I made a golang socks5 proxy that routes traffic to different VPSes (or the default gateway) based on hostname, over mutual-TLS tunnels, authenticated using ed25519 keypairs shared out-of-band. The "client" and the "server" are the same piece of software, and there's a web UI for configuring the routes.

I made it to deal with internet censorship in the UK, where different sites have different optimal exit jurisdictions, and most sites work fine so I can avoid the extra hops where possible.

It also works well for video streaming sites with geofencing, since the geofence itself is usually implemented in the frontend rather than the CDN. So only the frontend traffic needs to be proxied, while the bulk CDN traffic doesn't need proxying at all.

Socks5 is the ideal layer for hostname-based routing, since the proxy can see DNS names without needing to sniff TLS SNI (which is incompatible with ESNI/ECH etc.)

iirc it was basically all done in a single prompt, and I've been using it ever since. The only issue I've encountered is with WebRTC not working properly with some services. (Presumably it breaks the NAT holepunching process or something, I never diagnosed it)

Another project that isn't quite finished is a "universal" web video downloader that works by shimming the MSE APIs and remuxing the streamed segments back into a regular video file. The idea is that if you can watch it, you can save it - including but not limited to youtube videos.