TS-Warp is an advanced, cross-platform SOCKS5/4, HTTP, and SSH proxy client and server for macOS, Linux, FreeBSD/OpenBSD, and Windows (via WSL2). It supports both standard and transparent proxy modes, policy-based routing and multi-proxy rules, allowing flexible redirection of TCP traffic through different proxies based on destination, domain, or rule sets.
-
Proxy services with TCP-traffic redirection to external Socks4/5, HTTP (CONNECT) and SSH2* proxy servers
- Transparent firewall-based traffic redirector
- Internal Socks and HTTP proxy server
* Requires libssh2 library
-
Supported platforms:
OS PF ip/nftables macOS ✅ ⬜ FreeBSD ✅ ⬜ OpenBSD ✅ ⬜ Linux ⬜ ✅ Windows WSL2 ⬜ ✅ -
Main features
Transparent proxy Socks5 Socks4 HTTP* SSH2 Proxy protocol ✅ ✅ ✅ ✅ Proxy chains ✅ ✅ ✅ ⬜** Proxy workload balancer ✅ ✅ ✅ ✅ Authentication ✅ ⬜ ✅ ✅ IPv6 stack support ✅ ⬜ ✅ ✅ Remote names resolution: NS-Warp ✅ ⬜ ✅ ✅ * HTTP Connect method is implemented
** Only one SSH2 proxy server allowed per chainInternal proxy Socks5 HTTP* Proxy protocol ✅ ✅ Proxy chains ✅ ✅ Proxy workload balancer ✅ ✅ Authentication ⬜ ⬜ IPv6 stack support ✅ ✅ Remote names resolution ✅ ✅ * HTTP Connect method is implemented
-
Miscellaneous features
- Deep Packet Inspections bypass (обход замедления/блокировки, например, YouTube)
- Simple configuration structure as INI-like file
- Password encoding (obfuscation) in configuration files
- Daemon mode
- Front-end UI
- Installation script (via Makefile)
-
TODO
- UDP support
- Socks4a protocol support (?)
- OS specific
selectalternatives:epol/kqueue - Faster NS-Warp
- Documentation
Attention! To incorporate HTTP proxy service, socks_* variables in ts-warp.ini are replaced by proxy_* ones.
The deprecated variables will be eventually removed in the further releases
See it here
# If SSH2 proxy support is required, install https://libssh2.org library first, then download ts-warp:
git clone https://github.com/mezantrop/ts-warp ts-warp.src && cd ts-warp.src
# `configure` script understands a number of environmental variables. You can force setting values to:
# `PREFIX`, `WITH_TCP_NODELAY`, `WITH_LIBSSH2`, `USER`, otherwise they will be auto-detected.
./configure && make && sudo make install clean
# Copy and edit configuration files
sudo cp /usr/local/etc/ts-warp.ini.sample /usr/local/etc/ts-warp.ini && sudo vi /usr/local/etc/ts-warp.ini
# on *BSD and macOS
sudo cp /usr/local/etc/ts-warp_pf.conf.sample /usr/local/etc/ts-warp_pf.conf
sudo vi /usr/local/etc/ts-warp_pf.conf
# on Linux with nftables
sudo cp /usr/local/etc/ts-warp_nftables.sh.sample /usr/local/etc/ts-warp_nftables.sh
sudo vi /usr/local/etc/ts-warp_nftables.sh
# on Linux with iptables
sudo cp /usr/local/etc/ts-warp_iptables.sh.sample /usr/local/etc/ts-warp_iptables.sh
sudo vi /usr/local/etc/ts-warp_iptables.sh
# on Windows WSL2 (Ubuntu) with iptables; Required packages for CLI: clang/gcc, make. For GUI-Warp: python3-tk
wsl --set-default-version 2
sudo cp /usr/local/etc/ts-warp_iptables.sh.sample /usr/local/etc/ts-warp_iptables.sh
sudo vi /usr/local/etc/ts-warp_iptables.shYou can control, e.g. start, stop ts-warp daemon using ts-warp.sh script. Under root privileges or sudo run:
# <PREFIX>/etc/ts-warp.sh start|stop|reload|restart [options]
# <PREFIX>/etc/ts-warp.sh statusFor example:
sudo /usr/local/etc/ts-warp.sh start
sudo /usr/local/etc/ts-warp.sh stopAfter succesfull start, TS-Warp transparently redirects traffic according to the configuration specified in
ts-warp.ini and firewall rules. Also, TS-Warp spawns Socks5 proxy server at localhost:10800 and HTTPS proxy
(CONNECT method) at localhost:8080.
All the ts-warp command-line options can be listed using $ ts-warp -h:
Usage:
ts-warp -T IP:Port -S IP:Port -H IP:Port -c file.ini -l file.log -v 0-4 -t file.act -d -p file.pid -f -u user -h
Version:
TS-Warp-X.Y.Z
All parameters are optional:
-T IP:Port Local IP address and port for incoming Transparent requests
-S IP:Port Local IP address and port for internal Socks server
-H IP:Port Local IP address and port for internal HTTP server
-l file.log Main log filename
-v 0..4 Log verbosity level: 0 - off, default: 3
-t file.act Active connections and traffic log
-d Daemon mode
-p file.pid PID filename
-f Force start
-u user A user to run ts-warp, default: nobody
-h This messagets-warp.sh respects ts-warp daemon options. For example, to temporary enable more verbose logs, restart ts-warp
with -v 4 option:
sudo /usr/local/etc/ts-warp.sh restart -v 4ts-warp understands several signals:
SIGHUPsignal as the command to reload configurationSIGUSR1to display current configuration state. Note, load balancer can dynamically reorder configuration sectionsSIGUSR2to show active clients connection status and traffic statsSIGINTto stop the daemon.
Use ts-pass to encode passwords if requred. See examples in ts-warp.ini
The GUI front-end application to control ts-warp daemon can be installed from the gui directory:
cd gui
sudo make installOptionally. Set PREFIX, to use a different installation target in the make command above:
sudo make install PREFIX=/path/to/installTo start the GUI run:
sudo -b <PREFIX>/bin/gui-warp.pyNote, Python 3 interpreter with tkinter support is required to run the GUI frontend.
Check releases and download macOS standalone precompiled GUI application. Read related README.md for information and instructions.
According to SpoofDPI project, sending the first 1 byte of a request to the server, and then sending the rest of the data can help to bypass Deep Packet Inspections of HTTPS.
To bypass DPI, start TS-Warp with -D 0..512 flag, e.g., sudo /usr/local/etc/ts-warp.sh start -D 2 to enable packet
fragmentation.
For the GUI-warp, edit ~/ts-warp/etc/gui-warp.ini to add -D to daemon_options variable, e.g: daemon_options = -D 2
Then use TS-Warp normally in Transparent mode, or point your browser to TS-Warp Internal HTTP(S) proxy at
127.0.0.1:8080 or SOCKS5 proxy at 127.0.0.1:7080.
Not so early stage of development, yet don't expect everything to work properly. If you have an idea, a question, or have found a problem, do not hesitate to open an issue or mail me: Mikhail Zakharov [email protected]
Many thanks to contributors of the project