How to Use Graftcp to Proxy Any Program

Here is a handy tool to route your TCP connections through a SOCKS5 or HTTP proxy. It’s called graftcp, and thanks to it, you can say goodbye to the hassle of proxying certain tools.

Compared to solutions like tsocks, proxychains, or proxychains-ng, graftcp does not use the LD_PRELOAD method, which only works for dynamically linked programs. For example, applications built with Go cannot be “hooked” by proxychains-ng. However, Graftcp can track and modify the connections of any program, making it very versatile.

To try it out, it’s easy. On Linux, compile graftcp and graftcp-local with Go or download the Debian or Arch binaries directly.

Here’s how to do it:

  1. Clone the repository: git clone https://github.com/hmgle/graftcp.git
  2. Navigate to the directory: cd graftcp
  3. Compile the project: make

After compilation, use the resulting binaries in local/graftcp-local and graftcp. You can also install them into the system:

sudo make install
sudo make install_systemd
sudo make enable_systemd

Launch graftcp-local with the address of your SOCKS5 proxy, such as 127.0.0.1:1080. For example: local/graftcp-local -socks5 127.0.0.1:1080

Then use graftcp to encapsulate your programs so they route through the proxy smoothly. For example, to install a Go package: ./graftcp go get -v golang.org/x/net/proxy

Or to browse with Chromium or Firefox: ./graftcp chromium-browser

Even your preferred shell can browse incognito if you launch it with graftcp:

./graftcp bash
wget https://www.google.com

Under the hood, Graftcp forks and traces the program with ptrace. At each connect call, it captures the destination address and sends it through a pipe to graftcp-local. Then, it modifies the address to point to graftcp-local before restarting the syscall. The application believes it is communicating with its destination, but in reality, it talks to graftcp-local, which tunnels the traffic through the SOCKS proxy. Clever, right?

Of course, you can customize graftcp’s behavior using various parameters, such as specifying configuration files to manage a blacklist or whitelist of IPs. By default, localhost passes directly:

$ graftcp -h
Usage: graftcp [options] prog [prog-args]
Options:
-c --conf-file=<path>
-a --local-addr=<IP>
-p --local-port=<port>
-n --not-ignore-local
-b --blackip-file=<path>
-w --whiteip-file=<path>
-V --version
-h --help

For more details and options, check GitHub.

Note that Graftcp is limited to TCP… no UDP. For DNS, you’ll need to use a dedicated proxy like ChinaDNS or dnscrypt-proxy. Regarding performance, while specific figures vary depending on configurations, graftcp is known to offer a robust alternative to solutions like proxychains.

In short, it’s a versatile tool for proxying because it is lightweight, compatible with everything, and above all, easy to use…

"Because of the Google update, I, like many other blogs, lost a lot of traffic."

Join the Newsletter

Please, subscribe to get our latest content by email.

Mohamed SAKHRI
Mohamed SAKHRI

I'm the creator and editor-in-chief of Tech To Geek. Through this little blog, I share with you my passion for technology. I specialize in various operating systems such as Windows, Linux, macOS, and Android, focusing on providing practical and valuable guides.

Articles: 1454

Newsletter Updates

Enter your email address below and subscribe to our newsletter

Leave a Reply

Your email address will not be published. Required fields are marked *