SockSlender & Anyside

June 15, 2026 · View on GitHub

Composable Proxy Routing, Network Manipulation, and Transport-Agnostic Tunneling Suite

This repository contains two specialized networking tools written in V. Together, they provide a composable framework for managing proxy chains, manipulating packets at the network and application layers, and tunneling traffic over customizable external transport channels.

Part 1: SockSlender

Lightweight, multi-protocol proxy router & chain manager with network manipulation

SockSlender is a programmable proxy multiplexer. It combines multiple proxy servers into routing chains with path selection, automatic failover, and smart server selection. It intercepts connections, applies network-layer manipulations, and routes traffic through the optimal path.

Quick Install

apt update -y && apt install -y git clang make && if ! command -v v >/dev/null 2>&1; then git clone --depth=1 https://github.com/vlang/v && cd v && make && ./v symlink && cd ..; fi && git clone --depth=1 https://github.com/tailsmails/sockslender && cd sockslender && v -enable-globals -prod sockslender.v -o sockslender && ln -sf $(pwd)/sockslender $PREFIX/bin/sockslender

Core Capabilities

Multi-Protocol: SOCKS5 (Full TCP & UDP Associate support), HTTP CONNECT, DNS (UDP Forwarding).
Authentication: Username/Password support for both local listeners and upstream proxies.
Chain Architecture: Connect unlimited proxies sequentially using +.
Macros & Mid-Chain Listeners: Save chain segments as variables (-xNAME), or spawn listeners mid-chain (-x).
Multi-Box Routing: Run completely isolated proxy instances inside a single process using ::.
Dynamic Proxychains Integration: Automatically generates isolated configuration files to wrap background commands via proxychains over specified upstream nodes (-in).
Zero Dependencies: Single static binary. Auto-tunes File Descriptor (FD) limits on Linux/macOS.

Path Optimization & Machine Learning Engine

SockSlender implements an adaptive decision engine to maintain stable routing under dynamic network conditions:

Evasion Model (Multi-Armed Bandit): Uses an Upper Confidence Bound (UCB) exploration-exploitation algorithm with dynamic decay to choose the optimal proxy chain path based on real-time performance.
Deep Neural Network Watchdog: Features a 3-layer Neural Network (21-unit input vector, 48 and 24-unit hidden layers with Swish activation, and an input attention weight layer) that predicts the stability of path variations.
Feature Integration: Inputs include tokenized command n-grams, moving averages of throughput (BPS), packet size metrics, estimated jitter, and historic latency/success counts.
Experience Replay Buffer: Stores the last 100 interaction states and trains the model continuously in mini-batches to optimize adaptation speed.

Resilient Connection Hedging & Request Queuing

Adaptive Hedging: Initiates up to 6 parallel connection attempts (--hedge <delay_ms>) when network conditions or chain scores degrade, utilizing the first successful path and gracefully cleaning up late-arriving sockets.
Asynchronous Request Queue: When all pathways fail or are congested, client connections are held in a resilient, size-limited queue instead of being dropped immediately. It retries pending requests up to 15 times before returning an error to the client.

Resource Guarding & Socket Janitor

Socket Monitoring: A dedicated SocketMonitor tracks active sockets, warning the operator when limits are near.
TCP Keepalive Tuning: Automatically applies custom TCP socket tuning (Keepidle, Keepintvl, Keepcnt) on Unix platforms to quickly detect dead sockets.
Automated Janitor & Emergency Cleanup: Runs a background garbage collection thread to terminate idle or stalled connections. If socket consumption reaches 90% of the limit, an emergency routine forcefully reclaims older or queued resources to preserve system stability.

CLI Reference

Flag	Function	Example
`-l URI`	Add listener	`-l socks5://user:pass@0.0.0.0:1080`
`-u CHAIN`	Add global upstream	`-u socks5://a:1010+socks5://b:2020`
`-i CHAIN`	Add isolated chain	`-i proxy:1010+-xsocks5://0.0.0.0:2020`
`-o CHAIN`	Append to all chains	`-o socks5://exit:9050`
`-in CHAIN`	Define input proxy chain for Watchdog wrapping	`-in socks5://127.0.0.1:9050`
`--hedge MS`	Adjust hedging delay (minimum 50ms)	`--hedge 150`
`::`	Isolate Boxes	`-l ... -u ... :: -l ... -u ...`

Script Engine (L7 / L3)

Rules are injected directly into the URI between ? markers (e.g., socks5://proxy:1080?l3:ttl=64?).

L7: Payload Byte Patching (Cross-Platform)

Modify payload bytes unconditionally, conditionally (if/el), or via AOB pattern matching.

?0-1=0505? (Unconditional patch)
?3-3=01 if 0-1=0500 el 7-7=FF? (If/Else patch)
?1603__01 if 2-2=03? (AOB pattern match with wildcards __)

L3: Network Layer (Linux/macOS)

Control IP/TCP header behaviors via system socket options.

No Root: ttl (Time to Live), tos (DSCP/QoS), df (Don't Fragment), nodelay (TCP_NODELAY), keepalive, delay (simulated delay).
Root Required: mark (iptables fwmark), bind (force interface, e.g., tun0), tproxy.

Processing Pipeline

TCP Connect
L3 Tuning: Apply socket options (setsockopt for TTL, TOS, MARK, BIND, NODELAY, and Keepalives) based on parsed L3 script rules.
Protocol Handshake: Execute SOCKS5/HTTP negotiations.
Relay Loop:
- Apply L7 byte patches/AOB matching on data packets passing through the relay.
- Continuously update the UCB bandit stats and feed real-time performance indicators (BPS, packet size) back to the Neural Network.

Part 2: Anyside

Transport-Agnostic Covert Tunneling Protocol

While SockSlender handles L3/L4 routing and packet manipulation, Anyside completely detaches standard networking from the underlying transport medium. It accepts standard TCP/SOCKS5 connections, multiplexes them, wraps the payloads in CRC-verified Base64 frames, and delegates the physical transmission to user-defined external adapters.

If you can move a string of text from point A to point B (via Telegram bots, DNS TXT records, audio FSK, or writing to a USB drive), Anyside can tunnel a full TCP connection over it.

Quick Start

Build the binary:

v -prod -cc gcc anyside.v

Run Server (Target Environment):

./anyside -m server -e "python3 adapter.py" -c 8192 -d 50

Run Client (Local Environment):

./anyside -m client -l 127.0.0.1:1080 -e "python3 adapter.py" -c 8192 -d 50

The Adapter Contract

Anyside does not manage transmission logic directly. It communicates with your transport mechanism via standard OS process execution. Your adapter (written in Python, Bash, Go, etc.) must handle two commands:

Transmission (TX): adapter_cmd tx <base64_string> Your script must take the Base64 string and deliver it to the remote destination. Exit code 0 indicates success.
Reception (RX): adapter_cmd rx Executed continuously based on the polling delay (-d). Your script must fetch pending data and print the Base64 strings to stdout separated by newlines. Exit code 0 with empty output means no new data.

Protocol Mechanics

Multiplexing: Supports concurrent connections over a single adapter channel via conn_id.
Framing: 7-byte binary header (Magic Bytes, Command, Conn ID, Sequence, Length).
Integrity: 4-byte CRC32 checksums drop corrupted frames (vital for unstable physical mediums like RF or Audio).
Gateway: The client mode acts as a transparent SOCKS5 server for easy integration.

Synergy: Combining Both Tools

SockSlender and Anyside are designed to be composable.

SockSlender provides the logic: Smart routing, DNS handling, process watchdogs, protocol multiplexing, and network/application-layer manipulation.
Anyside provides the covert pipe: Bypassing strict firewall whitelists by disguising the transport medium entirely.

Architecture Flow: Browser -> SockSlender (Routing / Byte Patching) -> Anyside Client (SOCKS5) -> [Your Custom Text Adapter] -> Covert Medium -> Anyside Server -> Internet.