renamed some methods, updated README.md withn instructions on how to test UDP connection

Author: shadowy-pycoder

README.md

@@ -20,6 +20,7 @@
 - [Transparent proxy](#transparent-proxy)
   - [redirect (via NAT and SO_ORIGINAL_DST)](#redirect-via-nat-and-so_original_dst)
   - [tproxy (via MANGLE and IP_TRANSPARENT)](#tproxy-via-mangle-and-ip_transparent)
+  - [UDP support](#udp-support)
   - [ARP spoofing](#arp-spoofing)
 - [Traffic sniffing](#traffic-sniffing)
   - [JSON format](#json-format)
@@ -62,8 +63,11 @@ Specify http server in proxy configuration of Postman
 - **Transparent proxy**\
   Supports `redirect` (SO_ORIGINAL_DST) and `tproxy` (IP_TRANSPARENT) modes
 
+- **TCP and UDP Transparent proxy**\
+  `tproxy` (IP_TRANSPARENT) handles TCP and UDP traffic
+
 - **Traffic sniffing**\
-  Proxy is able to parse HTTP headers and TLS handshake metadata
+  Proxy is able to parse HTTP headers, TLS handshake, DNS messages and more
 
 - **ARP spoofing**\
   Proxy entire subnets with ARP spoofing approach
@@ -101,7 +105,7 @@ You can download the binary for your platform from [Releases](https://github.com
 Example:
 
 ```shell
-GOHPTS_RELEASE=v1.9.4; wget -v https://github.com/shadowy-pycoder/go-http-proxy-to-socks/releases/download/$GOHPTS_RELEASE/gohpts-$GOHPTS_RELEASE-linux-amd64.tar.gz -O gohpts && tar xvzf gohpts && mv -f gohpts-$GOHPTS_RELEASE-linux-amd64 gohpts && ./gohpts -h
+GOHPTS_RELEASE=v2.0.0; wget -v https://github.com/shadowy-pycoder/go-http-proxy-to-socks/releases/download/$GOHPTS_RELEASE/gohpts-$GOHPTS_RELEASE-linux-amd64.tar.gz -O gohpts && tar xvzf gohpts && mv -f gohpts-$GOHPTS_RELEASE-linux-amd64 gohpts && ./gohpts -h
 ```
 
 Alternatively, you can install it using `go install` command (requires Go [1.24](https://go.dev/doc/install) or later):
@@ -168,6 +172,7 @@ Options:
   TProxy:
   -t        Address of transparent proxy server (it starts along with HTTP proxy server)
   -T        Address of transparent proxy server (no HTTP)
+  -Tu       Address of transparent UDP proxy server
   -M        Transparent proxy mode: (redirect, tproxy)
   -auto     Automatically setup iptables for transparent proxy (requires elevated privileges)
   -arpspoof Enable ARP spoof proxy for selected targets (Example: "targets 10.0.0.1,10.0.0.5-10,192.168.1.*,192.168.10.0/24;fullduplex false;debug true")
@@ -521,6 +526,30 @@ sudo bettercap -eval "net.probe on;net.recon on;set arp.spoof.fullduplex true;ar
 
 Check proxy logs for traffic from other devices from your LAN
 
+### UDP support
+
+`GoHPTS` has UDP support that can be enabled in `tproxy` mode. For this setup to work you need to connect to a socks5 server capable of serving UDP connections (`UDP ASSOCIATE`). For example, you can use [https://github.com/wzshiming/socks5](https://github.com/wzshiming/socks5) to deploy UDP capable UDP server on some remote or local machine. Once you have the server to connect to, run the following command:
+
+```shell
+sudo env PATH=$PATH gohpts -s remote -Tu :8989 -M tproxy -auto -mark 100 -d
+```
+
+This command will configure your operating system and setup server on `0.0.0.0:8989` address.
+
+To test it locally, you can combine UDP transparent proxy with `-arpspoof` flag. For example:
+
+1. Setup VM on your system with any Linux distributive that supports `tproxy` (Kali Linux, for instance).
+2. Enable `Bridged` network so that VM could access your host machine.
+3. Move `gohpts` binary to VM (via `ssh`, for instance) or build it there in case of different OS/arch.
+4. On your VM run the following command:
+
+```shell
+# Do not forget to replace <socks5 server> and <your host> with actual addresses
+sudo ./gohpts -s <socks5 server> -T 8888 -Tu :8989 -M tproxy -sniff -body -auto -mark 100 -d -arpspoof "targets <your host>;fullduplex true;debug false"
+```
+
+4. Check connection on your host machine, the traffic should go through Kali machine.
+
 ## Traffic sniffing
 
 [[Back]](#table-of-contents)

gohpts.go

@@ -520,14 +520,14 @@ func (p *proxyapp) Run() {
 	if p.tproxyAddr != "" {
 		tproxyServer = newTproxyServer(p)
 		if p.auto {
-			tproxyServer.applyRedirectRules(opts)
+			tproxyServer.ApplyRedirectRules(opts)
 		}
 	}
 	var tproxyServerUDP *tproxyServerUDP
 	if p.tproxyAddrUDP != "" {
 		tproxyServerUDP = newTproxyServerUDP(p)
 		if p.auto {
-			tproxyServerUDP.applyRedirectRules(opts)
+			tproxyServerUDP.ApplyRedirectRules(opts)
 		}
 	}
 	if p.proxylist != nil {
@@ -554,7 +554,7 @@ func (p *proxyapp) Run() {
 			if tproxyServer != nil {
 				p.logger.Info().Msgf("[tcp %s] Server is shutting down...", p.tproxyMode)
 				if p.auto {
-					err := tproxyServer.clearRedirectRules()
+					err := tproxyServer.ClearRedirectRules()
 					if err != nil {
 						p.logger.Error().Err(err).Msg("Failed clearing iptables rules")
 					}
@@ -564,7 +564,7 @@ func (p *proxyapp) Run() {
 			if tproxyServerUDP != nil {
 				p.logger.Info().Msgf("[udp %s] Server is shutting down...", p.tproxyMode)
 				if p.auto {
-					err := tproxyServerUDP.clearRedirectRules()
+					err := tproxyServerUDP.ClearRedirectRules()
 					if err != nil {
 						p.logger.Error().Err(err).Msg("Failed clearing iptables rules")
 					}
@@ -621,7 +621,7 @@ func (p *proxyapp) Run() {
 			if tproxyServer != nil {
 				p.logger.Info().Msgf("[tcp %s] Server is shutting down...", p.tproxyMode)
 				if p.auto {
-					err := tproxyServer.clearRedirectRules()
+					err := tproxyServer.ClearRedirectRules()
 					if err != nil {
 						p.logger.Error().Err(err).Msg("Failed clearing iptables rules")
 					}
@@ -631,7 +631,7 @@ func (p *proxyapp) Run() {
 			if tproxyServerUDP != nil {
 				p.logger.Info().Msgf("[udp %s] Server is shutting down...", p.tproxyMode)
 				if p.auto {
-					err := tproxyServerUDP.clearRedirectRules()
+					err := tproxyServerUDP.ClearRedirectRules()
 					if err != nil {
 						p.logger.Error().Err(err).Msg("Failed clearing iptables rules")
 					}

tproxy_linux.go

@@ -243,7 +243,7 @@ func (ts *tproxyServer) Shutdown() {
 	}
 }
 
-func (ts *tproxyServer) applyRedirectRules(opts map[string]string) {
+func (ts *tproxyServer) ApplyRedirectRules(opts map[string]string) {
 	_, tproxyPort, _ := net.SplitHostPort(ts.p.tproxyAddr)
 	var setex string
 	if ts.p.debug {
@@ -420,7 +420,7 @@ func (ts *tproxyServer) applyRedirectRules(opts map[string]string) {
 	_ = createSysctlOptCmd("net.ipv4.tcp_fin_timeout", "15", setex, opts, ts.p.debug).Run()
 }
 
-func (ts *tproxyServer) clearRedirectRules() error {
+func (ts *tproxyServer) ClearRedirectRules() error {
 	var setex string
 	if ts.p.debug {
 		setex = "set -ex"

tproxy_nonlinux.go

@@ -5,9 +5,7 @@ package gohpts
 
 import (
 	"net"
-	"os/exec"
 	"sync"
-	"syscall"
 )
 
 type tproxyServer struct {
@@ -23,39 +21,15 @@ func newTproxyServer(p *proxyapp) *tproxyServer {
 }
 
 func (ts *tproxyServer) ListenAndServe() {
-	ts.serve()
-}
-
-func (ts *tproxyServer) serve() {
-	ts.handleConnection(nil)
-}
-
-func (ts *tproxyServer) getOriginalDst(rawConn syscall.RawConn) (string, error) {
-	_ = rawConn
-	return "", nil
-}
-
-func (ts *tproxyServer) handleConnection(srcConn net.Conn) {
-	_ = srcConn
-	ts.getOriginalDst(nil)
 }
 
 func (ts *tproxyServer) Shutdown() {}
 
-func (ts *tproxyServer) createSysctlOptCmd(opt, value, setex string, opts map[string]string) *exec.Cmd {
-	_ = opt
-	_ = value
-	_ = setex
+func (ts *tproxyServer) ApplyRedirectRules(opts map[string]string) map[string]string {
 	_ = opts
 	return nil
 }
 
-func (ts *tproxyServer) applyRedirectRules() map[string]string {
-	_ = ts.createSysctlOptCmd("", "", "", nil)
-	return nil
-}
-
-func (ts *tproxyServer) clearRedirectRules(opts map[string]string) error {
-	_ = opts
+func (ts *tproxyServer) ClearRedirectRules() error {
 	return nil
 }

tproxy_udp_linux.go

@@ -533,7 +533,7 @@ func (tsu *tproxyServerUDP) getOriginalDst(oob []byte) (*net.UDPAddr, error) {
 	return nil, fmt.Errorf("original destination not found")
 }
 
-func (tsu *tproxyServerUDP) applyRedirectRules(opts map[string]string) {
+func (tsu *tproxyServerUDP) ApplyRedirectRules(opts map[string]string) {
 	_, tproxyPortUDP, _ := net.SplitHostPort(tsu.p.tproxyAddrUDP)
 	var setex string
 	if tsu.p.debug {
@@ -607,7 +607,7 @@ func (tsu *tproxyServerUDP) applyRedirectRules(opts map[string]string) {
 	}
 }
 
-func (tsu *tproxyServerUDP) clearRedirectRules() error {
+func (tsu *tproxyServerUDP) ClearRedirectRules() error {
 	var setex string
 	if tsu.p.debug {
 		setex = "set -ex"

tproxy_udp_nonlinux.go

@@ -0,0 +1,25 @@
+//go:build !linux
+// +build !linux
+
+package gohpts
+
+type tproxyServerUDP struct{}
+
+func newTproxyServerUDP(p *proxyapp) *tproxyServerUDP {
+	_ = p
+	return nil
+}
+
+func (tsu *tproxyServerUDP) ListenAndServe() {
+}
+
+func (tsu *tproxyServerUDP) Shutdown() {
+}
+
+func (tsu *tproxyServerUDP) ApplyRedirectRules(opts map[string]string) {
+	_ = opts
+}
+
+func (tsu *tproxyServerUDP) ClearRedirectRules() error {
+	return nil
+}

version.go

@@ -1,3 +1,3 @@
 package gohpts
 
-const Version string = "gohpts v1.9.4"
+const Version string = "gohpts v2.0.0"