SOCKS5 over TLS (over HTTPS proxy) client/server stack, providing SOCKS5 and transparent proxy client side
Switch branches/tags
Nothing to show
Clone or download
Latest commit 3f158c6 Jan 7, 2015
Failed to load latest commit information.
lib Initial commit Jan 7, 2015
.gitignore Initial commit Jan 7, 2015
Gemfile Initial commit Jan 7, 2015
LICENSE Initial commit Jan 7, 2015 Initial commit Jan 7, 2015
Rakefile Initial commit Jan 7, 2015
client.rb Initial commit Jan 7, 2015
fw-piercer.gemspec Initial commit Jan 7, 2015
generate_cert.rb Initial commit Jan 7, 2015
server.rb Initial commit Jan 7, 2015

Firewall Piercer

This application create a SOCKS5 over TLS server, allowing bypass of a facist firewall.

This application also provide client side a SOCKS5 server, a transparent proxy and can use HTTPS proxy to exit.

Can replace Tor if Tor « side effects » (random output IP, latency…) is not acceptable, but your privacy is not protected this way !


Require Ruby 2.0.0 or later.

No external ruby dependency.

Just clone this repo :)



The client/server communications are protected with TLS and need certificates.

The server strongly authenticate the client with it X.509 certificate.

You can use any X.509 certificates you want, but for easy deployment, there is a generate_cert.rb script to generate client/server keys and certificates.

Server side

Just run the server.rb

By default, the server run on the 443 port. You can edit the script to select keys/certificates and port to use.

Client side

Just run the client.rb

By default, the client start a SOCKS5 server on 1080 port and a transparent proxy server on 1081. You can edit the script to select keys/certificates and port to use.

If you have to use a HTTPS proxy server, fill PROXY_HOST and PROXY_PORT. Currently proxy authentication is not supported.

Just point applications supporting SOCKS5 to the SOCKS port.

If your application don’t support SOCKS5, you can use iptables to redirect all the traffic to the server, for example :

iptables -t nat -A OUTPUT -p tcp --dport ssh --syn -j REDIRECT --to-ports 1081


This software is released under GPLv3 or later license.


  • Boot script (SysV/SystemD)
  • Config file
  • Improve logging


  1. Fork it ( )
  2. Create your feature branch (git checkout -b my-new-feature)
  3. Commit your changes (git commit -am 'Add some feature')
  4. Push to the branch (git push origin my-new-feature)
  5. Create a new Pull Request

I am Charlie

In memory of

  • Charb
  • Cabu
  • Wolinski
  • Tignous
  • Bernard Maris
  • Michel Renaud
  • Honoré
  • Mustapha Ourad
  • Ahmed Merabet
  • Franck Brinsolaro
  • Frédéric Boisseau
  • Elsa Cayat

cartoonists, journalists, police officers or citizens, killed this 01/07/2015 for defending freedom speech.

Just my very tiny contribution for defending this kind of freedom on this world, compared to theirs…