LinkSocks is a SOCKS proxy implementation over WebSocket protocol.
LinkSocks is a secure SOCKS5 proxy over WebSocket. It allows you to traverse firewalls and complex network topologies by tunneling traffic through standard web connections.
Its architecture allows you to hide the proxy server behind a WAF or CDN (like Cloudflare). By disguising proxy traffic as normal HTTPS requests, it protects the server's real IP address and evades deep packet inspection.
Crucially, it supports Serverless Intranet Penetration (compatible with Cloudflare Workers). This allows you to bridge two private networks securely without a dedicated VPS. Since both the user and the internal resource actively connect to the serverless cloud relay, you can access your home or office network without a public IP or opening any risky inbound ports.
📖 Documentation: https://linksocks.github.io
- Forward, reverse and agent proxy modes.
- Round-robin load balancing for reverse proxy.
- SOCKS proxy authentication support.
- IPv6 & UDP over SOCKS5 support.
- Robust code driven by comprehensive tests.
- Command-line usage, API server, and library integration.
- Serverless relay server supported by Cloudflare Worker.
- Distributed HTTP backend.
- Bypassing CAPTCHA using client-side proxies.
- Secure intranet penetration, using CDN network.
As great examples, see these projects: LinkTerm and Cloudflyer.
# Server Side: Start server with WebSocket on port 8765
linksocks server -t example_token
# Client Side: Connect to server and provide SOCKS5 proxy on port 9870
linksocks client -t example_token -u ws://localhost:8765 -p 9870
# Test the proxy
curl --socks5 127.0.0.1:9870 http://httpbin.org/ip# Server Side: Start server with SOCKS5 proxy on port 9870
linksocks server -t example_token -r -p 9870
# Client Side: Connect as network provider
linksocks client -t example_token -u ws://localhost:8765 -r
# Test the proxy
curl --socks5 127.0.0.1:9870 http://httpbin.org/ip# Server Side: Start server with both provider and connector tokens
linksocks server -t provider_token -c connector_token -p 9870 -r
# Provider Side: Connect as network provider
linksocks provider -t provider_token -u ws://localhost:8765
# Connector Side: Connect to use the proxy
linksocks connector -t connector_token -u ws://localhost:8765 -p 1180
# Test the proxy
curl --socks5 127.0.0.1:1180 http://httpbin.org/ip# Server Side: Start server in autonomy mode
linksocks server -t provider_token -r -a
# Provider Side: Provider sets its own connector token
linksocks provider -t provider_token -c my_connector_token -u ws://localhost:8765
# Connector Side: Use the specific connector token to access this provider
linksocks connector -t my_connector_token -u ws://localhost:8765 -p 1180You can also use our public server (for autonomy mode proxy) at ws://l.zetx.tech:
# Provider Side: Provider sets its own connector token
linksocks provider -c my_connector_token -u l.zetx.tech
# Connector Side: Use the specific connector token to access this provider
linksocks connector -t my_connector_token -u l.zetx.tech -p 1180If you are using the public server, please use a complex token, as anyone holding the token can connect to your service.
Use the following linux command to generate a complex token:
openssl rand -hex 16go install github.com/linksocks/linksocks/cmd/linksocks@latestOr download pre-built binaries from releases page.
docker run --rm -it jackzzs/linksocks --helppip install linksocksThe python version is a wrapper of the Golang implementation. See: Python Bindings.
A pure python version with basic support is also available . See Pywssocks.
LinkSocks server (for autonomy mode proxy) can be hosted on Cloudflare Worker, see: linksocks/linksocks.js
The linksocks.js version is a lite version and does not contain API functionality.
LinkSocks server provides an HTTP API for dynamic token management:
# Start server with API enabled
linksocks server --api-key your_api_keyFor detailed API usage and examples, see: HTTP API
LinkSocks is open source under the MIT license.