A lightweight, pure Go implementation of SOCKS4, SOCKS4a, and SOCKS5 protocols, providing both client and server support with advanced features like proxy chaining and multi-protocol muxing.
- π Full SOCKS support: SOCKS4, SOCKS4a, and SOCKS5
- π Multi-protocol mux: Handle both SOCKS4 and SOCKS5 on the same port
- βοΈ Proxy chaining: Chain multiple SOCKS proxies together
- π Authentication: Support for no-auth, username/password, and GSSAPI
- ποΈ Customizable handlers: Implement custom authentication and request handling
- π‘ Command support: CONNECT, BIND, RESOLVE, and UDP ASSOCIATE
- π High performance: Efficient connection handling and minimal allocations
go get github.com/33TU/sockspackage main
import (
"context"
"log"
"github.com/33TU/socks/socks5"
)
func main() {
handler := &socks5.BaseServerHandler{
AllowConnect: true,
AllowBind: true,
AllowUDPAssociate: true,
AllowResolve: true,
}
log.Println("SOCKS5 server listening on :1080")
if err := socks5.ListenAndServe(context.Background(), "tcp", ":1080", handler); err != nil {
log.Fatal(err)
}
}package main
import (
"context"
"log"
"github.com/33TU/socks/proxy"
"github.com/33TU/socks/socks4"
"github.com/33TU/socks/socks5"
)
func main() {
handler := &proxy.ServerHandler{
Socks4: socks4.DefaultServerHandler,
Socks5: socks5.DefaultServerHandler,
}
log.Println("SOCKS4+5 mux server listening on :1080")
if err := proxy.ListenAndServe(context.Background(), "tcp", ":1080", handler); err != nil {
log.Fatal(err)
}
}package main
import (
"context"
"fmt"
"io"
"net/http"
"github.com/33TU/socks/socks5"
)
func main() {
dialer := &socks5.Dialer{
ProxyAddr: "127.0.0.1:1080",
}
httpClient := &http.Client{
Transport: &http.Transport{
DialContext: dialer.DialContext,
},
}
resp, err := httpClient.Get("http://httpbin.org/ip")
if err != nil {
panic(err)
}
defer resp.Body.Close()
body, _ := io.ReadAll(resp.Body)
fmt.Println(string(body))
}Chain multiple SOCKS proxies for enhanced anonymity:
package main
import (
"context"
"github.com/33TU/socks/chain"
"github.com/33TU/socks/socks4"
"github.com/33TU/socks/socks5"
)
func main() {
dialer, err := chain.New(
&socks4.Dialer{ProxyAddr: "127.0.0.1:1081"},
&socks5.Dialer{ProxyAddr: "127.0.0.1:1082"},
)
if err != nil {
panic(err)
}
conn, err := dialer.DialContext(context.Background(), "tcp", "httpbin.org:443")
if err != nil {
panic(err)
}
defer conn.Close()
}type CustomHandler struct{}
func (h *CustomHandler) OnAccept(ctx context.Context, conn net.Conn) error {
return nil
}
func (h *CustomHandler) OnAuthUserPass(ctx context.Context, conn net.Conn, username, password string) error {
if username == "admin" && password == "secret" {
return nil
}
return errors.New("invalid credentials")
}
func (h *CustomHandler) OnRequest(ctx context.Context, conn net.Conn, req *socks5.Request) error {
if req.Command != socks5.CmdConnect {
return errors.New("only CONNECT command is supported")
}
return c.OnConnect(ctx, conn, req)
}Run server:
go run examples/socks5/main.goRun client:
go run examples/socks5-udp-associate/main.goExample output:
SOCKS5 UDP ready
Sent DNS query
Received bytes: 44
Response from: 0.1.0.1:53
Payload size: 44
DNS raw (first 32 bytes): 12348180000100010000000006676f6f676c6503636f6d0000010001c00c0001
package main
import (
"context"
"fmt"
"net"
"time"
"github.com/33TU/socks/socks5"
)
func main() {
d := socks5.NewDialer("127.0.0.1:1080", nil, nil)
// 1. Get PacketConn (this does UDP ASSOCIATE internally)
pc, err := d.ListenPacket(context.Background(), "tcp", nil)
if err != nil {
panic(err)
}
defer pc.Close()
fmt.Println("SOCKS5 UDP ready")
// Optional: timeout so Read doesn't hang forever
pc.SetDeadline(time.Now().Add(5 * time.Second))
// 2. DNS query (google.com A record)
dnsQuery := []byte{
0x12, 0x34, 0x01, 0x00,
0x00, 0x01, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00,
0x06, 'g', 'o', 'o', 'g', 'l', 'e',
0x03, 'c', 'o', 'm',
0x00,
0x00, 0x01, 0x00, 0x01,
}
target := &net.UDPAddr{
IP: net.IPv4(1, 1, 1, 1),
Port: 53,
}
var buf [4096]byte
// Send multiple queries to demonstrate that the same PacketConn can be reused without re-associating
for i := 0; i < 3; i++ {
// 3. Send DNS query
_, err = pc.WriteTo(dnsQuery, target)
if err != nil {
panic(err)
}
fmt.Println("Sent DNS query")
// 4. Read response
n, addr, err := pc.ReadFrom(buf[:])
if err != nil {
panic(err)
}
fmt.Println("Received bytes:", n)
fmt.Println("Response from:", addr)
// 5. DNS payload is already unwrapped (no SOCKS5 header!)
data := buf[:n]
fmt.Println("Payload size:", len(data))
fmt.Printf("DNS raw (first 32 bytes): %x\n", data[:min(32, len(data))])
}
}Run server:
go run examples/socks5/main.goRun client:
go run examples/socks5-resolve/main.goExample output:
Resolved localhost -> ::1
Resolved google.com -> 2a00:1450:4026:807::200e
Resolved cloudflare.com -> 2606:4700::6810:84e5
package main
import (
"context"
"fmt"
"time"
"github.com/33TU/socks/socks5"
)
func main() {
d := socks5.NewDialer("127.0.0.1:1080", nil, nil)
ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
defer cancel()
hosts := []string{
"localhost",
"google.com",
"cloudflare.com",
}
for _, host := range hosts {
ip, err := d.ResolveContext(ctx, "tcp", host)
if err != nil {
fmt.Printf("Resolve failed for %s: %v\n", host, err)
continue
}
fmt.Printf("Resolved %-15s -> %v\n", host, ip)
}
}Check the examples/ directory for more complete examples:
socks4/- Simple SOCKS4 serversocks5/- Simple SOCKS5 servermux/- Multi-protocol mux serverchain/- Multi-hop proxy chainingsocks5-custom-handler/- Custom handler implementationsocks5-udp-associate/- UDP via SOCKS5socks5-resolve/- DNS resolve via SOCKS5
socks4/- SOCKS4/4a protocol implementationsocks5/- SOCKS5 protocol with authentication supportproxy/- Multi-protocol mux serverchain/- Proxy chaining functionalitynet/- Network utilities and custom connection typesinternal/- Internal utilities and helpers
Contributions are welcome! Please feel free to submit a Pull Request.
- socks-ipv6-relay - High-performance SOCKS4a/SOCKS5 relay that assigns a unique or sequential IPv6 address per connection. Useful for IP rotation and bypassing rate limits.
MIT