Skip to main content

What is paqet?

paqet is a bidirectional packet level proxy built using raw sockets. It forwards traffic from a local client to a remote server, bypassing the host operating system’s TCP/IP stack, using KCP for secure, reliable transport.
Development Status NoticeThis project is in active development. APIs, configuration formats, and interfaces may change without notice. Use with caution in production environments.

How It Works

paqet captures packets using pcap and injects crafted TCP packets containing encrypted transport data. KCP provides reliable, encrypted communication optimized for high-loss networks using aggressive retransmission, forward error correction, and symmetric encryption. 
[Your App] <------> [paqet Client] <===== Raw TCP Packet =====> [paqet Server] <------> [Target Server]
(e.g. curl)        (localhost:1080)        (Internet)          (Public IP:PORT)     (e.g. https://httpbin.org)

Key Features

Raw Packet-Level Proxy

Operates at the packet level using raw sockets, bypassing the host OS’s TCP/IP stack for granular control

KCP Transport

Reliable, encrypted communication optimized for high-loss networks with aggressive retransmission and forward error correction

SOCKS5 Proxy

Acts as a SOCKS5 proxy server, accepting connections from applications and dynamically forwarding them to any destination

Firewall Bypass

Bypasses firewalls that detect standard handshake protocols and kernel-level connection tracking

Cross-Platform

Supports Linux, macOS, and Windows with platform-specific optimizations

Network Security Research

Ideal for network security research and scenarios requiring packet-level control

Use Cases

paqet use cases include:
  • Bypassing firewalls that detect standard handshake protocols and kernel-level connection tracking
  • Network security research
  • Scenarios requiring granular control at the packet level
While more complex to configure than general-purpose VPN solutions, paqet offers granular control at the packet level.

Architecture

paqet uses pcap to hook in at a much lower level than traditional applications. It requests a copy of every packet directly from the network driver, before the main OS TCP/IP stack and firewall get to process it. This means traditional firewall rules (like ufw deny <PORT>) will have no effect on the proxy’s operation, as paqet receives and processes the packet before the firewall can block it.

Next Steps

Quickstart

Get up and running with paqet in minutes

Installation

Detailed installation instructions for all platforms

Build docs developers (and LLMs) love

Get started for freeTalk to us