DEV Community: shadowy-pycoder

GoHPTS (go-http-proxy-to-socks) v1.14.0: now with HTTP/2, HTTP/3 and Wireshark-ready pcap capture

shadowy-pycoder — Fri, 22 May 2026 06:56:57 +0000

I added HTTP/2, HTTP/3, and pcap capture support to GoHPTS, my open-source Go proxy tool. It already supported transparent proxy, ARP/NDP spoofing, and DNS spoofing - now you can also dump traffic directly to a pcap file. Repository and implementation details below:

HTTP2/HTTP3 support

GoHPTS proxy handles HTTP/1.1, HTTP/2, and HTTP/3 requests using the same server address and TLS certificate. This allows clients to automatically choose the best available protocol without changing configuration. TLS certificate can be obtained in several ways: cloud providers (Google, AWS, Cloudflare), free certificate from Let's Encrypt, or you can create self-signed certificate using openssl (Linux/macOS) or New-SelfSignedCertificate (Windows).

Example setup using self-signed certificate:

Create key.pem and cert.pem files:

  openssl req -x509 -newkey rsa:2048 \
  -keyout key.pem \
  -out cert.pem \
  -sha256 \
  -days 365 \
  -nodes \
  -subj "/C=XX/ST=StateName/L=CityName/O=CompanyName/OU=CompanySectionName/CN=127.0.0.1" \
  -addext "subjectAltName=IP:127.0.0.1"

Prepare socks5 server with UDP ASSOCIATE support

  git clone https://github.com/wzshiming/socks5.git && cd socks5
  go build -o socks5_server ./cmd/socks5/main.go
  ./bin/socks5_server -a 0.0.0.0:1080

Open another terminal and install GoHPTS proxy:

  go install github.com/shadowy-pycoder/go-http-proxy-to-socks/cmd/gohpts@latest

Finally:
1. Create minimal config for your proxy

  # gohpts_config.yaml
  http_server:
    enabled: true
    address: 127.0.0.1:8080
    cert_file: ./cert.pem
    key_file: ./key.pem

  proxy_list:
    - address: 127.0.0.1:1080

  logging:
    debug: true

  sniffing:
    enabled: true
    body: true

Run the proxy:

  gohpts -f ./gohpts_config.yaml

Or if you prefer command line arguments:

  gohpts -l :8080 -s 1080 -c ./cert.pem -k ./key.pem -d -sniff -body

You should see something like that:

    [15:20:32] INF SOCKS5 Proxy: 127.0.0.1:1080
    [15:20:32] INF HTTPS Proxy: 127.0.0.1:8080
    [15:20:32] INF HTTP3 Proxy (QUIC): 127.0.0.1:8080

Test connection

For HTTP/2 proxy server you can use curl:

    curl -Nvk --http2 --proxy-insecure --proxy-http2 --proxy https://localhost:8080 "https://stream.wikimedia.org/v2/stream/recentchange"

Press Ctrl+C to stop running stream.

For HTTP/3 it is different since (at the time of writing) curl doesn't support HTTP3 proxy, so I will use my custom client I created for testing purposes.

Download and install Simple HTTP3 to SOCKS5 proxy example:

  git clone https://github.com/shadowy-pycoder/http3-socks-proxy.git && cd http3-socks-proxy
  make

Run the following command:

  ./bin/client -a 127.0.0.1:8080 www.google.com

You should see some gibberish resembling HTML page.

Go to terminal tab with GoHPTS proxy and check logs, you should see all your requests there.

Test connection in a browser

Create proper self-signed ceritificate for browser:

  git clone https://github.com/shadowy-pycoder/go-http-proxy-to-socks.git
  cd go-http-proxy-to-socks
  cp ./resources/makecert.sh makecert.sh && chmod +x makecert.sh
  ./makecert.sh

More information can be found here: Creating a browser trusted, self signed, SSL certificate

Add newly created rootCA.crt to system trust store:
1. Debian/Ubuntu:

  sudo cp rootCA.crt /usr/local/share/ca-certificates/rootCA.crt
  sudo update-ca-certificates

Arch Linux/CachyOS/EndeavourOS:

  sudo trust anchor rootCA.crt

Run the proxy using server.crt and server.key:

  gohpts -l :8080 -s 1080 -c ./server.crt -k ./server.key -d -sniff -body

Run the browser and go to any website:

  chromium --proxy-server="https://127.0.0.1:8080"

Packet Capture

Traffic can be captured into pcap, pcapng or custom txt formats and later analyzed with tools like Wireshark, tcpdump and many others.

First, make sure GoHPTS executable has elevated privileges to be able to capture raw packets, you have two options:

Run sudo setcap cap_net_raw+ep ~/go/bin/gohpts one time to give proxy raw traffic access
Run proxy with sudo when you need to specify -pcap flag in CLI or pcap.enabled in file configuration.

Configure proxy using CLI:

gohpts -pcap "promisc true;timeout 10s;exts txt,pcap,pcapng"

Configuration file:

pcap:
  enabled: true
  settings: "promisc true;expr ip proto tcp;snaplen 65535;timeout 10s;packet_count 100;packet_buffer 8192;exts txt,pcap,pcapng"

These commands produce three packet capture files with corresponding formats that later can be analyzed by various tools.

For more information about pcap options see gohpts -h and https://github.com/shadowy-pycoder/mshark

Capture files can be opened and analyzed by special tools like Wireshark, they can also be converted to JSON/XML format to be analyzed and summarized by LLMs.

Other features

Proxy Chain functionality\
Supports strict, dynamic, random, round_robin chains of SOCKS5 proxy
Transparent proxy\
Supports redirect (SO_ORIGINAL_DST) and tproxy (IP_TRANSPARENT) modes
TCP and UDP Transparent proxy\
tproxy (IP_TRANSPARENT) handles TCP and UDP traffic
Traffic sniffing\
Proxy is able to parse HTTP headers, TLS handshake, DNS messages and more
ARP spoofing\
Proxy entire subnets with ARP spoofing approach
NDP spoofing\
Proxy IPv6 connections using Router/Neighbor Advertisement and RDNSS injections.
DNS spoofing\
Redirect clients to arbitrary domains using DNS records manipulation
Lightweight and Fast\
Designed with minimal overhead and efficient request handling.
Cross-Platform\
Compatible with all major operating systems.

Links:

https://github.com/shadowy-pycoder/mshark

https://codeberg.org/shadowy-pycoder/mshark

Simple Markdown HTML Viever for Terminal and Neovim

shadowy-pycoder — Thu, 05 Jun 2025 03:18:47 +0000

First we need to install pandoc from their official GitHub:

cd ~/Downloads && wget -N https://github.com/jgm/pandoc/releases/download/3.7.0.2/pandoc-3.7.0.2-1-amd64.deb && \
sudo dpkg -i pandoc-3.7.0.2-1-amd64.deb

Create assets directory for pandoc and put some css files in here:

mkdir -p ~/.local/share/pandoc/ && wget http://a-dma.github.io/gruvbox-css/gruvbox-dark-medium.min.css -O ~/.local/share/pandoc/gruvbox-dark-medium.min.css

Create an executable:

tee ~/.local/bin/md << EOF 
pandoc $1 --highlight-style zenburn -s -c ~/.local/share/pandoc/gruvbox-dark-medium.min.css.css -o /tmp/pandocRenderedMarkdown.html
xdg-open /tmp/pandocRenderedMarkdown.html
EOF

Make sure ~/.local/bin in your PATH

chmod +x ~/.local/bin/md

Create desktop application:

tee ~/.local/share/applications/md.desktop << EOF 
[Desktop Entry]
Encoding=UTF-8
Version=1.0
Type=Application
NoDisplay=true
Exec='/home/$USER/.local/bin/md' %f
Name=Markdown Viever
Comment=Markdown Viever
Categories=Development;Code;
EOF

Finally, edit mimelist:

vi ~/.config/mimeapps.list

Like that:

Confirm that it works:

which md
# ~/.local/bin/md

md README.md
# Should appear in your browser

xdg-open README.md
# Should appear in your browser

Result should be similar to this:

How to use it in NeoVim?
Install NvimTree
Open your project and you will see file tree on the left.
Press s on any md file and it will be opened in a browser.

pyya - The way to manage YAML config in your Python project

shadowy-pycoder — Fri, 13 Dec 2024 13:34:19 +0000

Imagine you have a file like this in your project:

# config.yaml
database:   
    host: localhost
    port: 5432
    username: postgres
    password: postgres

To parse this dot yaml configuration file in Python you usually do this:

import yaml # pip install PyYAML

with open("config.yaml", encoding='utf-8') as fstream:
    config_yaml = yaml.safe_load(fstream)

To create Javascript-like objects from resulting dictionary you probably add the following:

from munch import munchify # pip install munch

config = munchify(config_yaml)

pyya does that automatically with one function:

from pyya import init_config

config = init_config(
    'config.yaml', 'default.config.yaml', 
    merge_configs = False,
    convert_keys_to_snake_case = False,
    add_underscore_prefix_to_keywords = False
    raise_error_non_identifiers = False)
print(config.database)

# Output:
# Munch({"host": "localhost", "port": 5432, "username": "postgres", "password": "postgres"})

What about all these flags?

merge_configs if set to True, compares config.yaml with default.config.yaml (or whatever names or paths you specify) and adds to the former all the fields that are not present in the latter. If set to False disables all merging and all formatting done by the rest of the flags.

convert_keys_to_snake_case is kinda self-explanatory because it simply makes configuration keys look pythonic. However, this flag may break some settings like logging configuration.

add_underscore_prefix_to_keywords if configuration key is also Python keyword, it will add underscore in front of it (class becomes _class). It allows attribute access work better.

raise_error_non_identifiers if configuration key is also non-valid Python identificator, it will raise error.

You can install pyya like this:

pip install pyya

Contributions and suggestions are welcome: https://github.com/shadowy-pycoder/pyya

goso: Stack Overflow CLI search tool written in Go

shadowy-pycoder — Thu, 28 Nov 2024 18:16:15 +0000

If you want to get answers to your programming questions without ever leaving convinient Terminal, then you should try goso which stands for “Golang Stack Overflow”. It is available on Github: goso repo where you can find all necessary installation instructions to make it running on your machine.

Here is little demonstration how it looks like.

Run a command:

goso  -l go -s onedark -q 1 -a 1 Sort maps in Go

Get your answer in a less than a second:

If you like this project, please give it a star or contribute to make it better.