hoerzu - a small eavesdropping TCP proxy

hoerzu is a TCP relay/proxy between a remote server and clients. There are two kinds of clients:

  1. Bidirectional: Clients doing two-way communication with the remote server over the hoerzu proxy.
  2. Eavesdropping: Clients listening to the data comming from the remote server. Traffic from the bidirectional clients is not recorded.

Each connected bidirectional client starts a session. A session has exactly one bidirectional client. Eavesdropping clients can connect or disconnect to or from a session to follow the traffic send from the remote server to the bidirectional client. A session is killed when the connection to the bidirectional is cut or the remote server cuts the connection to the hoerzu server.


You need a working Go build environment (Tested successfully with Go 1.9+).

go get -u -v

Place the resulting hoerzu binary into your PATH.


To see all options use the -h/--help flag:

   hoerzu - A simple eavesdropping TCP proxy server.

   hoerzu [global options] command [command options] [arguments...]


     help, h  Shows a list of commands or help for one command

   --remote HOST          remote HOST to connect to (default: "localhost")
   --remote-port PORT     remote PORT to connect to (default: 8080)
   --listen HOST          listen HOST (default: "localhost")
   --listen-port PORT     listen PORT (default: 8899)
   --eavesdrop HOST       eavesdrop HOST (default: "localhost")
   --eavesdrop-port PORT  eavesdrop PORT (default: 8889)
   --timeout DURATION     DURATION before disconnecting a stale client. 0s: no timeout (default: 0s)
   --log-level LEVEL      Log LEVEL: debug, info, warn, error, fatal, panic (default: "info")
   --log-file FILE        write log in FILE
   --load FILE            load configuration from FILE
   --help, -h             show help
   --version, -v          print the version

The options can be stored in a TOML file and used with the --load flag.
See example.toml for an example.


Some preliminary measurements.


(c) 2017 Intevation GmbH. Development sponsored by Siemens AG.
This is Free Software covered by the terms of the Apache 2 license.
See LICENSE for details.

Expand ▾ Collapse ▴




This section is empty.


This section is empty.


func Dial

func Dial(addr string, port int) (net.Conn, error)

    Dial establish a connection to a TCP server given by address addr and port port.

    func LogFile

    func LogFile(file string)

      LogFile directs logging from this package to the given file. An empty string redirects the logging to os.Stderr.

      func LogLevel

      func LogLevel(lvl string)

        LogLevel set the package log level.

        func StartServer

        func StartServer(addr string, port int, handler func(net.Conn)) (net.Listener, error)

          StartServer starts an TCP server on a given address addr and port port. Accepted connections are forward to a given handler handler.


          type Proxy

          type Proxy struct {
          	// contains filtered or unexported fields

            Proxy manages the life-cycle of the listening servers of the system and spawns new sessions if new bi-directional clients connect to it.

            func NewProxy

            func NewProxy(options ...ProxyOption) *Proxy

              NewProxy create a new proxy configured with options options.

              func (*Proxy) ListenAndServe

              func (p *Proxy) ListenAndServe() error

                ListenAndServe starts the configured proxy p. This method blocks until p is stopped by calling shutdown.

                func (*Proxy) Shutdown

                func (p *Proxy) Shutdown()

                  Shutdown terminates the proxy p.

                  type ProxyOption

                  type ProxyOption func(*Proxy)

                    ProxyOption are an encapsulation of configuration options appliable to the proxy.

                    func ProxyEavesdropAddr

                    func ProxyEavesdropAddr(addr string) ProxyOption

                      ProxyEavesdropAddr configures the address the eavesdroppers can connect to.

                      func ProxyEavesdropPort

                      func ProxyEavesdropPort(port int) ProxyOption

                        ProxyEavesdropPort configures the port of eavesdroppers can connect to.

                        func ProxyListenAddr

                        func ProxyListenAddr(addr string) ProxyOption

                          ProxyListenAddr configures the address the bidirectional clients can connect to.

                          func ProxyListenPort

                          func ProxyListenPort(port int) ProxyOption

                            ProxyListenPort configures the port the bidirectional clients can connect to.

                            func ProxyServerAddr

                            func ProxyServerAddr(addr string) ProxyOption

                              ProxyServerAddr configures the address of the remote host to connect to.

                              func ProxyServerPort

                              func ProxyServerPort(port int) ProxyOption

                                ProxyServerPort configures the port of the remote host to connect to.

                                func ProxyTimeout

                                func ProxyTimeout(d time.Duration) ProxyOption

                                  ProxyTimeout configures the duration to wait until write to a client fails.


                                  Path Synopsis
                                  This is Free Software covered by the terms of the Apache 2.0 license.
                                  This is Free Software covered by the terms of the Apache 2.0 license.