/ts-warp

Transparent proxy server and traffic wrapper

Primary LanguageCBSD 2-Clause "Simplified" LicenseBSD-2-Clause

TS-Warp

CodeQL C/C++ CI - macOS C/C++ CI - Ubuntu

Transparent proxy server and traffic wrapper

Buy Me A Coffee

Features

  • Proxy services with TCP-traffic redirection to external Socks4/5, HTTP (CONNECT) and SSH2* proxy servers

    • Transparent firewall-based traffic redirector
    • Internal Socks and HTTP proxy server

    * Requires libssh2 library

  • Supported platforms:

    OS PF ip/nftables
    macOS
    FreeBSD
    OpenBSD
    Linux
    Windows WSL2
  • Main features

    Transparent proxy Socks5 Socks4 HTTP* SSH2
    Proxy protocol
    Proxy chains ⬜**
    Proxy workload balancer
    Authentication
    IPv6 stack support
    Remote names resolution: NS-Warp

    * HTTP Connect method is implemented
    ** Only one SSH2 proxy server allowed per chain

    Internal proxy Socks5 HTTP*
    Proxy protocol
    Proxy chains
    Proxy workload balancer
    Authentication
    IPv6 stack support
    Remote names resolution

    * HTTP Connect method is implemented

  • Miscellaneous features

    • Deep Packet Inspections bypass (обход замедления/блокировки, например, YouTube)
    • Simple configuration structure as INI-like file
    • Password encoding (obfuscation) in configuration files
    • Daemon mode
    • Front-end UI
    • Installation script (via Makefile)
  • TODO

    • UDP support
    • Socks4a protocol support (?)
    • OS specific select alternatives: epol / kqueue
    • Faster NS-Warp
    • Documentation

Changelog

Attention! To incorporate HTTP proxy service, socks_* variables in ts-warp.ini are replaced by proxy_* ones. The deprecated variables will be eventually removed in the further releases

See it here

Quick Installation

# If SSH2 proxy support is required, install https://libssh2.org library first, then download ts-warp:

git clone https://github.com/mezantrop/ts-warp ts-warp.src && cd ts-warp.src

# `configure` script understands a number of environmental variables. You can force setting values to:
# `PREFIX`, `WITH_TCP_NODELAY`, `WITH_LIBSSH2`, `USER`, otherwise they will be auto-detected.

./configure && make && sudo make install clean

# Copy and edit configuration files
sudo cp /usr/local/etc/ts-warp.ini.sample /usr/local/etc/ts-warp.ini && sudo vi /usr/local/etc/ts-warp.ini

# on *BSD and macOS
sudo cp /usr/local/etc/ts-warp_pf.conf.sample /usr/local/etc/ts-warp_pf.conf
sudo vi /usr/local/etc/ts-warp_pf.conf

# on Linux with nftables
sudo cp /usr/local/etc/ts-warp_nftables.sh.sample /usr/local/etc/ts-warp_nftables.sh
sudo vi /usr/local/etc/ts-warp_nftables.sh

# on Linux with iptables
sudo cp /usr/local/etc/ts-warp_iptables.sh.sample /usr/local/etc/ts-warp_iptables.sh
sudo vi /usr/local/etc/ts-warp_iptables.sh

# on Windows WSL2 (Ubuntu) with iptables; Required packages for CLI: clang/gcc, make. For GUI-Warp: python3-tk
wsl --set-default-version 2

sudo cp /usr/local/etc/ts-warp_iptables.sh.sample /usr/local/etc/ts-warp_iptables.sh
sudo vi /usr/local/etc/ts-warp_iptables.sh

Usage

You can control, e.g. start, stop ts-warp daemon using ts-warp.sh script. Under root privileges or sudo run:

# <PREFIX>/etc/ts-warp.sh start|stop|reload|restart [options]
# <PREFIX>/etc/ts-warp.sh status

For example:

sudo /usr/local/etc/ts-warp.sh start
sudo /usr/local/etc/ts-warp.sh stop

After succesfull start, TS-Warp transparently redirects traffic according to the configuration specified in ts-warp.ini and firewall rules. Also, TS-Warp spawns Socks5 proxy server at localhost:10800 and HTTPS proxy (CONNECT method) at localhost:8080.

Low-level ts-warp daemon usage

All the ts-warp command-line options can be listed using $ ts-warp -h:

Usage:
  ts-warp -T IP:Port -S IP:Port -H IP:Port -c file.ini -l file.log -v 0-4 -t file.act -d -p file.pid -f -u user -h

Version:
  TS-Warp-X.Y.Z

All parameters are optional:
  -T IP:Port      Local IP address and port for incoming Transparent requests
  -S IP:Port      Local IP address and port for internal Socks server
  -H IP:Port      Local IP address and port for internal HTTP server

  -l file.log     Main log filename
  -v 0..4         Log verbosity level: 0 - off, default: 3
  -t file.act     Active connections and traffic log

  -d              Daemon mode
  -p file.pid     PID filename
  -f              Force start

  -u user         A user to run ts-warp, default: nobody

  -h              This message

ts-warp.sh respects ts-warp daemon options. For example, to temporary enable more verbose logs, restart ts-warp with -v 4 option:

sudo /usr/local/etc/ts-warp.sh restart -v 4

ts-warp understands several signals:

  • SIGHUP signal as the command to reload configuration
  • SIGUSR1 to display current configuration state. Note, load balancer can dynamically reorder configuration sections
  • SIGUSR2 to show active clients connection status and traffic stats
  • SIGINT to stop the daemon.

Use ts-pass to encode passwords if requred. See examples in ts-warp.ini

GUI front-end

gui-warp.py

The GUI front-end application to control ts-warp daemon can be installed from the gui directory:

cd gui
sudo make install

Optionally. Set PREFIX, to use a different installation target in the make command above:

sudo make install PREFIX=/path/to/install

To start the GUI run:

sudo -b <PREFIX>/bin/gui-warp.py

Note, Python 3 interpreter with tkinter support is required to run the GUI frontend.

macOS All-in-one TS-Warp + GUI-Warp App

Check releases and download macOS standalone precompiled application. Read related README.md for information and instructions.

Experimental Deep Packet Inspections bypass (обход замедления/блокировки, например, YouTube)

According to SpoofDPI project, sending the first 1 byte of a request to the server, and then sending the rest of the data can help to bypass Deep Packet Inspections of HTTPS.

To bypass DPI, start TS-Warp with -D 0..512 flag, e.g., sudo /usr/local/etc/ts-warp.sh start -D 2 to enable packet fragmentation.

For the GUI-warp, edit ~/ts-warp/etc/gui-warp.ini to add -D to daemon_options variable, e.g: daemon_options = -D 2

Then use TS-Warp normally in Transparent mode, or point your browser to TS-Warp Internal HTTP(S) proxy at 127.0.0.1:8080 or SOCKS5 proxy at 127.0.0.1:7080.

Contacts

Not so early stage of development, yet don't expect everything to work properly. If you have an idea, a question, or have found a problem, do not hesitate to open an issue or mail me: Mikhail Zakharov zmey20000@yahoo.com

Many thanks to contributors of the project