A Go-based client-server proxy application that provides secure and obfuscated tunneling for network traffic. The system uses XOR cipher obfuscation and supports multiple transport protocols and proxy modes.
- Multiple Transport Protocols: TCP with TLS encryption and KCP (UDP-based) support
- Traffic Obfuscation: XOR cipher with shared key to obfuscate traffic patterns
- Multiple Proxy Modes: SOCKS5, HTTP, and transparent proxy support
- Cross-Platform: Works on Linux, macOS, and Windows (transparent mode Linux-only)
- TLS Encryption: Built-in TLS support for secure communication
- Go 1.24.6 or later
- For transparent proxy mode: Linux with iptables
Build both binaries:
./build.shOr build individually:
go build -o x-proxy-server cmd/server/main.go
go build -o x-proxy-client cmd/client/main.goGenerate TLS certificates for secure communication:
./generate-certs.shCreate configuration files based on the examples:
Server Config (config.server.json):
{
"listen_addr": ":8080",
"key": "your-shared-secret-key",
"transport": "tcp",
"tls": {
"cert_file": "certs/server.crt",
"key_file": "certs/server.key"
},
"log_level": "info"
}Client Config (config.client.json):
{
"server_addr": "your-server:8080",
"key": "your-shared-secret-key",
"transport": "tcp",
"tls": {
"ca_file": "certs/ca.crt"
},
"modes": [
{
"type": "socks5",
"listen_addr": ":1080"
}
],
"log_level": "info"
}Start the server:
./x-proxy-serverStart the client:
./x-proxy-clientcmd/: Main applicationsserver/: Server entry pointclient/: Client entry point
pkg/: Reusable packagesconfig/: Configuration loadinglogger/: Logging utilitiesobfuscator/: XOR cipher implementationproxy/: Core proxy logic
- Client receives local connections on configured proxy modes
- Client obfuscates traffic using XOR cipher and forwards to server
- Server deobfuscates traffic and forwards to target destinations
- Responses follow reverse path with obfuscation
- Default transport protocol
- Uses TLS for encryption and authentication
- Reliable connection-oriented communication
- UDP-based transport protocol
- Better performance in high-latency or lossy networks
- Built-in Reed-Solomon error correction
Standard SOCKS5 proxy protocol supporting TCP connections.
HTTP proxy support for web traffic.
Transparent proxy mode that works with iptables for seamless traffic redirection.
| Option | Description | Required |
|---|---|---|
listen_addr |
Server bind address and port | Yes |
key |
Shared obfuscation key | Yes |
transport |
Transport protocol ("tcp" or "kcp") | Yes |
tls |
TLS certificate configuration | If using TCP |
log_level |
Logging verbosity | No |
| Option | Description | Required |
|---|---|---|
server_addr |
x-proxy server address | Yes |
key |
Shared obfuscation key (must match server) | Yes |
transport |
Transport protocol ("tcp" or "kcp") | Yes |
tls |
TLS certificate configuration | If using TCP |
modes |
Array of proxy configurations | Yes |
log_level |
Logging verbosity | No |
Key external dependencies:
github.com/xtaci/kcp-go: KCP transport protocolgithub.com/klauspost/reedsolomon: Reed-Solomon error correctiongolang.org/x/crypto,golang.org/x/net,golang.org/x/sys: Go extended libraries
- Always use strong, unique shared keys for obfuscation
- Use TLS transport for additional encryption layer
- Regularly rotate shared keys in production environments
- Monitor logs for suspicious activity
- Keep certificates up to date
[License information not specified]
[Contributing guidelines not specified]