A small TCP proxy written in Go

Related tags

Network go-tcp-proxy
Overview

tcp-proxy

A small TCP proxy written in Go

This project was intended for debugging text-based protocols. The next version will address binary protocols.

Install

Binaries

Download the latest release, or

Install latest release now with curl https://i.jpillora.com/go-tcp-proxy! | bash

Source

$ go get -v github.com/jpillora/go-tcp-proxy/cmd/tcp-proxy

Usage

$ tcp-proxy --help
Usage of tcp-proxy:
  -c: output ansi colors
  -h: output hex
  -l="localhost:9999": local address
  -n: disable nagles algorithm
  -r="localhost:80": remote address
  -match="": match regex (in the form 'regex')
  -replace="": replace regex (in the form 'regex~replacer')
  -v: display server actions
  -vv: display server actions and all tcp data

Note: Regex match and replace only works on text strings and does NOT work across packet boundaries

Simple Example

Since HTTP runs over TCP, we can also use tcp-proxy as a primitive HTTP proxy:

$ tcp-proxy -r echo.jpillora.com:80
Proxying from localhost:9999 to echo.jpillora.com:80

Then test with curl:

$ curl -H 'Host: echo.jpillora.com' localhost:9999/foo
{
  "method": "GET",
  "url": "/foo"
  ...
}

Match Example

$ tcp-proxy -r echo.jpillora.com:80 -match 'Host: (.+)'
Proxying from localhost:9999 to echo.jpillora.com:80
Matching Host: (.+)

#run curl again...

Connection #001 Match #1: Host: echo.jpillora.com

Replace Example

$ tcp-proxy -r echo.jpillora.com:80 -replace '"ip": "([^"]+)"~"ip": "REDACTED"'
Proxying from localhost:9999 to echo.jpillora.com:80
Replacing "ip": "([^"]+)" with "ip": "REDACTED"
#run curl again...
{
  "ip": "REDACTED",
  ...

Note: The -replace option is in the form regex~replacer. Where replacer may contain $N to substitute in group N.

Todo

  • Implement tcpproxy.Conn which provides accounting and hooks into the underlying net.Conn
  • Verify wire protocols by providing encoding.BinaryUnmarshaler to a tcpproxy.Conn
  • Modify wire protocols by also providing a map function
  • Implement SOCKS v5 to allow for user-decided remote addresses
Issues
  • Understanding your project

    Understanding your project

    When you say it proxies from localadd to remoteadd, what does that mean? Does that mean, the request to localadd is proxied through the remoteadd ? If so what is the use case for something like this ?

    Thanks

    opened by vodman84 2
  • Cannot print imap commands

    Cannot print imap commands

    I use it to redirect imap ssl connections, but I the buffer cannot printed correctly, what's the reason ? tks. go-tcp-proxy -l localhost:993 -r imap.gmail.com:993 -vv

    opened by xmkevin 1
  • Fix for deadlock on errsig

    Fix for deadlock on errsig

    Remote connection error report (p.err("Remote connection failed: %s", err)) blocks on errsig channel that is not actively read at this time. As a side effect proxy keeps open sockets for incoming connections and leaks resources not terminating goroutine handling client session.

    opened by mpodanow 1
  • Allow unwrapping TLS connections, fix README, and connect the -vv flag

    Allow unwrapping TLS connections, fix README, and connect the -vv flag

    @lumanetworks, I wanted to proxy a TLS connection and be able to run some replaces, so I did this quick Pull Request.

    I tried to keep the changes to the minimum to keep a small PR.

    Let me know if you want any changes.

    opened by ernesto-jimenez 1
  • Refactor to package

    Refactor to package

    This should have the command behave the same, except you now need to run it like: go run cmd/tcp-proxy/main.go. But now you can also import and use this as a package, with all the stuff that are cmdline args in the program as parameters and settings on an instance of a Proxy struct (with sane defaults). Otherwise the behavior (and the meat of the code) is unchanged.

    package some-other-project
    
    import "github.com/lumanetworks/go-tcp-proxy"
    
    func Yay(localConnection *net.TCPConn, localAddress, remoteAddress *net.TCPAddr) {
        p := proxy.New(localConnection, localAddress, remoteAddress)
        p.Log.Color = true
        p.Nagles = true
        p.Matcher = myMatcher
    
        p.Start()
    }
    

    Changes:

    • split the terminal related stuff (cmdline args, input, output) into a main file, outside the main package
    • put the Proxy struct into a package so external users can use it directly
    • set options that affect a Proxy instance on the struct, so they're not globals, and work for third party usage
    • split logging into an interface and a struct that implements it, so external users can pass in their own to control output
    • unify all output through loggers
    opened by heewa 1
  • LICENSE file is missing

    LICENSE file is missing

    The license is declared in the README.md file but this is hard for program to find. We use tcp-proxy in our test and want to generate the CREDITS file using gocredits but it wails to find the LICENSE of this repository. Adding the file helps both the users of gocredits and also GitHub. Please refer to Adding a license to a repository.

    no LICENSE files found in "~/.share/go/pkg/mod/github.com/jpillora/[email protected]"
    
    opened by itchyny 0
  • add LICENSE file

    add LICENSE file

    Would you please add a LICENSE file so that we can easily collect LICENSE files of the libraries we use (parsing README.md from a code is full of pain you know)? Also please refer to https://help.github.com/en/articles/adding-a-license-to-a-repository.

    opened by itchyny 0
  • SetNoDelay is the default?

    SetNoDelay is the default?

    All the double-negatives are a little difficult to unpack but I think the -n flag and: https://github.com/jpillora/go-tcp-proxy/blob/master/proxy.go#L76 is not doing anything because SetNoDelay(true) is the default: https://pkg.go.dev/net#TCPConn.SetNoDelay

    opened by redthor 1
  • Port Mirroring

    Port Mirroring

    I need a proxy to imitate a port mirroring (SPAN) that will be used for a logging. There is some NGINX module http://nginx.org/en/docs/http/ngx_http_mirror_module.html but it mirrors only requests. For my case I need responses from the remote too. Here I patched your proxy and hope this may be useful to add as a fature

    opened by stokito 1
  • reverse proxy

    reverse proxy

    is it possible to use this as a reverse proxy? For example have a webserver locally, but make it available from the cloud. Something like ngrok is doing.

    opened by cedricve 1
  • how do u get the real ip of the originating ip from a reverse proxy?

    how do u get the real ip of the originating ip from a reverse proxy?

    e.g. [client] -> [tcp proxy] -> [https terminator] <== this one gets 127.0.0.1 because tcp proxy is 127.0.0.1. how to get the ip of the client?

    question 
    opened by gitmko0 2
  • Add a simple retry to re-resolve the DNS host if the IP address has changed [ Feedback Required ]

    Add a simple retry to re-resolve the DNS host if the IP address has changed [ Feedback Required ]

    Here is the testing output.

    After the target IP address changes and the DNS record is updated, we retry the net.ResolveTCPAddr:

    Connection #001 Closed (10109150 bytes sent, 9 bytes recieved)
    Connection #002 Remote connection failed: dial tcp 172.18.0.31:6379: connect: no route to host, retry DNS resolution
    Connection #002 Opened 0.0.0.0:6379 >>> 172.18.0.33:6379
    Connection #002 >>> 20 bytes sent
    ...
    

    After the remote host is stopped, we just return the failure but the go routine keeps running the same as previous failure:

    Connection #002 Closed (10109150 bytes sent, 9 bytes recieved)
    Connection #003 Remote connection failed: dial tcp 172.18.0.31:6379: connect: no route to host, retry DNS resolution
    Connection #003 Remote connection failed: lookup redis-primary on 127.0.0.11:53: no such host
    

    After the host returns again on the same IP:

    Connection #002 Closed (10109150 bytes sent, 9 bytes recieved)
    Connection #003 Remote connection failed: dial tcp 172.18.0.31:6379: connect: no route to host, retry DNS resolution
    Connection #003 Remote connection failed: lookup redis-primary on 127.0.0.11:53: no such host
    Connection #004 Remote connection failed: dial tcp 172.18.0.31:6379: connect: no route to host, retry DNS resolution
    Connection #004 Opened 0.0.0.0:6379 >>> 172.18.0.33:6379
    Connection #004 >>> 20 bytes sent
    ...
    

    Problems with this PR

    I believe because the Start function references a pointer to the proxy struct, when we set the new IP address after resolving the new name, any future session will be still using the old IP first. Any ideas on circumventing this would be appreciated.

    opened by berglh 2
Owner
Jaime Pillora
Jaime Pillora
Tcp-proxy - A dead simple reverse proxy server.

tcp-proxy A proxy that forwords from a host to another. Building go build -ldflags="-X 'main.Version=$(git describe --tags $(git rev-list --tags --max

Injamul Mohammad Mollah 0 Jan 2, 2022
Proxy - Minimalistic TCP relay proxy.

Proxy Minimalistic TCP relay proxy. Installation ensure you have go >= 1.17 installed clone the repo cd proxy go install main.go Examples Listen on po

null 1 May 22, 2022
TcpRoute , TCP 层的路由器。对于 TCP 连接自动从多个线路(电信、联通、移动)、多个域名解析结果中选择最优线路。

TcpRoute2 TcpRoute , TCP 层的路由器。对于 TCP 连接自动从多个线路(允许任意嵌套)、多个域名解析结果中选择最优线路。 TcpRoute 使用激进的选路策略,对 DNS 解析获得的多个IP同时尝试连接,同时使用多个线路进行连接,最终使用最快建立的连接。支持 TcpRoute

GameXG 853 Aug 10, 2022
Multiplexer over TCP. Useful if target server only allows you to create limited tcp connections concurrently.

tcp-multiplexer Use it in front of target server and let your client programs connect it, if target server only allows you to create limited tcp conne

许嘉华 3 May 27, 2021
TCP output for beats to send events over TCP socket.

beats-tcp-output How To Use Clone this project to elastic/beats/libbeat/output/ Modify elastic/beats/libbeat/publisher/includes/includes.go : // add i

ichx 1 May 20, 2022
Tcp chat go - Create tcp chat in golang

TCP chat in GO libs Go net package and goroutines and channels tcp tcp or transm

amirbahador 0 Feb 5, 2022
Small TCP benchmarking tool in Go-lang

Simple TCP benchmark tool in Go =============================== This package provides simple command line tool to benchmark number of concurrent TCP

Kris Kovalik 14 Aug 16, 2021
TCP proxy, highjacks HTTP to allow CORS

portproxy A shitty TCP proxy that relays all requests to a local port to a remote server. portproxy -port 8080 -raddr google.com:80 Will proxy all TC

Antoine Grondin 50 May 5, 2022
:alarm_clock: :fire: A TCP proxy to simulate network and system conditions for chaos and resiliency testing

Toxiproxy Toxiproxy is a framework for simulating network conditions. It's made specifically to work in testing, CI and development environments, supp

Shopify 8.4k Aug 4, 2022
Mutual TLS encryption TCP proxy with golang

mtls-tcp-proxy Mutual Authentication TLS encryption TCP proxy with golang Why? I created this because of sometimes, it is not possible for us to estab

Habibie Faried 2 Jul 23, 2022
A TCP proxy used to expose services onto a tailscale network without root. Ideal for container environments.

tailscale-sidecar This is barely tested software, I don't guarantee it works but please make an issue if you use it and find a bug. Pull requests are

Mark Pashmfouroush 88 Jul 30, 2022
Super simple tcp intranet penetration proxy program

A super easy to configure tcp intranet penetration proxy program that forwards intranet tcp ports to public network servers. Tested proxies for intranet HTTP services, windows remote desktop, ssh access and other scenarios.

null 14 Jun 29, 2022
Toxiproxy - A TCP proxy to simulate network and system conditions for chaos and resiliency testing

Toxiproxy is a framework for simulating network conditions. It's made specifically to work in testing, CI and development environments, supp

Shopify 6.7k Nov 3, 2021
A simple proxy to work with tcp connection

Proxy It is simple proxy to work with tcp connection HTTP TCP Getting Started pr

Altynbek Kaliakbarov 0 Dec 16, 2021
Charmedring - A smart TCP proxy to replicate and backup Charm FS files

Charmed ?? Ring A smart TCP proxy to replicate and backup Charm FS files. Overvi

Sergio Rubio 3 Jan 2, 2022
Simple TCP proxy to visualise NATS client/server traffic

NATS uses a simple publish/subscribe style plain-text protocol to communicate between a NATS Server and its clients. Whilst this connection should remain opaque to the user, it can be quite handy to see the data being passed from time to time - this tool does just that (it also saves me loading Wireshark and filtering the NATS traffic).

Joseph Woodward 0 Jan 15, 2022
Websockify-go - A reverse proxy that support tcp, http, https, and the most important, noVNC, which makes it a websockify

websockify-go | mproxy a reverse proxy that support tcp, http, https, and the mo

null 2 Mar 19, 2022
“Dear Port80” is a zero-config TCP proxy server that hides SSH connection behind a HTTP server!

Dear Port80 About The Project: “Dear Port80” is a zero-config TCP proxy server that hides SSH connection behind a HTTP server! +---------------------

Abbas Gheydi 6 Jun 29, 2022