Open-source alternatives to Naiveproxy

wireproxy is a user-space WireGuard client and network gateway that establishes secure tunnels without requiring root privileges or system-wide interface changes. It functions as a VPN proxy that can expose WireGuard connections as SOCKS5 or HTTP proxies. The project provides specialized routing capabilities, including a TLS SNI proxy that directs encrypted traffic based on Server Name Indication and a gateway for mapping local TCP and UDP ports to remote destinations. It supports multi-peer management to route traffic between several endpoints using defined IP ranges. Additional capabilitie

REALITY is a censorship circumvention tool and network traffic obfuscator designed to bypass internet filters. It functions as a secure tunneling protocol that masks connection patterns and identity by mimicking the TLS handshakes of legitimate target websites. The system removes server-side TLS fingerprints to hide encrypted traffic from network monitoring tools and deep packet inspection. It employs a website mimicking proxy to present valid handshakes and forward traffic to destination servers, masquerading the connection as a legitimate site visit. The project incorporates a quantum-resi

A Rust port of shadowsocks

ByeByeDPI is a network utility designed to circumvent regional blocking and censorship by evading deep packet inspection. It functions as a traffic tunnel and local SOCKS5 proxy server that modifies network packets to prevent filters from identifying and blocking specific content. The project employs a user-mode network stack to manipulate traffic at the application level. It achieves bypass capabilities through TCP packet fragmentation and the modification of HTTP request header formatting and case sensitivity. The system includes application-level tunneling control to determine which progr

This project provides a containerized network bridge that isolates corporate VPN software from the host operating system. It utilizes a Docker container to encapsulate the VPN client, preventing software conflicts and installation clutter on the host machine. The system includes a web-accessible graphical user interface for remote login and session management, allowing users to interact with VPN authentication prompts from any device. To enable application-level access, it implements a SOCKS5 and HTTP proxy gateway that routes host machine network traffic through the containerized connection.

gost is a multi-protocol proxy tunnel and secure tunneling server designed to route network traffic through encrypted connections. It functions as a traffic obfuscation gateway and a transparent proxy server capable of intercepting TCP and UDP traffic at the IP level. The project also includes a virtual network interface manager for creating TUN and TAP devices to intercept operating system packets. The system distinguishes itself through a chain-based request routing model, allowing traffic to pass through an ordered sequence of proxy nodes. It provides extensive transport-layer encapsulatio

This project is a privacy-focused VPN manager and WireGuard client application designed to establish encrypted tunnels that mask user IP addresses and activity. It focuses on maintaining anonymity through a system that supports account creation without personal identifying information. The application distinguishes itself with advanced privacy tools, including a multi-hop orchestrator for routing traffic through multiple sequential servers and a network traffic obfuscator that uses Shadowsocks, TCP, and QUIC to bypass deep packet inspection and censorship. It also implements quantum-resistant

Websocat is a specialized set of command-line tools for WebSocket communication, acting as a client, server, and stream processor. It provides a terminal-based interface for connecting to WebSocket servers, hosting secure WebSocket servers, and bridging data between WebSockets and other network transports. The project distinguishes itself by functioning as a bidirectional network relay, allowing the routing of data between WebSocket streams, TCP sockets, UNIX sockets, and standard system input and output. It includes specialized implementations for SOCKS5 and HTTP proxying, as well as a strea

MTProxy is a proxy server that routes traffic to Telegram servers using the MTProto protocol to bypass network restrictions. It functions as a system for managing secure connections and forwarding protocol traffic between clients and destination servers. The project implements traffic obfuscation by adding random padding to packets to mask data patterns and hide proxy usage from internet service providers. It also includes a connection manager that restricts user access through the validation of specific authentication secrets. The system provides operational observability by exposing real-t

3proxy is a multi-protocol proxy server and network access control gateway. It functions as a network traffic forwarder capable of routing TCP and UDP traffic across HTTP, SOCKS, and various email and file protocols. The project provides specialized capabilities for secure traffic inspection, including the decryption and analysis of HTTPS and TLS streams through certificate spoofing and mutual authentication. It further supports client identity anonymization by routing outbound traffic through recursive upstream proxy chains. The software covers a broad range of network management functions,

ByeDPIAndroid is a deep packet inspection bypass tool for Android that functions as a local SOCKS5 proxy. It modifies TCP packets to evade network censorship and bypass regional internet restrictions on mobile devices. The project operates as a network traffic obfuscator and TCP packet fragmenter. It splits network data into smaller pieces and hides the nature of internet requests to prevent automated blocking and traffic shaping by internet service providers. The system covers a range of capabilities including host-based traffic interception and dynamic packet modification. It utilizes non-

V2ray-for-Doprax is a containerized proxy server deployer designed to install and configure V2Ray servers on Doprax infrastructure. It functions as a VPN orchestrator that utilizes VMess and VLess protocols to route network traffic and bypass network restrictions. The project implements automated IP rotation and switching to maintain connectivity and avoid detection by network blocks. It secures communication through a protocol manager that handles unique identifiers and camouflage-based path masking to hide proxy traffic. The system manages secure network tunneling and traffic routing using

shadowsocks-libev is an event-driven network daemon that provides an encrypted SOCKS5 proxy. It functions as a lightweight proxy server using a non-blocking event loop to route TCP and UDP traffic through encrypted tunnels to bypass network restrictions. The project implements a transparent proxy gateway capable of intercepting outbound packets at the network layer, allowing system traffic to be redirected through the encrypted tunnel without per-application configuration. It also includes a daemon process manager to control multiple proxy server instances as child processes via local communi

This project is a censorship circumvention utility designed to maintain connectivity to restricted online services by evading deep packet inspection. It functions as a network traffic redirection service that manipulates packet headers at the transport layer to bypass regional network filters and censorship systems. The tool distinguishes itself by providing granular control over traffic management, allowing users to define specific lists of domains and IP addresses for targeted interception. By applying custom bypass strategies only to these designated hosts, the utility ensures that the rem

GoodbyeDPI is a censorship circumvention utility designed to bypass deep packet inspection and restrictive network filtering. It functions as a background engine that intercepts and modifies network traffic at the kernel level, allowing users to maintain connectivity in environments where specific protocols or web content are blocked. The tool employs active manipulation techniques to confuse inspection hardware, including TCP stream fragmentation, HTTP header obfuscation, and the injection of out-of-order packets. By altering packet structures and dropping specific redirection patterns, it m

Outline is a server that manages and runs Shadowsocks proxy instances, each isolated inside its own Docker container, to provide encrypted internet access. It is designed to bypass censorship by routing traffic through secure tunnels that use AEAD cipher encryption and traffic obfuscation to resist detection. Access to the proxy servers is controlled through a REST API that allows administrators to create, list, and revoke cryptographic access keys. The server automates the provisioning and configuration of proxy servers on cloud platforms like DigitalOcean, simplifying deployment through a m

ShadowsocksR Android Client is an Android VPN application and secure proxy client designed to route mobile network traffic through an external server. Its primary purpose is to encrypt data and bypass internet restrictions and censorship on Android devices. The application establishes secure tunnels using the ShadowsocksR protocol to mask network activity and maintain privacy. It functions by masking traffic and encrypting data between the mobile device and a remote proxy server to circumvent regional firewalls and connectivity blocks. The software implements a system-level network wrapper u

This project provides an open-source VPN client that creates an unrestricted tunnel to bypass internet censorship without fees, registration, speed caps, or data limits. It offers free, unlimited VPN tunneling with no sign‑up required, enabling access to blocked websites and unrestricted browsing. The application uses the WireGuard protocol for encrypted traffic routing, backed by kernel‑level packet forwarding to minimize overhead. It includes automatic server discovery that selects the most responsive server based on real‑time latency, a connection keepalive mechanism to detect and restore

This project is a Bing AI proxy gateway and web-based chat interface. It functions as a Go reverse proxy that routes HTTP traffic to external AI endpoints, allowing users to bypass regional network restrictions and login requirements. The system utilizes SOCKS5 proxy tunneling and environment-variable configuration to circumvent IP-based blocking and regional firewalls. It manages authentication by injecting predefined session cookies into outgoing requests to maintain private AI sessions and unlock personalized features. The application integrates a Vue-based single page application for the

wstunnel is a tool that tunnels arbitrary TCP traffic through WebSocket connections, enabling communication across restrictive firewalls and proxies. It operates as both a client and server, encapsulating TCP data within WebSocket binary frames and multiplexing multiple connections over a single WebSocket link. The tool supports mutual TLS authentication, requiring clients to present signed certificates for verification before establishing a tunnel, and provides shared secret access control and tunnel forwarding restrictions for additional security. The project distinguishes itself by offerin

This project is a toolset for automated VPN installation, proxy server management, and server-side network throughput optimization. It provides a Shadowsocks proxy server manager used to deploy and configure proxy servers on virtual private servers. The system utilizes automated deployment scripts to handle the installation of encryption methods, ports, and passwords on remote servers. It includes a VPS network optimizer that activates BBR congestion control to reduce latency and increase throughput for high-bandwidth streaming. The software covers remote proxy configuration and client confi

ShadowsocksR-Windows is a proxy client for Windows designed to route network traffic through ShadowsocksR proxy servers. It functions as a network proxy that establishes secure tunnels to bypass internet censorship and regional restrictions. The application manages system-wide network routing and provides SOCKS5 proxy client capabilities to hide origin IP addresses. It redirects local traffic through a remote server to maintain internet privacy and circumvent network-level blocks. The project incorporates traffic interception and encapsulation through a user-mode network wrapper and TAP-base

AutoSploit is an automated exploitation framework designed for discovering remote hosts and executing exploit modules at scale to establish reverse shells. It functions as a network reconnaissance tool and a remote code execution orchestrator, managing the deployment of attack modules against multiple targets. The system features a proxy-based traffic masker that routes network requests through external servers and rotates HTTP headers and user agents to obscure the source of activity. It allows for custom exploit orchestration through the integration of external attack modules and the manage

Empire is a post-exploitation framework and command and control server designed to manage remote access agents. It provides a centralized system for coordinating these agents and executing specialized scripts across target systems. The project functions as a security evasion tool by adapting network communication patterns to bypass firewalls and monitoring tools. It utilizes a multi-language agent runtime and a modular plugin architecture to execute payloads across different operating systems. The framework covers a broad range of operational capabilities, including remote agent orchestratio

Sheas-Cealer is a network censorship circumvention tool and browser launch parameter manager. It functions as a utility for modifying the Server Name Indication in TLS handshakes to bypass firewalls and network restrictions. The software masks traffic destinations by changing the server name sent during a browser connection. It achieves this by configuring browser startup flags and injecting launch parameters to modify the destination hostname during the initial connection. The project covers capabilities for SNI hostname spoofing and browser connection tuning to evade regional or corporate

Streisand is an orchestration system for deploying multi-protocol tunneling services and traffic obfuscation tools designed to circumvent regional network restrictions. It functions as a deployment utility and manager for various VPN and proxy services on remote cloud servers. The system distinguishes itself through a network obfuscation toolkit that wraps traffic in layers to evade deep packet inspection and bandwidth throttling. It automates the setup of multiple protocols, including WireGuard, OpenVPN, Shadowsocks, OpenConnect, OpenSSH, and Tor bridges. The project also includes utilities

Shadowsocks-qt5 is a cross-platform graphical interface for configuring and managing Shadowsocks proxy connections. It functions as a SOCKS5 proxy manager used to route network traffic through remote encrypted proxy servers. The project includes a proxy latency tester to measure round-trip times to remote servers and a network traffic monitor that tracks the volume of data sent and received through active connections. The software provides mechanisms for proxy profile management, allowing users to store and switch between different server configurations. It also includes a proxy connection i