19 stable releases (4 major)
4.2.1 | Sep 20, 2024 |
---|---|
4.1.6 | Oct 25, 2021 |
4.1.5 | Aug 31, 2021 |
4.1.3 | Apr 19, 2021 |
0.1.0 | Feb 24, 2021 |
#111 in Network programming
27KB
482 lines
cproxy
can redirect TCP and UDP traffic made by a program to a proxy, without requiring the program supporting a
proxy.
What you can achieve with cproxy
: All the things listed on for
example V2Ray Guide, including advanced configurations like reverse proxy
for NAT traversal, and you can apply different proxy on different applications.
Compared to many existing complicated transparent proxy setup, cproxy
usage is as easy as proxychains
, but
unlike proxychains
, it works on any program (including static linked Go programs) and redirects DNS requests.
Note: The proxy used by cproxy
should be a transparent proxy port (such as V2Ray's dokodemo-door
inbound and
shadowsocks ss-redir
). A good news is that even if you only have a SOCKS5 or HTTP proxy, there are tools that can
convert it to a transparent proxy for you (for example, transocks
, ipt2socks and ip2socks-go).
Installation
You can install by downloading the binary from the release page or
install with cargo
:
cargo install cproxy
Here's a oneliner that downloads the latest release and put it in your /usr/local/bin/
:
curl -s https://api.github.com/repos/NOBLES5E/cproxy/releases/latest | grep "browser_download_url.*x86_64-unknown-linux-musl.zip" | cut -d : -f 2,3 | tr -d \" | wget -qi - -O /tmp/cproxy.zip && unzip -j /tmp/cproxy.zip cproxy -d /tmp && sudo mv /tmp/cproxy /usr/local/bin/ && sudo chmod +x /usr/local/bin/cproxy && rm /tmp/cproxy.zip
Usage
Simple usage: just like proxychains
You can launch a new program with cproxy
with:
sudo cproxy --port <destination-local-port> -- <your-program> --arg1 --arg2 ...
All TCP connections requests will be proxied. If your local transparent proxy support DNS address overriding, you can
also redirect DNS traffic with --redirect-dns
:
sudo cproxy --port <destination-local-port> --redirect-dns -- <your-program> --arg1 --arg2 ...
For an example setup, see wiki.
Simple usage: use iptables tproxy
If your system support tproxy
, you can use tproxy
with --mode tproxy
:
sudo cproxy --port <destination-local-port> --mode tproxy -- <your-program> --arg1 --arg2 ...
# or for existing process
sudo cproxy --port <destination-local-port> --mode tproxy --pid <existing-process-pid>
With --mode tproxy
, there are several differences:
- All UDP traffic are proxied instead of only DNS UDP traffic to port 53.
- Your V2Ray or shadowsocks service should have
tproxy
enabled on the inbound port. For V2Ray, you need"tproxy": "tproxy"
as in V2Ray Documentation. For shadowsocks, you need-u
as shown in shadowsocks manpage.
An example setup can be found here.
Note that when you are using the tproxy
mode, you can override the DNS server address
with cproxy --mode tproxy --override-dns <your-dns-server-addr> ...
. This is useful when you want to use a different
DNS server for a specific application.
Advanced usage: proxy an existing process
With cproxy
, you can even proxy an existing process. This is very handy when you want to proxy existing system
services such as docker
. To do this, just run
sudo cproxy --port <destination-local-port> --pid <existing-process-pid>
The target process will be proxied as long as this cproxy
command is running. You can press Ctrl-C to stop proxying.
Advanced usage: debug a program's network activity with iptables LOG target
With cproxy
, you can easily debug a program's traffic in netfilter. Just run the program with
sudo cproxy --mode trace <your-program>
You will be able to see log in dmesg
. Note that this requires a recent enough kernel and iptables.
How does it work?
cproxy
creates a unique cgroup
for the proxied program, and redirect its traffic with packet rules.
Limitations
cproxy
requires root access to modifycgroup
.- Currently only tested on Linux.
Similar projects
There are some awesome existing work:
- graftcp: work on most programs, but cannot proxy UDP (such as DNS)
requests.
graftcp
also has performance hit on the underlying program, since it usesptrace
. - proxychains: easy to use, but not working on static linked programs (such as Go programs).
- proxychains-ng: similar to proxychains.
- cgproxy:
cgproxy
also uses cgroup to do transparent proxy, and the idea is similar tocproxy
's. There are some differences in UX and system requirements:cgproxy
requires systemcgroup
v2 support, whilecproxy
works with both v1 and v2.cgproxy
requires a background daemon processcgproxyd
running, whilecproxy
does not.cgproxy
requirestproxy
, which is optional incproxy
.cgproxy
can be used to do global proxy, whilecproxy
does not intended to support global proxy.
Dependencies
~11–21MB
~287K SLoC