Transparent SOCKS5 proxy implementation over mTLS
# Serve SOCKS5 proxy over mTLS
mtlsocks5 server -l :1080
# Serve SOCKS5 proxy that forwards to the server
mtlsocks5 forwarder -l :1081 -s localhost:1080
# Test the proxy (forwarder socks5 -> mTLS client -> mTLS server -> server socks5 -> google.com)
curl --socks5-hostname localhost:1081 https://google.com- Download the binary from the releases page
- Make it executable
chmod +x mtlsocks5- Move it to a directory in your PATH (optional)
mv mtlsocks5 /usr/local/bin- Test the installation
mtlsocks5 --helpNOTE: You need to have Go installed in your system. Check the version in the go.mod file.
- Clone the repository
git clone https://github.com/atorrescogollo/mtlsocks5.git
cd mtlsocks5- Build the binary
go build -o dist/mtlsocks5 .- Test the binary
./dist/mtlsocks5 --help- Setup the certificates
mtlsocks5 mgmt new-ca
mtlsocks5 mgmt new-server -n localhost # The CN of the certificate
# Server certificate and key
ln -s localhost.crt certs/server.crt
ln -s localhost.key certs/server.key
# Forwarder certificate and key
ln -s localhost.crt certs/forwarder.crt
ln -s localhost.key certs/forwarder.key$ tree certs/
certs/
├── ca.crt
├── ca.key
├── forwarder.crt -> localhost.crt
├── forwarder.key -> localhost.key
├── localhost.crt
├── localhost.key
├── server.crt -> localhost.crt
└── server.key -> localhost.key
0 directories, 8 files- Run the server
mtlsocks5 server -l :1080- Run the forwarder
mtlsocks5 forwarder -l :1081 -s localhost:1080 # Use same domain as in the certificate- Test the proxy
curl --socks5-hostname localhost:1081 https://google.com