wssocks

socks5 over websocket.

wssocks can proxy TCP and UDP(not implemented currently) connections via socks5. But the socks5 data is wrapped in websockets and then sent to server.

Features

• Transfer data through firewalls
  In some network environment, due to the restricts of firewalls, only http(s)/websocket is allowed. wssocks is mainly useful for passing through firewalls. We can access the inner netwrok (such as ssh) behind the firewalls via socks protocol wrapped in websockets.
• High performance
  wssocks only create one TCP connection (websocket) per client to handle multiple socks5 connections, which achieves much higher performance.
• Easy to use
  No configures, no dependences, just a single executable including client and server.

Build and install

cd status-web; yarn install; yarn build; cd ../
go get -u github.com/rakyll/statik
cd cmd/server; statik --src=../../status-web/build/; cd ../../
go build
go install

You can also download it from release page.

Quick start

server side

wssocks server --addr :1088

client side

wssocks client --addr :1080 --remote ws://example.com:1088
# using ssh to connect to example.com which may be behind firewalls.
ssh -o ProxyCommand='nc -x 127.0.0.1:1080 %h %p' [email protected] 

And set your socks5 server address as :1080 in your socks5 client (such as proxifier or proxy setting in mac's network preferences) if you need to use socks5 proxy in more situations, not only ssh in terminal.

Advanced usage

enable http and https proxy

You can also enable http and https proxy by --http option(in client side) if http(s) proxy in server side is enabled:

# client siede
wssocks client --addr :1080 --remote ws://example.com:1088 --http

The http proxy listen address is specified by --http-addr in client side (default value is :1086), and https proxy listen address is the same as socks5 proxy listen address(specified by --addr option).

Then you can set server address of http and https proxy as :1080 in your http(s) proxy client (e.g. mac's network preferences).

note: http(s) proxy is enabled by default in server side, you can disable it in server side by wssocks server --addr :1088 --http=false .

Connection key

In some cases, you don't want anyone to connect to your wssocks server. You can use connection key to prevent the clients who don't have correct connection authentication.
At server side, just enable flag --auth, e.g.:

wssocks server --addr :1088 --auth

Then it will generate a random connection key. You can also specific a customized connection key via flag --auth_key.
At client side, connect to wssocks server via the connection key:

wssocks client --remote ws://example.com:1088 --key YOUR_CONNECTION_KEY

TSL/SSL support

Method 1: In version 0.5.0, transfering data between wssocks client and wssocks server under TSL/SSL protocol is supported.

At server side, use --tsl flag to enable TSL/SSL support, and specific path of certificate via --tls-cert-file and --tls-key-file. e.g.

wssocks server --addr :1088 --tsl --tls-cert-file /path/of/certificate-file --tls-key-file /path/of/certificate-key-file

At client side, we can then use wss://example.com:1088 as remote address, for instance.

Method 2: Use nginx reverse proxy, enable ssl and specific certificate file and certificate key file in nginx config. For more information, see issue #11).

Server status

In version 0.5.0, we can enable statue page of server by passing --status flag at server side (status page is disabled by default).
Then, you can get server status in your browser of client side, by visiting http://example.com:1088/status (where example.com:1088 is the address of wssocks server).

Help

wssocks --help
wssocks client --help
wssocks server --help