A flexible tool for redirecting a given program's TCP traffic to SOCKS5 or HTTP proxy.

Overview

graftcp

Build Status

English | 简体中文

Introduction

graftcp can redirect the TCP connection made by the given program [application, script, shell, etc.] to SOCKS5 or HTTP proxy.

Compared with tsocks, proxychains or proxychains-ng, graftcp is not using the LD_PRELOAD trick which only work for dynamically linked programs, e.g., applications built by Go can not be hook by proxychains-ng. graftcp can trace or modify any given program's connect by ptrace(2), so it is workable for any program. The principle will be explained in this paragraph of how does it work.

Installation

Install from source

graftcp runs on Linux. Building graftcp-local requires Go installed.

git clone https://github.com/hmgle/graftcp.git
cd graftcp
make

After make finishes, you'll be able to use local/graftcp-local and ./graftcp. Optionally, you can also install them to system:

sudo make install
# Enable and activate systemed unit 
sudo make install_systemd

Install from binary package

Download the Debian or Arch Linux package from https://github.com/hmgle/graftcp/releases and install.

Usage

graftcp-local:

$ local/graftcp-local -h
Usage of local/graftcp-local:
  -config string
        Path to the configuration file
  -http_proxy string
        http proxy address, e.g.: 127.0.0.1:8080
  -listen string
        Listen address (default ":2233")
  -logfile string
        Write logs to file
  -loglevel value
        Log level (0-6) (default 1)
  -pipepath string
        Pipe path for graftcp to send address info (default "/tmp/graftcplocal.fifo")
  -select_proxy_mode string
        Set the mode for select a proxy [auto | random | only_http_proxy | only_socks5] (default "auto")
  -service string
        Control the system service: ["start" "stop" "restart" "install" "uninstall"]
  -socks5 string
        SOCKS5 address (default "127.0.0.1:1080")
  -syslog
        Send logs to the local system logger (Eventlog on Windows, syslog on Unix)

graftcp:

$ graftcp -h
Usage: graftcp [options] prog [prog-args]

Options:
  -c --conf-file=<config-file-path>
                    Specify configuration file
  -a --local-addr=<graftcp-local-IP-addr>
                    graftcp-local's IP address. Default: localhost
  -p --local-port=<graftcp-local-port>
                    Which port is graftcp-local listening? Default: 2233
  -f --local-fifo=<fifo-path>
                    Path of fifo to communicate with graftcp-local.
                    Default: /tmp/graftcplocal.fifo
  -b --blackip-file=<black-ip-file-path>
                    The IP in black-ip-file will connect direct
  -w --whiteip-file=<white-ip-file-path>
                    Only redirect the connect that destination ip in the
                    white-ip-file to SOCKS5
  -n --not-ignore-local
                    Connecting to local is not changed by default, this
                    option will redirect it to SOCKS5
  -V --version
                    Show version
  -h --help
                    Display this help and exit

mgraftcp: Combined graftcp-local and graftcp (mgraftcp = graftcp-local + graftcp). mgraftcp can be used to replace graftcp without running graftcp-local.

Usage: mgraftcp [-hn] [-b value] [--enable-debug-log] [--http_proxy value] [--select_proxy_mode value] \
    [--socks5 value] [--socks5_password value] [--socks5_username value] [--version] [-w value] prog [prog-args]
 -b, --blackip-file=value
                The IP in black-ip-file will connect direct
     --enable-debug-log
                enable debug log
 -h, --help     Display this help and exit
     --http_proxy=value
                http proxy address, e.g.: 127.0.0.1:8080
 -n, --not-ignore-local
                Connecting to local is not changed by default, this option
                will redirect it to SOCKS5
     --select_proxy_mode=value
                Set the mode for select a proxy [auto | random |
                only_http_proxy | only_socks5 | direct] [auto]
     --socks5=value
                SOCKS5 address [127.0.0.1:1080]
     --socks5_password=value
                SOCKS5 password
     --socks5_username=value
                SOCKS5 username
     --version  Print the mgraftcp version information
 -w, --whiteip-file=value
                Only redirect the connect that destination ip in the
                white-ip-file to SOCKS5

Configuration

graftcp-local and mgraftcp look for config file in following order:

  1. File provided as a --config argument
  2. $(the path of the executeable)/graftcp-local.conf
  3. /etc/graftcp-local/graftcp-local.conf

Demo

Assume you are running the SOCKS5 proxy with the default IP address: "localhost:1080". Start the graftcp-local first:

local/graftcp-local

Install the Go package from golang.org (now is blocked by the GFW) via graftcp:

./graftcp go get -v golang.org/x/net/proxy

Open Chromium / Chrome / Firefox browser via graftcp, then all the requests from this browser will redirect to the SOCKS5 proxy:

./graftcp chromium-browser

Launch Bash / Zsh / Fish via graftcp, then all the TCP traffic generated by the command in this shell will redirect to the SOCKS5 proxy:

% ./graftcp bash
$ wget https://www.google.com

demo

How does it work?

To achieve the goal of redirecting the TCP connection of a app to another destination address and the app itself is not aware of it, these conditions are probably required:

  • fork(2) a new process and trace it using ptrace(2), execve(2) to run the app. Every connect(2) syscall will be intercepted, then get the destination address argument and send it to graftcp-local via pipe.
  • Modify the destination address argument of connect(2) to graftcp-local's address, and restart the stopped syscall. After the syscall returns successfully, the app thought it has connected the original destination address, but in face it connected the graftcp-local, so we named it "graft".
  • graftcp-local establish a SOCKS5 connection based on the information of app's original destination address, then redirect the requests from the app to the SOCKS5 proxy.

Someone may have a question here: since we can modify the arguments of a syscall, modify the app's write(2) / send(2) buf argument, attach the original destination information to the write buffer, isn't it simpler? The answer is that cannot be done. Because attach data to the buffer of the tracked child process, it may case a buffer overflow, causing crash or overwrite other data.
In addition, as the execve(2) will detach and unmap all shared memory, we also cannot add extra data to the write buffer of traced app by sharing memory, so we send the original destination address via pipe.

The simple sketch is as follows:

+---------------+             +---------+         +--------+         +------+
|   graftcp     |  dest host  |         |         |        |         |      |
|   (tracer)    +---PIPE----->|         |         |        |         |      |
|      ^        |  info       |         |         |        |         |      |
|      | ptrace |             |         |         |        |         |      |
|      v        |             |         |         |        |         |      |
|  +---------+  |             |         |         |        |         |      |
|  |         |  |  connect    |         | connect |        | connect |      |
|  |         +--------------->| graftcp +-------->| SOCKS5 +-------->| dest |
|  |         |  |             | -local  |         |  or    |         | host |
|  |  app    |  |  req        |         |  req    | HTTP   |  req    |      |
|  |(tracee) +--------------->|         +-------->| proxy  +-------->|      |
|  |         |  |             |         |         |        |         |      |
|  |         |  |  resp       |         |  resp   |        |  resp   |      |
|  |         |<---------------+         |<--------+        |<--------+      |
|  +---------+  |             |         |         |        |         |      |
+---------------+             +---------+         +--------+         +------+

FAQ and Tips

What are some ways to redirect TCP connections?

The main ones are: global way, environment variables setting way, and programs selection way.

Global way: e.g., use iptables + RedSocks to convert the system's traffic that match certain rules into SOCKS5 traffic. The pros is that it is globally effective; the cons is that all traffic that satisfies the rule is redirected, and the scope of influence is large.

Environment variable setting: some programs will read the proxy-related environment variables to determine whether to convert their own traffic to the corresponding proxy protocol traffic, such as curl will read http_proxy, ftp_proxy, all_proxy Environment variables and decide which proxy traffic to convert based on the request URL scheme. This way is effective only if the program itself implements the traffic conversion function, so it is very limited.

programs selection way: this way can only perform redirection for specified programs, such as tsocks or proxychains. As mentioned earlier, they were using the LD_PRELOAD hijacking dynamic library function, and the default static link compiled program such as Go is invalid. graftcp improves this by being able to redirect TCP connections from any program.

Will graftcp redirect the connection to the SOCKS5 proxy if the target address is localhost?

No. By default, graftcp ignore the connections to localhost. If you want to redirect all addresses, you can use the -n option. If you want to ignore more addresses, you can add them to the blacklist IP file; if you want to redirect only certain IP addresses, you can add them to the whitelist IP file. Use graftcp --help to get more information.

I am suffering a DNS cache poisoning attack, does graftcp handle DNS requests?

No. graftcp currently only handles TCP connections. dnscrypt-proxy or ChinaDNS may help you.

The clone(2)'s argument has a flag CLONE_UNTRACED to avoid being traced, how does graftcp do forced tracing?

graftcp will intercept the clone(2) syscall, and clearing the CLONE_UNTRACED flag, so the tracked child process could not escape the fate of being tracked. In addition, this CLONE_UNTRACED flag is intended for the kernel, and user space program should not set it.

Linux provides a way to limit the ptrace(2): set the value of /proc/sys/kernel/yama/ptrace_scope. If ptrace(2) is invalid, check if the default value has been modified.

Does it support macOS?

No. macOS's ptrace(2) is useless. However, it can also be achieved theoretically by referring to DTrace. See issue 12. Anyone try it? 😁

TODO

  • ARM/Linux Support
  • i386/Linux Support

Acknowledgements and References

LICENSE

Copyright © 2016, 2018-2021 Hmgle [email protected]

Released under the terms of the GNU General Public License, version 3

Issues
  • 代理出错,graftcp-local 报 getPidByAddr failed 错误

    代理出错,graftcp-local 报 getPidByAddr failed 错误

    1. 使用环境 使用 master 最新分支编译,操作系统 Ubuntu 14.04.5

    2. 问题重现

      • 创建一个 socks5 代理: ssh localhost -D 1080
      • 启动 graftcp-local: ./graftcp-local/graftcp-local -select_proxy_mode only_socks5
      • 访问百度:./graftcp curl www.baidu.com 重复执行命令,访问百度,则有很大概率出现错误:curl: (56) Recv failure: 连接被对方重设 此时,graftcp-local 报错:[ERROR] getPidByAddr(127.0.0.1:42354) failed
    opened by lxf1992521 14
  • gaftcp 不能代理 sudo

    gaftcp 不能代理 sudo

    说起来可能有点奇怪,不过确实需要 graftcp sudo xxx 时 sudo 会提示“有效用户 ID 不是 0,/usr/bin/sudo 位于一个设置了“nosuid”选项的文件系统或没有 root 权限的 NFS 文件系统中吗?” 至于为什么会用到这个,个人在 yay 安装 aur 时需要,因为 yay 会自动 sudo pacman 安装

    opened by unknowndevQwQ 7
  • Some problems of graftcp on Ubuntu 20.04.

    Some problems of graftcp on Ubuntu 20.04.

    On Ubuntu 20.04, I try to test graftcp with the following example, but failed:

    $ sudo gdebi graftcp_0.4.0-1_amd64.deb
    $ sudo systemctl disable graftcp-local.service
    $ mgraftcp --socks5 127.0.0.1:18889 ipython
    Python 3.9.1 (default, Feb 10 2021, 15:30:33) 
    Type 'copyright', 'credits' or 'license' for more information
    IPython 7.23.1 -- An enhanced Interactive Python. Type '?' for help.
    
    In [1]: import imapclient
    
    In [2]: imapObj = imapclient.IMAPClient('imap.gmail.com', ssl=True)
    ---------------------------------------------------------------------------
    SSLEOFError                               Traceback (most recent call last)
    <ipython-input-2-08c6d4884af9> in <module>
    ----> 1 imapObj = imapclient.IMAPClient('imap.gmail.com', ssl=True)
    
    ~/.pyenv/versions/3.9.1/envs/datasci/lib/python3.9/site-packages/imapclient/imapclient.py in __init__(self, host, port, use_uid, ssl, stream, ssl_context, timeout)
        282         self._idle_tag = None
        283 
    --> 284         self._imap = self._create_IMAP4()
        285         logger.debug(
        286             "Connected to host %s over %s",
    
    ~/.pyenv/versions/3.9.1/envs/datasci/lib/python3.9/site-packages/imapclient/imapclient.py in _create_IMAP4(self)
        319 
        320         if self.ssl:
    --> 321             return tls.IMAP4_TLS(
        322                 self.host,
        323                 self.port,
    
    ~/.pyenv/versions/3.9.1/envs/datasci/lib/python3.9/site-packages/imapclient/tls.py in __init__(self, host, port, ssl_context, timeout)
         42         self.ssl_context = ssl_context
         43         self._timeout = timeout
    ---> 44         imaplib.IMAP4.__init__(self, host, port)
         45 
         46     def open(self, host, port=993, timeout=None):
    
    ~/.pyenv/versions/3.9.1/lib/python3.9/imaplib.py in __init__(self, host, port, timeout)
        200         # Open socket to server.
        201 
    --> 202         self.open(host, port, timeout)
        203 
        204         try:
    
    ~/.pyenv/versions/3.9.1/envs/datasci/lib/python3.9/site-packages/imapclient/tls.py in open(self, host, port, timeout)
         50             (host, port), timeout if timeout is not None else self._timeout
         51         )
    ---> 52         self.sock = wrap_socket(sock, self.ssl_context, host)
         53         self.file = self.sock.makefile("rb")
         54 
    
    ~/.pyenv/versions/3.9.1/envs/datasci/lib/python3.9/site-packages/imapclient/tls.py in wrap_socket(sock, ssl_context, host)
         30         ssl_context = ssl.create_default_context(purpose=ssl.Purpose.CLIENT_AUTH)
         31 
    ---> 32     return ssl_context.wrap_socket(sock, server_hostname=host)
         33 
         34 
    
    ~/.pyenv/versions/3.9.1/lib/python3.9/ssl.py in wrap_socket(self, sock, server_side, do_handshake_on_connect, suppress_ragged_eofs, server_hostname, session)
        498         # SSLSocket class handles server_hostname encoding before it calls
        499         # ctx._wrap_socket()
    --> 500         return self.sslsocket_class._create(
        501             sock=sock,
        502             server_side=server_side,
    
    ~/.pyenv/versions/3.9.1/lib/python3.9/ssl.py in _create(cls, sock, server_side, do_handshake_on_connect, suppress_ragged_eofs, server_hostname, context, session)
       1038                         # non-blocking
       1039                         raise ValueError("do_handshake_on_connect should not be specified for non-blocking sockets")
    -> 1040                     self.do_handshake()
       1041             except (OSError, ValueError):
       1042                 self.close()
    
    ~/.pyenv/versions/3.9.1/lib/python3.9/ssl.py in do_handshake(self, block)
       1307             if timeout == 0.0 and block:
       1308                 self.settimeout(None)
    -> 1309             self._sslobj.do_handshake()
       1310         finally:
       1311             self.settimeout(timeout)
    
    SSLEOFError: EOF occurred in violation of protocol (_ssl.c:1123)
    
    In [3]: 
    
    

    OTOH, it really works for Emacs, but I meet some strange messages:

    $ mgraftcp --socks5 127.0.0.1:18889 /usr/local/bin/emacs
    

    Then run M-x multi-term RET in Emacs, the following info will be triggered:

    sudo: effective uid is not 0, is /usr/bin/sudo on a file system with the 'nosuid' option set or an NFS file system without root privileges?
    sudo: effective uid is not 0, is /usr/bin/sudo on a file system with the 'nosuid' option set or an NFS file system without root privileges?
    

    Any hints for these problems?

    Regards, HY

    opened by hongyi-zhao 6
  • make需要到github上下载依赖包

    make需要到github上下载依赖包

    系统版本声明: Rocky Linu8.4(Centos8.4) 大佬,这是个死循环啊.我是因为无法正常拉去强外包才来安装graftcp,现在安装graftcp又要从墙外拉取依赖包......

    make -C local VERSION=v0.5.0-beta.1 CC=gcc CXX=g++ AR=ar
    make[1]: 进入目录“/root/code/graftcp/local”
    go build -ldflags "-s -w -X main.version=v0.5.0-beta.1" ./cmd/graftcp-local
    go: github.com/jedisct1/[email protected]: Get "https://proxy.golang.org/github.com/jedisct1/dlog/@v/v0.0.0-20210101122416-354ffe815216.mod": dial tcp 142.251.43.17:443: connect: connection refused
    go: downloading github.com/jedisct1/dlog v0.0.0-20210101122416-354ffe815216
    go: downloading github.com/kardianos/service v1.2.0
    go: downloading golang.org/x/net v0.0.0-20210614182718-04defd469f4e
    go: github.com/jedisct1/[email protected]: Get "https://proxy.golang.org/github.com/jedisct1/dlog/@v/v0.0.0-20210101122416-354ffe815216.mod": dial tcp 142.251.43.17:443: connect: connection refused
    make[1]: *** [Makefile:28:graftcp-local] 错误 1
    make[1]: 离开目录“/root/code/graftcp/local”
    make: *** [Makefile:71:local/graftcp-local] 错误 2
    
    opened by omaidb 5
  • Proxy Password

    Proxy Password

    Is there a way to supply a username/password for a proxy? I did not see it documented. I tried username:[email protected] as proxy string. I also tried setting the SOCKS_USERNAME and SOCKS_PASSWORD environment variables.

    A search for "password" yields graftcp-local/http_proxy.go, but this should not work for a socks proxy? I am also not sure how it should be set for the http proxy.

    opened by kevin-stuart 5
  • graftcp go get -v这一步必须的么?

    graftcp go get -v这一步必须的么?

    1: git clone https://github.com/hmgle/graftcp.git cd graftcp make 后 graftcp位于当前源码目录,而graftcp-local出现在go/bin下;

    2: 通过 graftcp 安装来自 golang.org 的 Go 包: ./graftcp go get -v golang.org/x/net/proxy

    卡在这里了,如果跳过这步直接启用graftcp 好像某些能用有些不能用? graftcp wget 之类的能用,因为请求会出现在graftcp-local实时刷新的日志里 graftcp yum 之类的好像不能?graftcp-local实时刷新的日志里完全没有请求

    opened by wxlg1117 5
  • Hello, does graftcp support redirect traffic on android or iOS platform ? and UDP packets?

    Hello, does graftcp support redirect traffic on android or iOS platform ? and UDP packets?

    Is your feature request related to a problem? Please describe. A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]

    Describe the solution you'd like A clear and concise description of what you want to happen.

    Describe alternatives you've considered A clear and concise description of any alternative solutions or features you've considered.

    Additional context Add any other context or screenshots about the feature request here.

    opened by fuqiangleon 4
  • Why not merge local and graftcp?

    Why not merge local and graftcp?

    May I ask whether there is any concern on merging the graftcp-local and graftcp into one single binary?

    It seems strange to me if I just want to proxy one command but need to open another terminal for local to running.

    If it is already designed behavior which make merging in framework level a hard task, we can do it the simple way by spawn another thread inside go for local. Is this a valid solution?

    opened by chaoqing 4
  • 怎么个理论上能实现 mac os 版的 graftcp,DTrace 貌似只是个探针。

    怎么个理论上能实现 mac os 版的 graftcp,DTrace 貌似只是个探针。

    正如你所说,mac os 的 ptrace 是个半残品,也提到了理论上参考 DTrace 那一套也能实现,但是我简单了解了下 DTrace, 它并不能修改操纵被跟踪的程序,纯粹就是个探针。

    还请指教下,怎么个理论上能实现?我想躺这趟浑水。一直好奇 proxifier 是怎么在 mac os 里做到跟 graftcp 一样的效果。

    感谢你写的如此好的程序。

    macOS-support 
    opened by fanpei91 4
  • help: not support virtual machine

    help: not support virtual machine

    Describe the bug

    To Reproduce /etc/graftcp-local/graftcp-local.conf

    ## graftcp-local configuation
    
    ## Listen address (default ":2233")
    listen = :2233
    
    ## Write logs to file, to stdout if empty
    # logfile = graftcp-local.log
    
    ## Log level (0-6), 0: debug, 1: info, 2: notice, 3: warn, 4: error,
    ## 5: critical: 6: fatal
    loglevel = 0
    
    ## Pipe path for graftcp to send address info (default "/tmp/graftcplocal.fifo")
    # pipepath = /tmp/graftcplocal.fifo
    
    ## SOCKS5 address (default "127.0.0.1:1080")
    socks5 = 192.168.3.35:1089
    
    ## SOCKS5 proxy username (default "")
    # socks5_username = SOCKS5USERNAME
    
    ## SOCKS5 proxy password (default "")
    # socks5_password = SOCKS5PASSWORD
    
    ## HTTP proxy address (default "")
    http_proxy = 192.168.3.35:1088
    
    ## Set the mode for select a proxy (default "auto")
    ## "auto": select socks5 if socks5 is reachable, else HTTP proxy if HTTP proxy
    ##  is rechable, else direct.
    ## "random": select the reachable proxy randomly.
    ## "only_http_proxy": only use http proxy.
    ## "only_socks5": only use socks5 proxy.
    ## "direct": direct connect.
    select_proxy_mode = only_http_proxy
    
    ## Use the system logger (syslog on Unix, Event Log on Windows)
    # use_syslog = true
    

    以上配置proxy的地址保证没有问题,因为我通过执行http_proxy=192.168.3.35:1088 curl 'http://www.google.com'是可以访问到内容的

    启动graftcp-local后 /usr/bin/graftcp-local -config /etc/graftcp-local/graftcp-local.conf

    执行 graftcp wget 'http://www.google.com' 依然不能翻墙 graftcp bash 同样没有效果

    Expected behavior 能够翻墙

    日志 从日志看,DNS没有问题,每次执行对应一条Request PID日志,就是无法翻成功

    [email protected]:/home/whf/install# journalctl -f -u graftcp-local.service
    6月 23 07:28:32 u1 graftcp-local[35941]: [2022-06-23 07:28:32] [NOTICE] graftcp-local stop
    6月 23 07:28:32 u1 systemd[1]: Stopping Translate graftcp TCP to SOCKS5 or HTTP proxy...
    6月 23 07:28:32 u1 systemd[1]: graftcp-local.service: Deactivated successfully.
    6月 23 07:28:32 u1 systemd[1]: Stopped Translate graftcp TCP to SOCKS5 or HTTP proxy.
    6月 23 07:28:32 u1 systemd[1]: Started Translate graftcp TCP to SOCKS5 or HTTP proxy.
    6月 23 07:28:32 u1 graftcp-local[45674]: [2022-06-23 07:28:32] [NOTICE] graftcp-local start
    6月 23 07:28:32 u1 graftcp-local[45674]: [2022-06-23 07:28:32] [INFO] select_proxy_mode: only_http_proxy
    6月 23 07:28:32 u1 graftcp-local[45674]: [2022-06-23 07:28:32] [INFO] graftcp-local start listening :2233...
    6月 23 07:28:51 u1 graftcp-local[45674]: [2022-06-23 07:28:51] [INFO] Request PID: 45690, Source Addr: 127.0.0.1:46872, Dest Addr: 202.182.98.125:80
    6月 23 07:31:38 u1 graftcp-local[45674]: [2022-06-23 07:31:38] [INFO] Request PID: 45742, Source Addr: 127.0.0.1:46874, Dest Addr: 31.13.84.34:80
    6月 23 07:41:49 u1 graftcp-local[45674]: [2022-06-23 07:41:49] [INFO] Request PID: 46473, Source Addr: 127.0.0.1:46876, Dest Addr: 128.242.240.212:80
    6月 23 07:42:15 u1 graftcp-local[45674]: [2022-06-23 07:42:15] [INFO] Request PID: 46494, Source Addr: 127.0.0.1:46878, Dest Addr: 128.242.240.212:80
    

    Desktop (please complete the following information): 我用的windows下VMware虚拟机,虚拟机系统是Ubuntu 22.04,主机是intel nuc

    [email protected]:/home/whf# graftcp-local -version
    graftcp-local version v0.4
    [email protected]:/home/whf# graftcp -V
    graftcp v0.4
    

    安装途径: 通过下载编译好的二进制deb

    System:
      Host: u1 Kernel: 5.15.0-39-generic x86_64 bits: 64 Console: pty pts/4
        Distro: Ubuntu 22.04 (Jammy Jellyfish)
    Machine:
      Type: Vmware System: VMware product: VMware Virtual Platform v: N/A
        serial: VMware-56 4d b2 8e 0f d8 4a e7-51 fa a1 f5 22 67 b1
      Mobo: Intel model: 440BX Desktop Reference Platform serial: N/A BIOS: Phoenix v: 6.00
        date: 07/22/2020
    CPU:
      Info: 2x 1-core model: Intel Celeron J4005 bits: 64 type: SMP cache: L2: 2x 4 MiB (8 MiB)
      Speed (MHz): avg: 1997 min/max: N/A cores: 1: 1997 2: 1997
    Graphics:
      Device-1: VMware SVGA II Adapter driver: vmwgfx v: 2.19.0.0
      Display: server: X.org v: 1.21.1.3 with: Xwayland v: 22.1.1 driver: gpu: vmwgfx
        note:  X driver n/a tty: 148x44
      Message: GL data unavailable in console for root.
    Audio:
      Device-1: Ensoniq ES1371/ES1373 / Creative Labs CT2518 driver: snd_ens1371
      Sound Server-1: ALSA v: k5.15.0-39-generic running: yes
      Sound Server-2: PulseAudio v: 15.99.1 running: yes
      Sound Server-3: PipeWire v: 0.3.48 running: yes
    Network:
      Device-1: Intel 82371AB/EB/MB PIIX4 ACPI type: network bridge driver: N/A
      Device-2: Intel 82545EM Gigabit Ethernet driver: e1000
      IF: ens33 state: up speed: 1000 Mbps duplex: full mac: 00:0c:29:22:67:b1
    Bluetooth:
      Device-1: VMware Virtual Bluetooth Adapter type: USB driver: btusb
      Report: hciconfig ID: hci0 state: up address: 14:85:7F:80:95:89
    Drives:
      Local Storage: total: 20 GiB used: 11.83 GiB (59.2%)
      ID-1: /dev/sda vendor: VMware model: Virtual S size: 20 GiB
    Partition:
      ID-1: / size: 19.02 GiB used: 11.83 GiB (62.2%) fs: ext4 dev: /dev/sda3
      ID-2: /boot/efi size: 512 MiB used: 5.2 MiB (1.0%) fs: vfat dev: /dev/sda2
    Swap:
      Alert: No swap data was found.
    Sensors:
      Message: No sensor data found. Is lm-sensors configured?
    Info:
      Processes: 323 Uptime: 23h 52m Memory: 3.8 GiB used: 1.78 GiB (47.0%) Init: systemd runlevel: 5
      Shell: Bash inxi: 3.3.13
    
    opened by wyzssw 3
  • mgraftcp doesn't pick up the http_proxy at all.

    mgraftcp doesn't pick up the http_proxy at all.

    On Ubuntu 20.04, I try to test the mgraftcp with a local http proxy, but it seems that it doesn't use the proxy at all:

    $ ./local/mgraftcp --version
    mgraftcp version v0.4.0-2-ge6daf52
    $ ./local/mgraftcp --enable-debug-log --http_proxy 127.0.0.1:8080 curl -Ivs www.google.com -o /dev/null
    [2021-08-11 16:37:18] [INFO] graftcp-local start listening :0...
    *   Trying 172.217.24.4:80...
    * TCP_NODELAY set
    * Connected to www.google.com (127.0.0.1) port 80 (#0)
    > HEAD / HTTP/1.1
    > Host: www.google.com
    > User-Agent: curl/7.68.0
    > Accept: */*
    > 
    [2021-08-11 16:37:18] [INFO] Request PID: 1902024, Source Addr: 127.0.0.1:53722, Dest Addr: 172.217.24.4:80
    ^C
    

    At the same time, no traffic is observed on the proxy port:

    $ sudo tcpdump -i any port 8080

    But it works well with the socks5 proxy.

    Any hints for this problem?

    Regards, HY

    opened by hongyi-zhao 3
  • Replacement for redsocks

    Replacement for redsocks

    When trying to run a program with Wine I'm getting the an error saying: could not connect to 192.168.11.150:2081. So I started to look for a way to get it to connect. I started by finding Running World of Warcraft (or any application in Wine) through a SOCKS Proxy Server

    That brought me to looking at redrocks but, redrocks hasn't been updated in 4 years! As such I'd like to know if graftcp can act as a replacement. There is some configuration at the top of the article I'm not sure how I'd do that in graftcp.

    I look forward to looking into the use of graftcp.

    opened by whitequill 1
  • graftcp 不支持端口扫描吗

    graftcp 不支持端口扫描吗

    以下是用proxychains4和graftcp使用nmap进行端口扫描的结果

    graftcp结果显示 全部端口打开

    graftcp nmap -Pn -sT -top-ports 5 172.16.0.1
    Host discovery disabled (-Pn). All addresses will be marked 'up' and scan times will be slower.
    Starting Nmap 7.91 ( https://nmap.org ) at 2021-06-14 11:26 CST
    Nmap scan report for 172.16.0.1
    Host is up (0.0013s latency).
    
    PORT    STATE SERVICE
    21/tcp  open  ftp
    22/tcp  open  ssh
    23/tcp  open  telnet
    80/tcp  open  http
    443/tcp open  https
    
    Nmap done: 1 IP address (1 host up) scanned in 0.68 seconds
    

    graftcp-local的设置是

    graftcp-local -socks5 127.0.0.1:10808 -select_proxy_mode only_socks5
    

    proxychains4结果

    pc4 nmap -Pn -sT -top-ports 5 172.16.0.1
    [proxychains] config file found: /home/ahao/.proxychains/proxychains.conf
    [proxychains] preloading /usr/lib/libproxychains4.so
    Host discovery disabled (-Pn). All addresses will be marked 'up' and scan times will be slower.
    Starting Nmap 7.91 ( https://nmap.org ) at 2021-06-14 11:26 CST
    Nmap scan report for 172.16.0.1
    Host is up (0.094s latency).
    
    PORT    STATE  SERVICE
    21/tcp  closed ftp
    22/tcp  closed ssh
    23/tcp  open   telnet
    80/tcp  open   http
    443/tcp open   https
    
    Nmap done: 1 IP address (1 host up) scanned in 0.65 seconds
    
    opened by freeAhao 5
  • Update README.md

    Update README.md

    Your piece of work are brilliant! and wish it more popular and help more engineers.

    However I need more detailed guide to use it. I am a newbie, with little knowledge in proxy, network and OS. I believe most of people would benefit from detailed doc. I can use proxychains, simply because it doc is easy to follow.

    More details in the readme doc would help newbies like me a lot. Excellent documents make it easy to use for many more people.

    1. Add Golang snap installation guides. Snap download is very slow in China(10-20KB/s), might take one day to download. with snap proxy installed, increased to 900KB/s in my case, that is good, installation will be done in minutes.
    2. conf file template should be included. please refer proxychains.
    3. I put ? near statement I am not sure. Please correct it. I know little about proxy.

    Thank you and keep improve it. admire your talents.

    opened by wangyubow 4
  • proxy mode issue

    proxy mode issue

    Can I choose a proxy mode like proxychain-ng?such as: random_chain :Random use of proxy from a proxy list dynamic_chain:Automatically select available proxy according to the order of the proxy list

    opened by pharaohW 1
Releases(v0.4.0)
Owner
mingang.he
mingang.he
Pushpin is a reverse proxy server written in C++ that makes it easy to implement WebSocket, HTTP streaming, and HTTP long-polling services.

Pushpin is a reverse proxy server written in C++ that makes it easy to implement WebSocket, HTTP streaming, and HTTP long-polling services. The project is unique among realtime push solutions in that it is designed to address the needs of API creators. Pushpin is transparent to clients and integrates easily into an API stack.

Fanout 3.1k Jun 22, 2022
Windows named pipe server that forwards connections to given TCP server

PipeTcp An asynchronous Windows named pipe server that forwards connections to given TCP server. Pre-built binaries can be found in Releases. Invocati

Jinoh Kang 4 May 23, 2022
H2O - the optimized HTTP/1, HTTP/2, HTTP/3 server

H2O - an optimized HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3 (experimental) Copyright (c) 2014-2019 DeNA Co., Ltd., Kazuho Oku, Tatsuhi

H2O 10k Jun 25, 2022
HevSocks5Core is a simple, lightweight socks5 library

A simple, lightweight socks5 library. (IPv4/IPv6/TCP/UDP/Client/Server)

hev 16 May 22, 2022
Experiments in Go/C bridging and SOCKS5 server

Experiment: Loadable socks5 proxy via CGo/C bridge. Build Pre-requisites gcc: x86_64-w64-mingw32 e.g: chocolatey.exe install mingw Compilation Build

D.Snezhkov 8 Nov 15, 2021
The BNG Blaster is a test tool to simulate thousands of PPPoE or IPoE subscribers including IPTV, traffic verification and convergence testing capabilities.

RtBrick BNG Blaster The BNG Blaster is a test tool to simulate thousands of PPPoE or IPoE subscribers including IPTV, traffic verification and converg

RtBrick 89 Jun 3, 2022
Phorklift is an HTTP server and proxy daemon, with clear, powerful and dynamic configuration.

Phorklift is an HTTP server and proxy daemon, with clear, powerful and dynamic configuration.

null 43 Mar 1, 2022
A Tcp/Ip stack implementation on top of Solarflare ef_vi, and a C++ headers only framework for tcp multiplexing client/server.

Efvitcp Efvitcp is a tcp library using Solarflare ef_vi interface on linux, and also a tcp multiplexing framework for both C++ client and server progr

Meng Rao 17 Jun 9, 2022
an easy implementation of a multi-process tcp server and a multi-thread tcp client

一个TCP多进程服务器-多线程客户端的简单实现。 客户端类似Apache ab的测试功能,能够通过向某一个ip端口发送指定并发量和总数量的tcp短连接;服务端处理tcp短连接,每来一条消息就打印一条log。 使用cmake编译,建议在vscode里编译,或者命令行 # 终端进入目录 mkdir bu

adin 1 Nov 28, 2021
Small utility that leverages eBPF to dump the traffic of a unix domain socket

UnixDump UnixDump is a small eBPF powered utility that can be used to dump unix socket traffic. System requirements This project was developed on a Ub

Guillaume Fournier 5 Dec 1, 2021
Ultra fast and low latency asynchronous socket server & client C++ library with support TCP, SSL, UDP, HTTP, HTTPS, WebSocket protocols and 10K connections problem solution

CppServer Ultra fast and low latency asynchronous socket server & client C++ library with support TCP, SSL, UDP, HTTP, HTTPS, WebSocket protocols and

Ivan Shynkarenka 848 Jun 26, 2022
A modern C++ network library for developing high performance network services in TCP/UDP/HTTP protocols.

evpp Introduction 中文说明 evpp is a modern C++ network library for developing high performance network services using TCP/UDP/HTTP protocols. evpp provid

Qihoo 360 3k Jun 27, 2022
Mongoose Embedded Web Server Library - a multi-protocol embedded networking library with TCP/UDP, HTTP, WebSocket, MQTT built-in protocols, async DNS resolver, and non-blocking API.

Mongoose - Embedded Web Server / Embedded Networking Library Mongoose is a networking library for C/C++. It implements event-driven non-blocking APIs

Cesanta Software 8.5k Jun 29, 2022
Asynchronous, Header-only C++ HTTP-over-(TCP|UNIX Socket|STDIO) Library

CXXHTTP A C++ library implementing an asynchronous HTTP server and client. To clone this library, make sure you also clone the submodules. The --recur

null 25 Mar 19, 2021
Simple embeddable C++11 async tcp,http and websocket serving.

net11 Simple embeddable C++11 async tcp,http and websocket serving. What is it? An easily embeddable C++11 networking library designed to make buildin

Jonas Lund 9 Mar 28, 2020
tiny HTTP parser written in C (used in HTTP::Parser::XS et al.)

PicoHTTPParser Copyright (c) 2009-2014 Kazuho Oku, Tokuhiro Matsuno, Daisuke Murase, Shigeo Mitsunari PicoHTTPParser is a tiny, primitive, fast HTTP r

H2O 1.5k Jun 22, 2022
A collection of C++ HTTP libraries including an easy to use HTTP server.

Proxygen: Facebook's C++ HTTP Libraries This project comprises the core C++ HTTP abstractions used at Facebook. Internally, it is used as the basis fo

Facebook 7.5k Jun 25, 2022
cuehttp is a modern c++ middleware framework for http(http/https)/websocket(ws/wss).

cuehttp 简介 cuehttp是一个使用Modern C++(C++17)编写的跨平台、高性能、易用的HTTP/WebSocket框架。基于中间件模式可以方便、高效、优雅的增加功能。cuehttp基于boost.asio开发,使用picohttpparser进行HTTP协议解析。内部依赖了nl

xcyl 25 Jun 21, 2022
Gromox - Groupware server backend with MAPI/HTTP, RPC/HTTP, IMAP, POP3 and PHP-MAPI support for grommunio

Gromox is the central groupware server component of grommunio. It is capable of serving as a replacement for Microsoft Exchange and compatibles. Conne

grommunio 119 Jun 27, 2022