy-pycoder%2Fgo-http-proxy-to-socks/lists"}