Smithproxy is highly configurable, fast and transparent TCP/UDP/TLS (SSL) proxy written in C++17.
It uses our C++17 socket proxying library called socle.
Read fresh Release Notes to stay tuned!
To replay traffic captures, or script custom network activity - sister project pplay.
Availability:
- Linux - can be installed as a service (distro packages, or easily compiled from sources)
- Download binary linux .deb (arm64, armhf, amd64) packages and source from: https://download.smithproxy.org/
- Download and compile directly from source (known to work: Debian, Ubuntu, Alpine, Fedora, Kali, Arch)
- Docker - available as an image on docker hub
- See our docker hub page: https://hub.docker.com/r/astibal/smithproxy
- Snap - install smithproxy service as a confined snap
- Visit snap store here: https://snapcraft.io/smithproxy
Core features:
- TCP/UDP and TLS - intercept routed traffic, locally-originated traffic and SOCKS proxy requests
- configure policy based traffic matching similar to modern firewalls
- utilize per-policy applicable content, dns, tls, detection and authentication profiles
- re-route traffic (DNAT) and load-balance it, stickiness based on source-IP, L3 or L4 header data
- insightful CLI with configuration control
- HTTP API to control configuration options ( – new in
0.9.31) - export intercepted traffic to rotated pcap files, or emitting it to remote workstation in GRE
- limited UDP SOCKS5 support ( – new in
0.9.31)
TLS features:
- TLS security checks (OCSP, OCSP stapling, automatic CRL download)
- Certificate Transparency checks for outbound connections
- HTML replacement browser warnings
- STARTTLS support for most starttls capable protocols, including HTTP proxy CONNECT
- Seamless HTTPS redirection to authentication portal (if installed)
- Exporting sslkeylog
- KTLS support with OpenSSL 3.x.x. ( – new in
0.9.31)
Other:
- Local and LDAP user authentication using builtin web portal (using complementary package)
- SOCKS4/SOCKS5 explicit proxy with DNS hostname support
- Engines: limited HTTP1 and HTTP2 support
- DNS inspection allows FQDN policy objects, including DoH
- Policies based on FQDN and 2nd level DNS domain
- both IPv4 and IPv6 are supported
- detailed debugging messages in CLI if needed
Tools:
- built-in tools to help with CA and certificate enrollment needed to run smithproxy
- auto-enrolling portal certificate based on system IP and hostname
- auto-detect inspection interface(s) based on system routing information
- check pplay tool: replays captures over the network with many cool features
Support and contacts
- Discord server: https://discord.gg/vf4Qwwt
- email support:
<[email protected]> - Documentation: https://smithproxy.readthedocs.org