WSSocks is a SOCKS proxy implementation over WebSocket protocol.
This tool allows you 8000 to securely expose SOCKS proxy services under Web Application Firewall (WAF) protection (forward socks), or enable clients to connect and serve as SOCKS proxy servers when they don't have public network access (reverse socks).
For python version, please check zetxtech/pywssocks. But note that the Python version typically has lower performance compared to this implementation.
- Supporting command-line usage, API server, and library integration.
- Forward, reverse and agent proxy modes.
- Round-robin load balancing for reverse proxy.
- SOCKS proxy authentication support.
- IPv6 over SOCKS5 support.
- UDP over SOCKS5 support.
- Distributed HTTP backend.
- Bypassing CAPTCHA using client-side proxies.
- Secure intranet penetration, using CDN network.
Forward Proxy:
# Server (WebSockets at port 8765, as network provider)
wssocks server -t example_token
# Client (SOCKS5 at port 1080)
wssocks client -t example_token -u http://localhost:8765 -p 1080Reverse Proxy (with -r flag):
# Server (WebSockets at port 8765, SOCKS at port 1080)
wssocks server -t example_token -p 1080 -r
# Client (as network provider)
wssocks client -t example_token -u http://localhost:8765 -rAgent Proxy (with -c flag for connectors' token):
# Server (WebSockets at port 8765, SOCKS at port 1080)
wssocks server -t example_token -c example_connector_token -p 1080 -r
# Client (as network provider)
wssocks provider -t example_token -u http://localhost:8765
# Connector (SOCKS5 at port 1180)
wssocks connector -t example_connector_token -u http://localhost:8765 -p 1180You can also use our public demo server:
# Client (as network provider)
wssocks provider -t any_token -u https://wssocks.zetx.tech -c any_connector_token
# Connector (SOCKS5 at port 1180)
wssocks connector -t any_connector_token -u https://wssocks.zetx.tech -p 1180Autonomy Agent Proxy (with -a flag):
# Server (WebSocket at port 8765, autonomy mode)
wssocks server -r -t example_token -a
# Client (as network provider, set connector token when start)
wssocks provider -t example_token -c example_connector_tokenIn autonomy mode:
- The server's SOCKS proxy will not start listening.
- Reverse clients can specify their own connector tokens.
- Load balancing is disabled - each connector's requests will only be routed to its corresponding reverse client.
WSSocks can be installed by:
go install github.com/zetxtech/wssocks/cmd/wssocks@latestYou can also download pre-built binaries for your architecture from the releases page.
WSSocks is also available via Docker:
docker run --rm -it jackzzs/wssocks --helpWSSocks server can be hosted on Cloudflare Worker, see: zetxtech/wssocks.js
The wssocks.js version is a lite version and does not contain API functionality.
WSSocks server provides an HTTP API when enabled with the --api-key flag:
# Start server with API enabled
wssocks server --api-key your_api_keyAll API requests require the X-API-Key header with your configured API key.
GET /api/status
Returns server version and a list of all tokens with their types and active client counts.
POST /api/token
Content-Type: application/json
{
"type": "forward",
"token": "new_token" // Optional: auto-generated if not provided
}
Adds a new forward proxy token.
POST /api/token
Content-Type: application/json
{
"type": "reverse",
"token": "new_token", // Optional: auto-generated if not provided
"port": 1080, // Optional: auto-allocated if not provided
"username": "user", // Optional: SOCKS authentication
"password": "pass" // Optional: SOCKS authentication
}
Adds a new reverse proxy token with specified SOCKS settings.
DELETE /api/token/{token}
Or
DELETE /api/token
Content-Type: application/json
{
"token": "token_to_delete"
}
Removes the specified token.
WSSocks is open source under the MIT license.