Here is a handy tool to route your TCP connections through a SOCKS5 or HTTP proxy. It’s called graftcp, and thanks to it, you can say goodbye to the hassle of proxying certain tools.

Compared to solutions like tsocks, proxychains, or proxychains-ng, graftcp does not use the LD_PRELOAD method, which only works for dynamically linked programs. For example, applications built with Go cannot be “hooked” by proxychains-ng. However, Graftcp can track and modify the connections of any program, making it very versatile.

To try it out, it’s easy. On Linux, compile graftcp and graftcp-local with Go or download the Debian or Arch binaries directly.

Here’s how to do it:

  1. Clone the repository: git clone https://github.com/hmgle/graftcp.git
  2. Navigate to the directory: cd graftcp
  3. Compile the project: make

After compilation, use the resulting binaries in local/graftcp-local and graftcp. You can also install them into the system:

sudo make install
sudo make install_systemd
sudo make enable_systemd

Launch graftcp-local with the address of your SOCKS5 proxy, such as 127.0.0.1:1080. For example: local/graftcp-local -socks5 127.0.0.1:1080

Then use graftcp to encapsulate your programs so they route through the proxy smoothly. For example, to install a Go package: ./graftcp go get -v golang.org/x/net/proxy

Or to browse with Chromium or Firefox: ./graftcp chromium-browser

Even your preferred shell can browse incognito if you launch it with graftcp:

./graftcp bash
wget https://www.google.com

Under the hood, Graftcp forks and traces the program with ptrace. At each connect call, it captures the destination address and sends it through a pipe to graftcp-local. Then, it modifies the address to point to graftcp-local before restarting the syscall. The application believes it is communicating with its destination, but in reality, it talks to graftcp-local, which tunnels the traffic through the SOCKS proxy. Clever, right?

Of course, you can customize graftcp’s behavior using various parameters, such as specifying configuration files to manage a blacklist or whitelist of IPs. By default, localhost passes directly:

$ graftcp -h
Usage: graftcp [options] prog [prog-args]
Options:
-c --conf-file=<path>
-a --local-addr=<IP>
-p --local-port=<port>
-n --not-ignore-local
-b --blackip-file=<path>
-w --whiteip-file=<path>
-V --version
-h --help

For more details and options, check GitHub.

Note that Graftcp is limited to TCP… no UDP. For DNS, you’ll need to use a dedicated proxy like ChinaDNS or dnscrypt-proxy. Regarding performance, while specific figures vary depending on configurations, graftcp is known to offer a robust alternative to solutions like proxychains.

In short, it’s a versatile tool for proxying because it is lightweight, compatible with everything, and above all, easy to use…

Did you enjoy this article? Feel free to share it on social media and subscribe to our newsletter so you never miss a post! And if you'd like to go a step further in supporting us, you can treat us to a virtual coffee ☕️. Thank you for your support ❤️!
⚠️ Legal Disclaimer: This website is an informational and educational tech blog. The content provided aims to help users better understand technologies, software, online tools, and digital practices.

We do not support or promote any form of piracy, copyright infringement, or illegal use of software, video content, or digital resources.

Any mention of third-party sites, tools, or platforms is purely for informational purposes. It is the responsibility of each reader to comply with the laws in their country, as well as the terms of use of the services mentioned.

We strongly encourage the use of legal, open-source, or official solutions in a responsible manner.

Categorized in:

How ToLinux

Tagged in: