initial socks5 support

2026-04-04 20:58:17 +00:00 · 2025-04-13 00:44:32 +03:00
9 changed files with 210 additions and 236 deletions
--- a/README.md
+++ b/README.md
@@ -7,8 +7,6 @@ By default the application listens on 127.0.0.1:8080.

 Application is capable to forward traffic via proxies in datacenters (flag `-proxy-type direct`, default) or via peer proxies on residental IPs (consumer ISP) in that country (flag `-proxy-type lum`).

-This alternative implementation ensures your internet connection is not shared with anyone else and everything is clean and safe.
-
 ---

 :heart: :heart: :heart:
@@ -174,7 +172,7 @@ zagent248.hola.org,165.22.65.3,22222,22223,22224,22225,22226,digitalocean
 | list-proxies | - | output proxy list and exit |
 | proxy | String | sets base proxy to use for all dial-outs. Format: `<http\|https\|socks5\|socks5h>://[login:password@]host[:port]` Examples: `http://user:password@192.168.1.1:3128`, `socks5://10.0.0.1:1080` |
 | proxy-type | String | proxy type (Datacenter: direct) (Residential: lum) (default "direct") |
-| resolver | String | comma-separated list of DNS/DoH/DoT resolvers used to lookup domain names blocked by Hola. Supported schemes are: dns://, https://, tls://, tcp://. (default `https://1.1.1.3/dns-query,https://8.8.8.8/dns-query,https://dns.google/dns-query,https://security.cloudflare-dns.com/dns-query,https://fidelity.vm-0.com/q,https://wikimedia-dns.org/dns-query,https://dns.adguard-dns.com/dns-query,https://dns.quad9.net/dns-query,https://doh.cleanbrowsing.org/doh/adult-filter/`) |
+| resolver | String | DNS/DoH/DoT resolver to workaround Hola blocked hosts. See https://github.com/ameshkov/dnslookup/ for upstream DNS URL format. (default "https://cloudflare-dns.com/dns-query") |
 | rotate | Duration | rotate user ID once per given period (default 48h0m0s) |
 | timeout | Duration | timeout for network operations (default 35s) |
 | user-agent | String | value of User-Agent header in requests. Default: User-Agent of latest stable Chrome for Windows |
--- a/go.mod
+++ b/go.mod
@@ -1,21 +1,40 @@
 module github.com/Snawoot/hola-proxy

-go 1.24.4
+go 1.24.1
+
+toolchain go1.24.2

 require (
+	github.com/AdguardTeam/dnsproxy v0.75.2
+	github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5
 	github.com/campoy/unique v0.0.0-20180121183637-88950e537e7e
 	github.com/cenkalti/backoff/v4 v4.3.0
 	github.com/google/uuid v1.6.0
-	github.com/hashicorp/go-multierror v1.1.1
-	github.com/ncruces/go-dns v1.2.7
-	github.com/refraction-networking/utls v1.8.0
-	golang.org/x/net v0.43.0
+	github.com/miekg/dns v1.1.65
+	github.com/refraction-networking/utls v1.6.7
+	golang.org/x/net v0.39.0
 )

 require (
-	github.com/andybalholm/brotli v1.2.0 // indirect
-	github.com/hashicorp/errwrap v1.1.0 // indirect
+	github.com/AdguardTeam/golibs v0.32.7 // indirect
+	github.com/ameshkov/dnscrypt/v2 v2.4.0 // indirect
+	github.com/ameshkov/dnsstamps v1.0.3 // indirect
+	github.com/andybalholm/brotli v1.1.1 // indirect
+	github.com/cloudflare/circl v1.6.1 // indirect
+	github.com/go-task/slim-sprig/v3 v3.0.0 // indirect
+	github.com/google/pprof v0.0.0-20250403155104-27863c87afa6 // indirect
 	github.com/klauspost/compress v1.18.0 // indirect
-	golang.org/x/crypto v0.41.0 // indirect
-	golang.org/x/sys v0.35.0 // indirect
+	github.com/onsi/ginkgo/v2 v2.23.4 // indirect
+	github.com/quic-go/qpack v0.5.1 // indirect
+	github.com/quic-go/quic-go v0.50.1 // indirect
+	go.uber.org/automaxprocs v1.6.0 // indirect
+	go.uber.org/mock v0.5.1 // indirect
+	golang.org/x/crypto v0.37.0 // indirect
+	golang.org/x/exp v0.0.0-20250408133849-7e4ce0ab07d0 // indirect
+	golang.org/x/mod v0.24.0 // indirect
+	golang.org/x/sync v0.13.0 // indirect
+	golang.org/x/sys v0.32.0 // indirect
+	golang.org/x/text v0.24.0 // indirect
+	golang.org/x/tools v0.32.0 // indirect
+	google.golang.org/protobuf v1.36.6 // indirect
 )
--- a/go.sum
+++ b/go.sum
@@ -1,27 +1,78 @@
-github.com/andybalholm/brotli v1.2.0 h1:ukwgCxwYrmACq68yiUqwIWnGY0cTPox/M94sVwToPjQ=
-github.com/andybalholm/brotli v1.2.0/go.mod h1:rzTDkvFWvIrjDXZHkuS16NPggd91W3kUSvPlQ1pLaKY=
+github.com/AdguardTeam/dnsproxy v0.75.2 h1:bciOkzQh/GG8vcZGdFn6+rS3pu+2Npt9tbA4bNA/rsc=
+github.com/AdguardTeam/dnsproxy v0.75.2/go.mod h1:U/ouLftmXMIrkTAf8JepqbPuoQzsbXJo0Vxxn+LAdgA=
+github.com/AdguardTeam/golibs v0.32.7 h1:3dmGlAVgmvquCCwHsvEl58KKcRAK3z1UnjMnwSIeDH4=
+github.com/AdguardTeam/golibs v0.32.7/go.mod h1:bE8KV1zqTzgZjmjFyBJ9f9O5DEKO717r7e57j1HclJA=
+github.com/ameshkov/dnscrypt/v2 v2.4.0 h1:if6ZG2cuQmcP2TwSY+D0+8+xbPfoatufGlOQTMNkI9o=
+github.com/ameshkov/dnscrypt/v2 v2.4.0/go.mod h1:WpEFV2uhebXb8Jhes/5/fSdpmhGV8TL22RDaeWwV6hI=
+github.com/ameshkov/dnsstamps v1.0.3 h1:Srzik+J9mivH1alRACTbys2xOxs0lRH9qnTA7Y1OYVo=
+github.com/ameshkov/dnsstamps v1.0.3/go.mod h1:Ii3eUu73dx4Vw5O4wjzmT5+lkCwovjzaEZZ4gKyIH5A=
+github.com/andybalholm/brotli v1.1.1 h1:PR2pgnyFznKEugtsUo0xLdDop5SKXd5Qf5ysW+7XdTA=
+github.com/andybalholm/brotli v1.1.1/go.mod h1:05ib4cKhjx3OQYUY22hTVd34Bc8upXjOLL2rKwwZBoA=
+github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio=
+github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs=
 github.com/campoy/unique v0.0.0-20180121183637-88950e537e7e h1:V9a67dfYqPLAvzk5hMQOXYJlZ4SLIXgyKIE+ZiHzgGQ=
 github.com/campoy/unique v0.0.0-20180121183637-88950e537e7e/go.mod h1:9IOqJGCPMSc6E5ydlp5NIonxObaeu/Iub/X03EKPVYo=
 github.com/cenkalti/backoff/v4 v4.3.0 h1:MyRJ/UdXutAwSAT+s3wNd7MfTIcy71VQueUuFK343L8=
 github.com/cenkalti/backoff/v4 v4.3.0/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE=
+github.com/cloudflare/circl v1.6.1 h1:zqIqSPIndyBh1bjLVVDHMPpVKqp8Su/V+6MeDzzQBQ0=
+github.com/cloudflare/circl v1.6.1/go.mod h1:uddAzsPgqdMAYatqJ0lsjX1oECcQLIlRpzZh3pJrofs=
+github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
+github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY=
+github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
+github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI=
+github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8=
+github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8=
+github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU=
+github.com/google/pprof v0.0.0-20250403155104-27863c87afa6 h1:BHT72Gu3keYf3ZEu2J0b1vyeLSOYI8bm5wbJM/8yDe8=
+github.com/google/pprof v0.0.0-20250403155104-27863c87afa6/go.mod h1:boTsfXsheKC2y+lKOCMpSfarhxDeIzfZG1jqGcPl3cA=
 github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
 github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
-github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I=
-github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
-github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo=
-github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM=
 github.com/klauspost/compress v1.18.0 h1:c/Cqfb0r+Yi+JtIEq73FWXVkRonBlf0CRNYc8Zttxdo=
 github.com/klauspost/compress v1.18.0/go.mod h1:2Pp+KzxcywXVXMr50+X0Q/Lsb43OQHYWRCY2AiWywWQ=
-github.com/ncruces/go-dns v1.2.7 h1:NMA7vFqXUl+nBhGFlleLyo2ni3Lqv3v+qFWZidzRemI=
-github.com/ncruces/go-dns v1.2.7/go.mod h1:SqmhVMBd8Wr7hsu3q6yTt6/Jno/xLMrbse/JLOMBo1Y=
-github.com/refraction-networking/utls v1.8.0 h1:L38krhiTAyj9EeiQQa2sg+hYb4qwLCqdMcpZrRfbONE=
-github.com/refraction-networking/utls v1.8.0/go.mod h1:jkSOEkLqn+S/jtpEHPOsVv/4V4EVnelwbMQl4vCWXAM=
+github.com/miekg/dns v1.1.65 h1:0+tIPHzUW0GCge7IiK3guGP57VAw7hoPDfApjkMD1Fc=
+github.com/miekg/dns v1.1.65/go.mod h1:Dzw9769uoKVaLuODMDZz9M6ynFU6Em65csPuoi8G0ck=
+github.com/onsi/ginkgo/v2 v2.23.4 h1:ktYTpKJAVZnDT4VjxSbiBenUjmlL/5QkBEocaWXiQus=
+github.com/onsi/ginkgo/v2 v2.23.4/go.mod h1:Bt66ApGPBFzHyR+JO10Zbt0Gsp4uWxu5mIOTusL46e8=
+github.com/onsi/gomega v1.36.3 h1:hID7cr8t3Wp26+cYnfcjR6HpJ00fdogN6dqZ1t6IylU=
+github.com/onsi/gomega v1.36.3/go.mod h1:8D9+Txp43QWKhM24yyOBEdpkzN8FvJyAwecBgsU4KU0=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/prashantv/gostub v1.1.0 h1:BTyx3RfQjRHnUWaGF9oQos79AlQ5k8WNktv7VGvVH4g=
+github.com/prashantv/gostub v1.1.0/go.mod h1:A5zLQHz7ieHGG7is6LLXLz7I8+3LZzsrV0P1IAHhP5U=
+github.com/quic-go/qpack v0.5.1 h1:giqksBPnT/HDtZ6VhtFKgoLOWmlyo9Ei6u9PqzIMbhI=
+github.com/quic-go/qpack v0.5.1/go.mod h1:+PC4XFrEskIVkcLzpEkbLqq1uCoxPhQuvK5rH1ZgaEg=
+github.com/quic-go/quic-go v0.50.1 h1:unsgjFIUqW8a2oopkY7YNONpV1gYND6Nt9hnt1PN94Q=
+github.com/quic-go/quic-go v0.50.1/go.mod h1:Vim6OmUvlYdwBhXP9ZVrtGmCMWa3wEqhq3NgYrI8b4E=
+github.com/refraction-networking/utls v1.6.7 h1:zVJ7sP1dJx/WtVuITug3qYUq034cDq9B2MR1K67ULZM=
+github.com/refraction-networking/utls v1.6.7/go.mod h1:BC3O4vQzye5hqpmDTWUqi4P5DDhzJfkV1tdqtawQIH0=
+github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA=
+github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
 github.com/xyproto/randomstring v1.0.5 h1:YtlWPoRdgMu3NZtP45drfy1GKoojuR7hmRcnhZqKjWU=
 github.com/xyproto/randomstring v1.0.5/go.mod h1:rgmS5DeNXLivK7YprL0pY+lTuhNQW3iGxZ18UQApw/E=
-golang.org/x/crypto v0.41.0 h1:WKYxWedPGCTVVl5+WHSSrOBT0O8lx32+zxmHxijgXp4=
-golang.org/x/crypto v0.41.0/go.mod h1:pO5AFd7FA68rFak7rOAGVuygIISepHftHnr8dr6+sUc=
-golang.org/x/net v0.43.0 h1:lat02VYK2j4aLzMzecihNvTlJNQUq316m2Mr9rnM6YE=
-golang.org/x/net v0.43.0/go.mod h1:vhO1fvI4dGsIjh73sWfUVjj3N7CA9WkKJNQm2svM6Jg=
-golang.org/x/sys v0.35.0 h1:vz1N37gP5bs89s7He8XuIYXpyY0+QlsKmzipCbUtyxI=
-golang.org/x/sys v0.35.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
+go.uber.org/automaxprocs v1.6.0 h1:O3y2/QNTOdbF+e/dpXNNW7Rx2hZ4sTIPyybbxyNqTUs=
+go.uber.org/automaxprocs v1.6.0/go.mod h1:ifeIMSnPZuznNm6jmdzmU3/bfk01Fe2fotchwEFJ8r8=
+go.uber.org/mock v0.5.1 h1:ASgazW/qBmR+A32MYFDB6E2POoTgOwT509VP0CT/fjs=
+go.uber.org/mock v0.5.1/go.mod h1:ge71pBPLYDk7QIi1LupWxdAykm7KIEFchiOqd6z7qMM=
+golang.org/x/crypto v0.37.0 h1:kJNSjF/Xp7kU0iB2Z+9viTPMW4EqqsrywMXLJOOsXSE=
+golang.org/x/crypto v0.37.0/go.mod h1:vg+k43peMZ0pUMhYmVAWysMK35e6ioLh3wB8ZCAfbVc=
+golang.org/x/exp v0.0.0-20250408133849-7e4ce0ab07d0 h1:R84qjqJb5nVJMxqWYb3np9L5ZsaDtB+a39EqjV0JSUM=
+golang.org/x/exp v0.0.0-20250408133849-7e4ce0ab07d0/go.mod h1:S9Xr4PYopiDyqSyp5NjCrhFrqg6A5zA2E/iPHPhqnS8=
+golang.org/x/mod v0.24.0 h1:ZfthKaKaT4NrhGVZHO1/WDTwGES4De8KtWO0SIbNJMU=
+golang.org/x/mod v0.24.0/go.mod h1:IXM97Txy2VM4PJ3gI61r1YEk/gAj6zAHN3AdZt6S9Ww=
+golang.org/x/net v0.39.0 h1:ZCu7HMWDxpXpaiKdhzIfaltL9Lp31x/3fCP11bc6/fY=
+golang.org/x/net v0.39.0/go.mod h1:X7NRbYVEA+ewNkCNyJ513WmMdQ3BineSwVtN2zD/d+E=
+golang.org/x/sync v0.13.0 h1:AauUjRAJ9OSnvULf/ARrrVywoJDy0YS2AwQ98I37610=
+golang.org/x/sync v0.13.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
+golang.org/x/sys v0.32.0 h1:s77OFDvIQeibCmezSnk/q6iAfkdiQaJi4VzroCFrN20=
+golang.org/x/sys v0.32.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
+golang.org/x/text v0.24.0 h1:dd5Bzh4yt5KYA8f9CJHCP4FB4D51c2c6JvN37xJJkJ0=
+golang.org/x/text v0.24.0/go.mod h1:L8rBsPeo2pSS+xqN0d5u2ikmjtmoJbDBT1b7nHvFCdU=
+golang.org/x/time v0.11.0 h1:/bpjEDfN9tkoN/ryeYHnv5hcMlc8ncjMcM4XBk5NWV0=
+golang.org/x/time v0.11.0/go.mod h1:CDIdPxbZBQxdj6cxyCIdrNogrJKMJ7pr37NYpMcMDSg=
+golang.org/x/tools v0.32.0 h1:Q7N1vhpkQv7ybVzLFtTjvQya2ewbwNDZzUgfXGqtMWU=
+golang.org/x/tools v0.32.0/go.mod h1:ZxrU41P/wAbZD8EDa6dDCa6XfpkhJ7HFMjHJXfBDu8s=
+google.golang.org/protobuf v1.36.6 h1:z1NpPI8ku2WgiWnf+t9wTPsn6eP1L7ksHUlkfLvd9xY=
+google.golang.org/protobuf v1.36.6/go.mod h1:jduwjTPXsFjZGTmRluh+L6NjiWu7pchiJ2/5YcXBHnY=
+gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
+gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
--- a/handler.go
+++ b/handler.go
@@ -19,7 +19,7 @@ type ProxyHandler struct {
 	auth          AuthProvider
 }

-func NewProxyHandler(dialer, requestDialer ContextDialer, auth AuthProvider, resolver LookupNetIPer, logger *CondLogger) *ProxyHandler {
+func NewProxyHandler(dialer, requestDialer ContextDialer, auth AuthProvider, resolver *Resolver, logger *CondLogger) *ProxyHandler {
 	dialer = NewRetryDialer(dialer, resolver, logger)
 	httptransport := &http.Transport{
 		Proxy: func(_ *http.Request) (*url.URL, error) {
--- a/holaapi.go
+++ b/holaapi.go
@@ -260,7 +260,7 @@ func zgettunnels(ctx context.Context,
 	params.Add("uuid", user_uuid)
 	params.Add("session_key", strconv.FormatInt(session_key, 10))
 	params.Add("is_premium", "0")
-	data, err := do_req(ctx, client, "POST", ZGETTUNNELS_URL, params, nil)
+	data, err := do_req(ctx, client, "", ZGETTUNNELS_URL, params, nil)
 	if err != nil {
 		reterr = err
 		return
--- a/main.go
+++ b/main.go
@@ -1,14 +1,11 @@
 package main

 import (
-	"bytes"
 	"context"
 	"crypto/x509"
-	"encoding/csv"
 	"errors"
 	"flag"
 	"fmt"
-	"io"
 	"io/ioutil"
 	"log"
 	"net"
@@ -50,47 +47,17 @@ func arg_fail(msg string) {
 	os.Exit(2)
 }

-type CSVArg struct {
-	values []string
-}
-
-func (a *CSVArg) String() string {
-	if len(a.values) == 0 {
-		return ""
-	}
-	buf := new(bytes.Buffer)
-	wr := csv.NewWriter(buf)
-	wr.Write(a.values)
-	wr.Flush()
-	return strings.TrimRight(buf.String(), "\n")
-}
-
-func (a *CSVArg) Set(line string) error {
-	rd := csv.NewReader(strings.NewReader(line))
-	rd.FieldsPerRecord = -1
-	rd.TrimLeadingSpace = true
-	values, err := rd.Read()
-	if err == io.EOF {
-		a.values = nil
-		return nil
-	}
-	if err != nil {
-		return fmt.Errorf("unable to parse comma-separated argument: %w", err)
-	}
-	a.values = values
-	return nil
-}
-
 type CLIArgs struct {
 	extVer                                  string
 	country                                 string
 	list_countries, list_proxies, use_trial bool
 	limit                                   uint
 	bind_address                            string
+	socksMode                               bool
 	verbosity                               int
 	timeout, rotate                         time.Duration
 	proxy_type                              string
-	resolver                                *CSVArg
+	resolver                                string
 	force_port_field                        string
 	showVersion                             bool
 	proxy                                   string
@@ -105,22 +72,8 @@ type CLIArgs struct {
 	userAgent                               *string
 }

-func parse_args() *CLIArgs {
-	args := &CLIArgs{
-		resolver: &CSVArg{
-			values: []string{
-				"https://1.1.1.3/dns-query",
-				"https://8.8.8.8/dns-query",
-				"https://dns.google/dns-query",
-				"https://security.cloudflare-dns.com/dns-query",
-				"https://fidelity.vm-0.com/q",
-				"https://wikimedia-dns.org/dns-query",
-				"https://dns.adguard-dns.com/dns-query",
-				"https://dns.quad9.net/dns-query",
-				"https://doh.cleanbrowsing.org/doh/adult-filter/",
-			},
-		},
-	}
+func parse_args() CLIArgs {
+	var args CLIArgs
 	flag.StringVar(&args.extVer, "ext-ver", "", "extension version to mimic in requests. "+
 		"Can be obtained from https://chrome.google.com/webstore/detail/hola-vpn-the-website-unbl/gkojfkhlekighikafcpjkiklfbnlmeio")
 	flag.StringVar(&args.force_port_field, "force-port-field", "", "force specific port field/num (example 24232 or lum)") // would be nice to not show in help page
@@ -128,7 +81,8 @@ func parse_args() *CLIArgs {
 	flag.BoolVar(&args.list_countries, "list-countries", false, "list available countries and exit")
 	flag.BoolVar(&args.list_proxies, "list-proxies", false, "output proxy list and exit")
 	flag.UintVar(&args.limit, "limit", 3, "amount of proxies in retrieved list")
-	flag.StringVar(&args.bind_address, "bind-address", "127.0.0.1:8080", "HTTP proxy listen address")
+	flag.StringVar(&args.bind_address, "bind-address", "127.0.0.1:8080", "proxy listen address")
+	flag.BoolVar(&args.socksMode, "socks-mode", false, "listen for SOCKS requests instead of HTTP")
 	flag.IntVar(&args.verbosity, "verbosity", 20, "logging verbosity "+
 		"(10 - debug, 20 - info, 30 - warning, 40 - error, 50 - critical)")
 	flag.DurationVar(&args.timeout, "timeout", 35*time.Second, "timeout for network operations")
@@ -139,10 +93,9 @@ func parse_args() *CLIArgs {
 	flag.DurationVar(&args.initRetryInterval, "init-retry-interval", 5*time.Second, "delay between initialization retries")
 	flag.StringVar(&args.proxy_type, "proxy-type", "direct", "proxy type: direct or lum") // or skip but not mentioned
 	// skip would be used something like this: `./bin/hola-proxy -proxy-type skip -force-port-field 24232 -country ua.peer` for debugging
-	flag.Var(args.resolver, "resolver",
-		"comma-separated list of DNS/DoH/DoT resolvers used to lookup domain names blocked by Hola. "+
-			"Supported schemes are: dns://, https://, tls://, tcp://. "+
-			"Example: https://1.1.1.1/dns-query,tls://9.9.9.9:853")
+	flag.StringVar(&args.resolver, "resolver", "https://cloudflare-dns.com/dns-query",
+		"DNS/DoH/DoT resolver to workaround Hola blocked hosts. "+
+			"See https://github.com/ameshkov/dnslookup/ for upstream DNS URL format.")
 	flag.BoolVar(&args.use_trial, "dont-use-trial", false, "use regular ports instead of trial ports") // would be nice to not show in help page
 	flag.BoolVar(&args.showVersion, "version", false, "show program version and exit")
 	flag.StringVar(&args.proxy, "proxy", "", "sets base proxy to use for all dial-outs. "+
@@ -188,6 +141,8 @@ func run() int {
 	proxyLogger := NewCondLogger(log.New(logWriter, "PROXY   : ",
 		log.LstdFlags|log.Lshortfile),
 		args.verbosity)
+	socksLogger := log.New(logWriter, "SOCKS   : ",
+		log.LstdFlags|log.Lshortfile)

 	var dialer ContextDialer = &net.Dialer{
 		Timeout:   30 * time.Second,
@@ -296,7 +251,7 @@ func run() int {
 	}

 	mainLogger.Info("Constructing fallback DNS upstream...")
-	resolver, err := FastResolverFromURLs(args.resolver.values...)
+	resolver, err := NewResolver(args.resolver, args.timeout)
 	if err != nil {
 		mainLogger.Critical("Unable to instantiate DNS resolver: %v", err)
 		return 6
@@ -323,9 +278,19 @@ func run() int {
 	requestDialer := NewPlaintextDialer(endpoint.NetAddr(), endpoint.TLSName, caPool, args.hideSNI, dialer)
 	mainLogger.Info("Endpoint: %s", endpoint.URL().String())
 	mainLogger.Info("Starting proxy server...")
-	handler := NewProxyHandler(handlerDialer, requestDialer, auth, resolver, proxyLogger)
-	mainLogger.Info("Init complete.")
-	err = http.ListenAndServe(args.bind_address, handler)
+	if args.socksMode {
+		socks, initError := NewSocksServer(handlerDialer, socksLogger)
+		if initError != nil {
+			mainLogger.Critical("Failed to start: %v", err)
+			return 6
+		}
+		mainLogger.Info("Init complete.")
+		err = socks.ListenAndServe("tcp", args.bind_address)
+	} else {
+		handler := NewProxyHandler(handlerDialer, requestDialer, auth, resolver, proxyLogger)
+		mainLogger.Info("Init complete.")
+		err = http.ListenAndServe(args.bind_address, handler)
+	}
 	mainLogger.Critical("Server terminated with a reason: %v", err)
 	mainLogger.Info("Shutting down...")
 	return 0
--- a/resolver.go
+++ b/resolver.go
@@ -1,140 +1,83 @@
 package main

 import (
-	"context"
-	"errors"
-	"fmt"
-	"net"
-	"net/netip"
-	"net/url"
-	"strings"
+	"time"

-	"github.com/hashicorp/go-multierror"
-	"github.com/ncruces/go-dns"
+	"github.com/AdguardTeam/dnsproxy/upstream"
+	"github.com/miekg/dns"
 )

-func FromURL(u string) (*net.Resolver, error) {
-	parsed, err := url.Parse(u)
+type Resolver struct {
+	upstream upstream.Upstream
+}
+
+const DOT = 0x2e
+
+func NewResolver(address string, timeout time.Duration) (*Resolver, error) {
+	opts := &upstream.Options{Timeout: timeout}
+	u, err := upstream.AddressToUpstream(address, opts)
 	if err != nil {
 		return nil, err
 	}
-	switch strings.ToLower(parsed.Scheme) {
-	case "", "dns":
-		host := parsed.Hostname()
-		port := parsed.Port()
-		if port == "" {
-			port = "53"
-		}
-		return NewPlainResolver(net.JoinHostPort(host, port)), nil
-	case "tcp":
-		host := parsed.Hostname()
-		port := parsed.Port()
-		if port == "" {
-			port = "53"
-		}
-		return NewTCPResolver(net.JoinHostPort(host, port)), nil
-	case "http", "https":
-		return dns.NewDoHResolver(u)
-	case "tls":
-		host := parsed.Hostname()
-		port := parsed.Port()
-		if port == "" {
-			port = "853"
-		}
-		return dns.NewDoTResolver(net.JoinHostPort(host, port))
-	default:
-		return nil, errors.New("not implemented")
+	return &Resolver{upstream: u}, nil
+}
+
+func (r *Resolver) ResolveA(domain string) []string {
+	res := make([]string, 0)
+	if len(domain) == 0 {
+		return res
 	}
-}
-
-type LookupNetIPer interface {
-	LookupNetIP(context.Context, string, string) ([]netip.Addr, error)
-}
-
-type FastResolver struct {
-	upstreams []LookupNetIPer
-}
-
-type lookupReply struct {
-	addrs []netip.Addr
-	err   error
-}
-
-func FastResolverFromURLs(urls ...string) (*FastResolver, error) {
-	resolvers := make([]LookupNetIPer, 0, len(urls))
-	for i, u := range urls {
-		res, err := FromURL(u)
-		if err != nil {
-			return nil, fmt.Errorf("unable to construct resolver #%d (%q): %w", i, u, err)
-		}
-		resolvers = append(resolvers, res)
+	if domain[len(domain)-1] != DOT {
+		domain = domain + "."
 	}
-	return NewFastResolver(resolvers...), nil
-}
-
-func NewFastResolver(resolvers ...LookupNetIPer) *FastResolver {
-	return &FastResolver{
-		upstreams: resolvers,
+	req := dns.Msg{}
+	req.Id = dns.Id()
+	req.RecursionDesired = true
+	req.Question = []dns.Question{
+		{Name: domain, Qtype: dns.TypeA, Qclass: dns.ClassINET},
 	}
-}
-
-func (r FastResolver) LookupNetIP(ctx context.Context, network, host string) ([]netip.Addr, error) {
-	ctx, cl := context.WithCancel(ctx)
-	drain := make(chan lookupReply, len(r.upstreams))
-	for _, res := range r.upstreams {
-		go func(res LookupNetIPer) {
-			addrs, err := res.LookupNetIP(ctx, network, host)
-			drain <- lookupReply{addrs, err}
-		}(res)
+	reply, err := r.upstream.Exchange(&req)
+	if err != nil {
+		return res
 	}
-
-	i := 0
-	var resAddrs []netip.Addr
-	var resErr error
-	for ; i < len(r.upstreams); i++ {
-		pair := <-drain
-		if pair.err != nil {
-			resErr = multierror.Append(resErr, pair.err)
-		} else {
-			cl()
-			resAddrs = pair.addrs
-			resErr = nil
-			break
+	for _, rr := range reply.Answer {
+		if a, ok := rr.(*dns.A); ok {
+			res = append(res, a.A.String())
 		}
 	}
-	go func() {
-		for i = i + 1; i < len(r.upstreams); i++ {
-			<-drain
+	return res
+}
+
+func (r *Resolver) ResolveAAAA(domain string) []string {
+	res := make([]string, 0)
+	if len(domain) == 0 {
+		return res
+	}
+	if domain[len(domain)-1] != DOT {
+		domain = domain + "."
+	}
+	req := dns.Msg{}
+	req.Id = dns.Id()
+	req.RecursionDesired = true
+	req.Question = []dns.Question{
+		{Name: domain, Qtype: dns.TypeAAAA, Qclass: dns.ClassINET},
+	}
+	reply, err := r.upstream.Exchange(&req)
+	if err != nil {
+		return res
+	}
+	for _, rr := range reply.Answer {
+		if a, ok := rr.(*dns.AAAA); ok {
+			res = append(res, a.AAAA.String())
 		}
-	}()
-	return resAddrs, resErr
+	}
+	return res
 }

-func NewPlainResolver(addr string) *net.Resolver {
-	return &net.Resolver{
-		PreferGo: true,
-		Dial: func(ctx context.Context, network, _ string) (net.Conn, error) {
-			return (&net.Dialer{
-				Resolver: &net.Resolver{},
-			}).DialContext(ctx, network, addr)
-		},
-	}
-}
-
-func NewTCPResolver(addr string) *net.Resolver {
-	return &net.Resolver{
-		PreferGo: true,
-		Dial: func(ctx context.Context, network, _ string) (net.Conn, error) {
-			dnet := "tcp"
-			switch network {
-			case "udp4":
-				dnet = "tcp4"
-			case "udp6":
-				dnet = "tcp6"
-			}
-			return (&net.Dialer{
-				Resolver: &net.Resolver{},
-			}).DialContext(ctx, dnet, addr)
-		},
+func (r *Resolver) Resolve(domain string) []string {
+	res := r.ResolveA(domain)
+	if len(res) == 0 {
+		res = r.ResolveAAAA(domain)
 	}
+	return res
 }
--- a/retry.go
+++ b/retry.go
@@ -2,17 +2,16 @@ package main

 import (
 	"context"
-	"fmt"
 	"net"
 )

 type RetryDialer struct {
 	dialer   ContextDialer
-	resolver LookupNetIPer
+	resolver *Resolver
 	logger   *CondLogger
 }

-func NewRetryDialer(dialer ContextDialer, resolver LookupNetIPer, logger *CondLogger) *RetryDialer {
+func NewRetryDialer(dialer ContextDialer, resolver *Resolver, logger *CondLogger) *RetryDialer {
 	return &RetryDialer{
 		dialer:   dialer,
 		resolver: resolver,
@@ -29,30 +28,12 @@ func (d *RetryDialer) DialContext(ctx context.Context, network, address string)
 			return conn, err
 		}

-		var resolveNetwork string
-		switch network {
-		case "udp4", "tcp4", "ip4":
-			resolveNetwork = "ip4"
-		case "udp6", "tcp6", "ip6":
-			resolveNetwork = "ip6"
-		case "udp", "tcp", "ip":
-			resolveNetwork = "ip"
-		default:
-			return nil, fmt.Errorf("resolving dial %q: unsupported network %q", address, network)
-		}
-		resolved, err := d.resolver.LookupNetIP(ctx, resolveNetwork, host)
-		if err != nil {
-			return nil, fmt.Errorf("dial failed on address lookup: %w", err)
+		ips := d.resolver.Resolve(host)
+		if len(ips) == 0 {
+			return conn, err
 		}

-		var conn net.Conn
-		for _, ip := range resolved {
-			conn, err = d.dialer.DialContext(ctx, network, net.JoinHostPort(ip.String(), port))
-			if err == nil {
-				return conn, nil
-			}
-		}
-		return nil, fmt.Errorf("failed to dial %s: %w", address, err)
+		return d.dialer.DialContext(ctx, network, net.JoinHostPort(ips[0], port))
 	}
 	return conn, err
 }
--- a/socks_handler.go
+++ b/socks_handler.go
@@ -0,0 +1,17 @@
+package main
+
+import (
+	"log"
+
+	"github.com/armon/go-socks5"
+)
+
+func NewSocksServer(dialer ContextDialer, logger *log.Logger) (*socks5.Server, error) {
+	return socks5.New(&socks5.Config{
+		Rules: &socks5.PermitCommand{
+			EnableConnect: true,
+		},
+		Logger: logger,
+		Dial:   dialer.DialContext,
+	})
+}