Advanced Proxy Routing, DPI Evasion, and Transport-Agnostic Tunneling Suite
This repository contains two highly specialized, independently compiled networking tools written in V. Together, they provide a complete stack for bypassing Deep Packet Inspection (DPI), managing proxy chains, and tunneling traffic over esoteric covert channels.
Lightweight, multi-protocol proxy router & chain manager with DPI desync
SockSlender is a programmable proxy multiplexer. It combines multiple proxy servers into intelligent routing chains with built-in anti-censorship, automatic failover, and smart server selection. It intercepts connections, applies network-layer manipulations to defeat DPI, and routes traffic through the optimal path.
apt update -y && apt install -y git clang make && if ! command -v v >/dev/null 2>&1; then git clone --depth=1 https://github.com/vlang/v && cd v && make && ./v symlink && cd ..; fi && git clone --depth=1 https://github.com/tailsmails/sockslender && cd sockslender && v -enable-globals -prod sockslender.v -o sockslender && ln -sf $(pwd)/sockslender $PREFIX/bin/sockslender- Multi-Protocol: SOCKS5 (Full TCP & UDP Associate support), HTTP CONNECT, SNI/TLS Passthrough, DNS (UDP Forwarding).
- Authentication: Username/Password support for both local listeners and upstream proxies.
- Chain Architecture: Connect unlimited proxies sequentially using
+. - Macros & Mid-Chain Listeners: Save chain segments as variables (
-xNAME), or spawn listeners mid-chain (-x). - Multi-Box Routing: Run completely isolated proxy instances inside a single process using
::. - Zero Dependencies: Single static binary. Auto-tunes File Descriptor (FD) limits on Linux/macOS.
SockSlender implements an advanced multi-layered decision engine to ensure zero-latency routing in high-interference environments:
- Evasion Model (Multi-Armed Bandit): Uses a Discounted UCB1 algorithm with a 0.98 decay factor. It prioritizes recent performance data, allowing the system to rapidly adapt to new interference patterns by "forgetting" obsolete history.
- Neural Path Selection: A deep neural network (16-unit hidden layer, Leaky ReLU, Momentum-based optimizer) scores and predicts the stability of path variations. It is calibrated to heavily penalize latency spikes (150ms scale), triggering configuration switches before the user perceives any lag.
- Connection Hedging: Under poor network conditions, SockSlender uses aggressive hedging (up to 4 parallel connection attempts) to guarantee that the fastest available path is always used.
SockSlender manages third-party tools (Tor, Xray, WireGuard) as background processes and continuously optimizes their parameters:
-r?CMD?: Run a simple background task.-rr?CMD_TEMPLATE,EP?: Run with an auto-optimizing Neural Watchdog. It monitors the Endpoint (EP) and uses its internal Neural Network to select the best command variation from the provided template (e.g.,::val1>val2::). Differentiates between process CRASH and network FREEZE.-rrr?CMD,EP?: Tunnels the background task viaproxychains4through the preceding chain nodes before hitting the Endpoint.
| Flag | Function | Example |
|---|---|---|
-l URI |
Add listener | -l socks5://user:pass@0.0.0.0:1080 |
-u CHAIN |
Add global upstream | -u socks5://a:1010+socks5://b:2020 |
-i CHAIN |
Add isolated chain | -i proxy:1010+-xsocks5://0.0.0.0:2020 |
-o CHAIN |
Append to all chains | -o socks5://exit:9050 |
:: |
Isolate Boxes | -l ... -u ... :: -l ... -u ... |
Rules are injected directly into the URI between ? markers (e.g., sni://proxy:443?L3R:fake=3?).
Modify payload bytes unconditionally, conditionally (if/el), or via AOB pattern matching.
?0-1=0505?(Unconditional patch)?3-3=01 if 0-1=0500 el 7-7=FF?(If/Else patch)?1603__01 if 2-2=03?(AOB pattern match with wildcards__)
Control IP/TCP header behaviors.
- No Root:
ttl,tos(DSCP/QoS),df(Don't Fragment),nodelay,keepalive,delay. - Root Required:
mark(iptables fwmark),bind(force interface, e.g.,tun0),tproxy.
| Rule | Description |
|---|---|
split=N / seg=N |
Split first packet at byte N, or segment entire payload. |
split1 / split_mid |
Split after the 1st byte, or exactly in the middle of the payload. |
random_split |
Break payload into random-sized chunks to destroy packet length signatures. |
random_split_delay |
Random chunks + random jitter (delay) between them to kill timing analysis. |
splitsni / splithttp |
Auto-detect and split exactly at SNI or HTTP Host boundary. |
splitsni_delay |
Split at SNI boundary with a 15ms delay to overflow DPI buffers. |
oob=HEX |
Send TCP Out-of-Band (urgent) data. |
- TCP Connect
- L2/L3: Apply
setsockopt(TTL, TOS, MARK, BIND, NODELAY) - Protocol Handshake (SOCKS5/HTTP)
- First Data Packet Interception:
- Execute Desync Writes (Split, Seg, SNI Detection)
- ML/Neural Model feedback loop for path scoring
- Relay Loop: Apply L7 byte patches/AOB matching on every subsequent packet.
Transport-Agnostic Covert Tunneling Protocol
While SockSlender handles L3/L4 routing and DPI evasion, Anyside completely detaches standard networking from the underlying transport medium. It accepts standard TCP/SOCKS5 connections, multiplexes them, wraps the payloads in CRC-verified Base64 frames, and delegates the physical transmission to user-defined external adapters.
If you can move a string of text from point A to point B (via Telegram bots, DNS TXT records, audio FSK, or writing to a USB drive), Anyside can tunnel a full TCP connection over it.
Build the binary:
v -prod -cc gcc anyside.vRun Server (Target Environment):
./anyside -m server -e "python3 adapter.py" -c 8192 -d 50Run Client (Local Environment):
./anyside -m client -l 127.0.0.1:1080 -e "python3 adapter.py" -c 8192 -d 50Anyside does not know how data reaches the other side. It communicates with your transport mechanism via standard OS process execution. Your adapter (written in Python, Bash, etc.) must handle two commands:
- Transmission (TX):
adapter_cmd tx <base64_string>Your script must take the Base64 string and deliver it to the remote destination. Exit code0indicates success. - Reception (RX):
adapter_cmd rxExecuted continuously based on the polling delay (-d). Your script must fetch pending data and print the Base64 strings tostdoutseparated by newlines. Exit code0with empty output means no new data.
- Multiplexing: Supports concurrent connections over a single adapter channel via
conn_id. - Framing: 7-byte binary header (Magic Bytes, Command, Conn ID, Sequence, Length).
- Integrity: 4-byte CRC32 checksums drop corrupted frames (vital for unstable physical mediums like RF or Audio).
- Gateway: The client mode acts as a transparent SOCKS5 server for easy integration.
SockSlender and Anyside are designed to be composable.
- SockSlender provides the brain: Smart routing, DNS handling, process watchdogs, protocol multiplexing, and L3/L4 DPI desync.
- Anyside provides the covert pipe: Bypassing strict firewall whitelists by disguising the transport medium entirely.
Architecture Flow:
Browser -> SockSlender (DPI Desync / Routing) -> Anyside Client (SOCKS5) -> [Your Custom Text Adapter] -> Covert Medium -> Anyside Server -> Internet.