Skip to content


Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

Latest commit


Git stats


Failed to load latest commit information.
Latest commit message
Commit time
August 12, 2021 15:13
January 25, 2021 23:11
December 23, 2021 12:27
February 5, 2022 15:49
September 19, 2014 00:40
April 22, 2020 15:30
May 4, 2022 11:11
December 19, 2022 18:52
May 24, 2021 10:01
December 19, 2022 22:11

Smithproxy is highly configurable, fast and transparent TCP/UDP/TLS (SSL) proxy written in C++17.
It uses our C++17 socket proxying library called socle.

Note: Snap and precompiled binary packages are no longer available from Russia Federation and Belarus as a response to their blatant war crimes being commited when invading Ukraine these days. For individuals from named countries: there are still sources which can be easily compiled; in the mean time seek more uncensored information!

Read fresh Release Notes to stay tuned!
To replay captured traffic, check out the sister project pplay.


  • Linux - can be installed as a service (distro packages, or easily compiled from sources)
    • Download binary linux .deb (arm64, armhf, amd64) packages and source from: https://download.smithproxy. org/
    • Download and compile directly from source (known to work: Debian, Ubuntu, Alpine, Fedora, Kali, Arch)
  • Docker - available as an image on docker hub
  • Snap - install smithproxy service as a confined snap (with some limitations)!

Core features:

  • TCP/UDP and TLS - intercept routed traffic, locally-originated traffic and SOCKS proxy requests
  • configure policy based traffic matching similar to modern firewalls
  • utilize per-policy applicable content, dns, tls, detection and authentication profiles
  • re-route traffic (DNAT) and load-balance it, stickiness based on source-IP, L3 or L4 header data
  • enjoy insightful CLI with configuration control
  • export intercepted traffic to rotated pcap files, or emitting it to remote workstation in GRE

TLS features:

  • TLS security checks (OCSP, OCSP stapling, automatic CRL download)
  • Certificate Transparency checks for outbound connections
  • HTML replacement browser warnings
  • STARTTLS support for most starttls capable protocols, including HTTP proxy CONNECT
  • Seamless HTTPS redirection to authentication portal
  • Exporting sslkeylog


  • Local and LDAP user authentication using builtin web portal (using complementary package)
  • SOCKS4/SOCKS5 explicit proxy with DNS hostname support
  • Engines: limited HTTP1 and HTTP2 support
  • DNS inspection allows FQDN policy objects, including DoH
  • Policies based on FQDN and 2nd level DNS domain
  • both IPv4 and IPv6 are supported
  • detailed debugging messages in CLI if needed


  • built-in tools to help with CA and certificate enrollment needed to run smithproxy
  • auto-enrolling portal certificate based on system IP and hostname
  • auto-detect inspection interface(s) based on system routing information
  • check pplay tool: replays captures over the network with many cool features

Support and contacts