{"id":17225549,"url":"https://github.com/v-byte-cpu/wirez","last_synced_at":"2025-03-17T11:30:30.766Z","repository":{"id":45276577,"uuid":"410377730","full_name":"v-byte-cpu/wirez","owner":"v-byte-cpu","description":"redirect all TCP/UDP traffic of any program to SOCKS5 proxy","archived":false,"fork":false,"pushed_at":"2024-03-02T12:27:29.000Z","size":42,"stargazers_count":142,"open_issues_count":4,"forks_count":13,"subscribers_count":5,"default_branch":"main","last_synced_at":"2025-03-16T11:11:22.068Z","etag":null,"topics":["auth","load-balancer","proxy","proxychains","socks","socks5"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/v-byte-cpu.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-09-25T20:41:46.000Z","updated_at":"2025-03-04T07:07:08.000Z","dependencies_parsed_at":"2024-10-27T13:06:37.098Z","dependency_job_id":null,"html_url":"https://github.com/v-byte-cpu/wirez","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/v-byte-cpu%2Fwirez","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/v-byte-cpu%2Fwirez/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/v-byte-cpu%2Fwirez/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/v-byte-cpu%2Fwirez/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/v-byte-cpu","download_url":"https://codeload.github.com/v-byte-cpu/wirez/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":244025172,"owners_count":20385529,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["auth","load-balancer","proxy","proxychains","socks","socks5"],"created_at":"2024-10-15T04:13:52.797Z","updated_at":"2025-03-17T11:30:30.437Z","avatar_url":"https://github.com/v-byte-cpu.png","language":"Go","readme":"# wirez\n\n[![License](https://img.shields.io/badge/license-MIT-blue.svg)](https://github.com/v-byte-cpu/wirez/blob/main/LICENSE)\n[![Build Status](https://cloud.drone.io/api/badges/v-byte-cpu/wirez/status.svg)](https://cloud.drone.io/v-byte-cpu/wirez)\n[![GoReportCard Status](https://goreportcard.com/badge/github.com/v-byte-cpu/wirez)](https://goreportcard.com/report/github.com/v-byte-cpu/wirez)\n\n**wirez** can redirect all TCP/UDP traffic made by **any** given program (application, script, shell, etc.) to SOCKS5 proxy\nand block other IP traffic (ICMP, SCTP etc).\n\nCompared with [tsocks](https://linux.die.net/man/8/tsocks), [proxychains](http://proxychains.sourceforge.net/) or \n[proxychains-ng](https://github.com/rofl0r/proxychains-ng), `wirez` is not using the [LD_PRELOAD hack](https://stackoverflow.com/questions/426230/what-is-the-ld-preload-trick) \nthat only works for dynamically linked programs, e.g., [applications built by Go can not be hooked by proxychains-ng](https://github.com/rofl0r/proxychains-ng/issues/199).\n\nInstead, `wirez` is based on the rootless container technology and the userspace network stack, that is much more robust and secure.\nSee [how does it work](#how-does-it-work) for more details.\n\nAlso, wirez can act as a simple SOCKS5 load balancer server.\n\nhttps://user-images.githubusercontent.com/65545655/200089415-fc04e91e-e933-43b6-a3b1-7243c5171f9d.mp4\n\n\n---\n\n- [Installation](#installation)\n- [Quick Start](#quick-start)\n- [Load Balancing](#load-balancing)\n- [How does it work?](#how-does-it-work)\n- [License](#license)\n\n---\n\n## Installation\n\n`wirez` is a cross-platform application. However, `run` subcommand is available only on Linux.\n\n### From source\n\nFrom the root of the source tree, run:\n\n```\ngo build\n```\n\n## Quick Start\n\nstart bash shell and redirect all TCP and UDP traffic through socks5 proxy server that is listening on `127.0.0.1:1234` address:\n\n```\nwirez run -F 127.0.0.1:1234 bash\n```\n\nproxy a curl request to `example.com`:\n\n```\nwirez run -F 127.0.0.1:1234 -- curl example.com\n```\n\nBy default, all UDP traffic is forwarded to SOCKS5 proxy using UDP ASSOCIATE request. \nIf SOCKS5 proxy doesn't support this method (like ssh and Tor) you can use local port forwarding option `-L`.\nIt specifies that connections to the target host and TCP/UDP port are to be directly forwarded to the given host and port.\n\nFor instance, forward all TCP traffic through proxy, but all UDP traffic directly to 1.1.1.1 DNS server: \n\n```\nwirez run -F 127.0.0.1:1234 -L 53:1.1.1.1:53/udp -- curl example.com\n```\n\nforward all TCP and UDP traffic through the proxy, but redirect TCP traffic targeted to `10.10.10.10:2345` directly to `127.0.0.1:4567`:\n\n```\nwirez run -F 127.0.0.1:1234 -L 10.10.10.10:2345:127.0.0.1:4567/tcp bash\n```\n\n## Load Balancing\n\nCreate a plain text file with one socks5 proxy per line. For demonstration purposes, here is an example file `proxies.txt`:\n\n```\n10.1.1.1:1035\n10.2.2.2:1037\n```\n\nStart **wirez** on the localhost on port 1080:\n\n```\nwirez server -f proxies.txt -l 127.0.0.1:1080\n```\n\nNow every socks5 request on 1080 port will be load balanced between socks5 proxies in the `proxies.txt` file. Enjoy!\n\n## Usage\n\n```\nwirez help\n```\n\n## How does it work?\n\nFirst of all, `run` command creates a new unix socket pair for parent/child process communication.\n\n```\nfds, err := unix.Socketpair(unix.AF_UNIX, unix.SOCK_STREAM, 0)\n```\n\nAfter that we start a new child process in a new Linux user namespace, see `user_namespaces(7)`:\n\n```\nproc.SysProcAttr = \u0026syscall.SysProcAttr{\n\tCloneflags: syscall.CLONE_NEWUTS | syscall.CLONE_NEWNET | syscall.CLONE_NEWUSER,\n\t...\n}\n```\n\nInside the new namespace, the child process has root capabilities, so we open a new tun network device:\n\n```\ntunFd, err := tun.Open(tunDevice)\n```\n\nand send this tun file descriptor to the parent process using the unix socket pair:\n\n```\nrights := unix.UnixRights(fd)\nreturn unix.Sendmsg(c.socketFd, nil, rights, nil, 0)\n```\n\nin the parent process we receive this tun file descriptor:\n\n```\nfunc (c *parentUnixSocketConn) ReceiveFd() (fd int, err error) {\n\t// receive socket control message\n\tb := make([]byte, unix.CmsgSpace(4))\n\tif _, _, _, _, err = unix.Recvmsg(c.socketFd, nil, b, 0); err != nil {\n\t\treturn\n\t}\n\n\t// parse socket control message\n\tcmsgs, err := unix.ParseSocketControlMessage(b)\n\tif err != nil {\n\t\treturn 0, fmt.Errorf(\"parse socket control message: %w\", err)\n\t}\n\n\ttunFds, err := unix.ParseUnixRights(\u0026cmsgs[0])\n\tif err != nil {\n\t\treturn 0, err\n\t}\n\tif len(tunFds) == 0 {\n\t\treturn 0, errors.New(\"tun fds slice is empty\")\n\t}\n\treturn tunFds[0], nil\n}\n```\n\nand initialize a gVisor userspace network stack on top of it. Then in the child process we set up the tun device as default IP gateway \nand, finally, start a target process specified in cli args. That's it!\n\n## License\n\nThis project is licensed under the MIT License. See the [LICENSE](https://github.com/v-byte-cpu/wirez/blob/main/LICENSE) file for the full license text.\n","funding_links":[],"categories":["Go"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fv-byte-cpu%2Fwirez","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fv-byte-cpu%2Fwirez","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fv-byte-cpu%2Fwirez/lists"}