30 open-source projects similar to haad/proxychains, ranked by how many features they have in common. Compare stars, activity and what each one does to find the best Proxychains alternative.
gost is a multi-protocol proxy tunnel and secure tunneling server designed to route network traffic through encrypted connections. It functions as a traffic obfuscation gateway and a transparent proxy server capable of intercepting TCP and UDP traffic at the IP level. The project also includes a virtual network interface manager for creating TUN and TAP devices to intercept operating system packets. The system distinguishes itself through a chain-based request routing model, allowing traffic to pass through an ordered sequence of proxy nodes. It provides extensive transport-layer encapsulatio
Proxychains-ng is a utility for POSIX-compliant systems that redirects network traffic and domain name lookups through proxy chains. It functions by intercepting system calls and forcing outgoing TCP connections through a sequence of SOCKS4, SOCKS5, or HTTP proxies without requiring modifications to the target application source code. The tool distinguishes itself by utilizing dynamic library preloading to override standard network functions, allowing it to wrap socket-level traffic and route it through multiple intermediate servers. It supports various routing strategies, including strict, r
Mitmproxy is an interactive, programmable network proxy engine designed for traffic analysis and protocol manipulation. It functions as a gateway that intercepts, inspects, and modifies network traffic in real-time, supporting HTTP, HTTPS, WebSocket, DNS, and generic TCP or UDP streams. By acting as a trusted certificate authority, the proxy can dynamically generate and sign certificates to decrypt and analyze secure TLS-encrypted connections. The project distinguishes itself through a highly extensible, event-driven architecture that allows users to automate traffic transformation using cust
This project is a decentralized, privacy-focused messaging platform designed to eliminate reliance on central servers and persistent user identifiers. By utilizing a metadata-minimizing protocol, it ensures that all communication remains end-to-end encrypted and that user identities are stored exclusively on the local device. The architecture relies on relay-based message routing and identity-free network addressing to maintain data sovereignty and prevent the correlation of user activity. What distinguishes this platform is its commitment to traffic isolation and anonymity. Each conversation
This project is a service mesh platform designed to manage, secure, and observe service-to-service communication within Kubernetes clusters. It functions as a control plane that orchestrates transparent sidecar proxies, which intercept and manage network traffic to provide reliable connectivity for microservices. By automating the injection of these proxies, the platform ensures that infrastructure-level policies are applied consistently across all workloads without requiring manual configuration changes. The platform distinguishes itself through its focus on zero-trust security and cross-clu
3proxy is a multi-protocol proxy server and network access control gateway. It functions as a network traffic forwarder capable of routing TCP and UDP traffic across HTTP, SOCKS, and various email and file protocols. The project provides specialized capabilities for secure traffic inspection, including the decryption and analysis of HTTPS and TLS streams through certificate spoofing and mutual authentication. It further supports client identity anonymization by routing outbound traffic through recursive upstream proxy chains. The software covers a broad range of network management functions,
ZeroOmega is a web-based proxy orchestrator and manager designed for real-time updates to active network gateways. It functions as a system for configuring, storing, and switching between different network proxy profiles to direct internet traffic. The project features a PAC script generator that translates structured proxy profile data into auto-configuration files. These scripts automate network routing decisions by matching requested URLs against defined patterns. Administration is handled through a browser-based interface that allows for the modification of routing rules and the manageme
Zapret is a deep packet inspection bypass tool and packet manipulation framework designed to circumvent network censorship. It operates as a transparent network proxy and TCP traffic obfuscator that modifies packets to deceive network inspection systems. The project distinguishes itself through advanced desynchronization strategies, including the modification of TLS client hello handshakes and the use of fake packet injection. It utilizes a combination of TCP stream segmentation, sequence overlapping, and TTL adjustment to hide prohibited requests from firewalls while ensuring the destination
Throne is a cross-platform proxy client that provides a unified graphical interface for managing and routing network traffic through secure proxy protocols. It combines subscription-based node management, multi-protocol routing, TUN-based global traffic interception, and DNS leak prevention into a single application that runs on Windows, Linux, and macOS. The application supports a wide range of proxy protocols including SOCKS, HTTP, Shadowsocks, Trojan, and VMess, and can route traffic through chains of multiple proxy servers for layered routing. It creates a virtual network interface to int
Shadowsocks-android is a secure tunneling application and SOCKS5 proxy client for Android. It routes device network traffic through a Shadowsocks proxy server to encrypt data, mask the user's internet origin, and bypass network restrictions. The client functions as an Android VPN service, creating a virtual network interface to intercept and redirect all outgoing device traffic. It supports the integration of external binary plugins to extend tunnel capabilities with custom transport protocols and traffic obfuscation methods. The project manages network routing through a local SOCKS5 server
SwitchyOmega is a browser proxy manager and extension that controls network traffic routing and manages proxy configurations through a graphical interface. It functions as a proxy routing orchestrator and a PAC script generator, converting user-defined rules into JavaScript auto-config scripts for automated network routing. The project enables users to organize network configurations into distinct profiles, allowing for the switching of proxying logic based on different environments. It automates the selection of proxy servers by matching requested URLs against predefined patterns to avoid ma
This project is a multi-protocol proxy server and network tunneling tool designed to manage traffic across heterogeneous infrastructure. It functions as a traffic management gateway, providing the core infrastructure to route, filter, and secure network connections through a unified interface. The software distinguishes itself through its support for cascading proxy chaining and dynamic upstream load balancing, which allow for the creation of complex, multi-hop network paths. It provides granular control over traffic flow by normalizing diverse protocols, enabling transparent port forwarding,
MasterDnsVPN is a DNS tunneling VPN and network censorship bypass tool that encapsulates network traffic within DNS queries to circumvent restrictive firewalls. It functions as a secure tunneling protocol and SOCKS5 proxy server, allowing local application traffic to be routed through a secure tunnel to a remote destination. The project distinguishes itself through a DNS resolver load balancer that distributes traffic across multiple resolvers based on latency and packet loss scoring. It further secures and masks traffic using symmetric payload encryption—supporting ChaCha20, AES-GCM, and XOR
Ethical-Hacking-Labs is a comprehensive cybersecurity training curriculum and lab suite designed for learning penetration testing, network analysis, and offensive security techniques. It provides a structured environment for practicing the full attack lifecycle, from initial reconnaissance and scanning to exploitation and post-compromise analysis. The project provides instructional materials and guided exercises that cover specific technical domains, including open source intelligence research and network security courseware. It includes a practical workbook for identifying system vulnerabili
LibreTranslate is an open-source, self-hosted machine translation engine that provides a private alternative to proprietary cloud-based translation services. It functions as a portable translation server, allowing users to process text and document translations locally or within their own infrastructure without relying on external providers. The platform distinguishes itself through its focus on privacy and flexible deployment, supporting anonymous network routing to bypass restrictive firewalls and protect user data. It is designed for integration into broader software ecosystems, offering a
k3d is a containerized Kubernetes orchestrator and wrapper that manages the lifecycle of k3s nodes and servers within container runtimes. It serves as a tool for deploying and destroying multi-node Kubernetes environments on a single machine for local development and testing. The project distinguishes itself by wrapping k3s to provide integrated networking, resource limit control, and local registry orchestration. It enables multi-node cluster simulation by wrapping nodes as isolated containers and using host-entry injection and port proxying to route host TCP and UDP traffic into the cluster
Karing is a multi-protocol proxy client and network traffic router designed to manage and direct internet traffic through various proxy protocols. It functions as a proxy subscription manager that imports and converts server lists from multiple external formats and providers into a unified configuration. The project features a cross-device synchronization system that keeps network routing settings and server lists consistent across multiple devices via cloud or local sharing. It includes a latency-based server selector that measures real-time response times to automatically connect to the fas
Toxiproxy is a framework designed for chaos engineering and network resilience testing. It functions as a programmable TCP proxy that intercepts and routes data streams between clients and servers, allowing developers to simulate unstable network conditions such as latency, bandwidth throttling, and connection failures. The tool provides a control plane that enables the dynamic manipulation of network conditions on active connections in real time. By integrating into automated test suites, it allows for the programmatic injection of faults to validate how distributed systems and microservices
Gost is a Go-based network tunnel and multi-protocol proxy server. It functions as a gateway for routing TCP and UDP traffic, creating secure network tunnels between remote endpoints, and acting as a DNS proxy server to resolve domain name queries. The project is distinguished by its ability to implement multi-hop proxy chaining, which links multiple network nodes in a sequence to route traffic through specific paths. It also provides transparent proxying by integrating with virtual network interfaces to intercept system-level traffic without requiring manual client configuration. The system
This repository provides configuration sets for the Quantumult X network proxy client. It consists of routing rules, policy groups, and script rewrites designed to manage network connectivity and automation. The project features a network traffic router that uses rules and regular expressions to direct traffic toward specific proxy servers based on destination. It includes an HTTP request rewriter to modify network requests and responses to customize application behavior or bypass restrictions. The configuration covers automated task scripts for the maintenance of external web services, regi
Websockify is a WebSocket-to-TCP proxy and tunneling server that enables web browsers to communicate with servers or applications that only support standard TCP connections. It functions as a network bridge and connection broker, translating bidirectional WebSocket frames into raw TCP packets to facilitate remote browser access to backend services. The system acts as a secure socket gateway that supports multi-tenant socket routing, allowing multiple clients to be directed to different backend targets based on unique URL tokens or hostnames. It secures data in transit by wrapping connections
Surge is a network traffic routing and configuration system designed to categorize and steer network requests using curated rule sets, domain lists, and IP databases. It provides the data structures and filtering logic necessary to manage how application traffic is directed across proxies, direct connections, or regional gateways. The project distinguishes itself through granular traffic identification and steering. It identifies network requests by matching them against system process names, user-agent strings, and geographic IP ranges to apply specific routing policies. This allows for the
This project provides a collection of structured, binary-encoded routing datasets designed for proxy software to automate network traffic management. By mapping domain names and IP addresses to specific functional categories, it enables proxy clients to make granular, policy-based connection decisions. The repository serves as a centralized source for routing metadata, ensuring that traffic steering logic remains consistent across various networking implementations. The project distinguishes itself through an automated aggregation pipeline that processes community-maintained datasets into a u
Luma3DS is a custom firmware for the Nintendo 3DS that removes factory restrictions to enable the execution of unsigned homebrew and game modifications. It functions as a kernel-level system extension that hooks system calls to bypass hardware limitations and introduce new operating system capabilities. The project serves as a homebrew payload loader, using boot-time mechanisms to launch third-party software and custom firmware versions. It also provides a game modding framework capable of patching executable code and intercepting file requests to load custom assets and modified data. The en
Fabio is a network gateway that provides reverse proxying, layer 7 traffic management, and automated service discovery mapping. It functions as an HTTP reverse proxy, a gRPC and TCP proxy, and a service discovery gateway to route incoming traffic to healthy backend instances. The project distinguishes itself through deep integration with service registries, specifically acting as a Consul load balancer to automatically synchronize routing tables and update destination targets. It manages diverse traffic types using SNI-based routing for raw TCP streams and maintains full protocol compatibilit
This project is a Bing AI proxy gateway and web-based chat interface. It functions as a Go reverse proxy that routes HTTP traffic to external AI endpoints, allowing users to bypass regional network restrictions and login requirements. The system utilizes SOCKS5 proxy tunneling and environment-variable configuration to circumvent IP-based blocking and regional firewalls. It manages authentication by injecting predefined session cookies into outgoing requests to maintain private AI sessions and unlock personalized features. The application integrates a Vue-based single page application for the
Lura is an API gateway and traffic router that directs network requests to backend services using a configurable pipeline of processing steps. It functions as a backend load balancer and a request middleware engine designed to validate, modify, and transform incoming requests and responses. The system specializes in API response aggregation, allowing it to execute concurrent requests to multiple backend services and merge the results into a single unified output. This includes the ability to perform dynamic response mapping by renaming fields and filtering data to optimize the final client pa
I2P is a decentralized anonymous network layer and peer-to-peer overlay network. It functions as a darknet infrastructure that encrypts traffic and masks user identities and locations from external observers. The system acts as an anonymous proxy gateway, enabling the hosting of hidden services and websites that are unreachable via the public internet. It provides capabilities for privacy-preserving web mirroring and private secure shell tunneling to hide the physical IP addresses of both servers and clients. The network employs garlic routing, unidirectional tunneling, and a distributed has
Fluxion is a wireless security auditing framework that tests WPA/WPA2 networks by capturing handshakes and deploying rogue access points with captive portals. It operates by deauthenticating clients from legitimate access points, forcing them to reconnect to a cloned network where a fake authentication page collects the network passphrase. The tool distinguishes itself through a plugin-based attack lifecycle with mandatory hook functions for consistent execution, multilingual metadata scripts that load attack descriptions based on locale, and a handshake verification pipeline that validates c