Windows-first desktop wrapper for the patterniha/MITM-DomainFronting Xray setup.
This app is intentionally explicit:
- It generates a unique CA certificate per Windows user/device.
- It never ships a shared CA private key.
- It asks the user to approve Windows certificate trust through UAC.
- It toggles the current Windows user proxy on/off.
- It starts/stops
xray.exewith the MITM-DomainFronting config.
Use this only on devices and traffic you are authorized to configure.
Install .NET 8 SDK, then:
cd mitm-domainfronting-windows
.\scripts\Build-Windows.ps1The app needs two runtime assets:
src/MITMDomainFronting.Windows/assets/xray/xray.exesrc/MITMDomainFronting.Windows/assets/xray/geoip.datsrc/MITMDomainFronting.Windows/assets/xray/geosite.datsrc/MITMDomainFronting.Windows/assets/MITM-DomainFronting.json
Download the Windows 64-bit Xray zip from:
Quick path:
.\scripts\Prepare-Assets.ps1 -XrayZip "C:\Downloads\Xray-windows-64.zip"The script downloads the latest MITM-DomainFronting config from the upstream repo and extracts xray.exe, geoip.dat, and geosite.dat from your Xray zip.
dotnet run --project src/MITMDomainFronting.Windows/MITMDomainFronting.Windows.csprojThen use the buttons in order:
- Generate device CA
- Install CA in Windows
- Press Connect
If the user no longer wants this device CA trusted, click Remove CA from Windows.
.\scripts\Build-Windows.ps1 -PublishInstall Inno Setup 6, then:
.\scripts\Build-Installer.ps1The setup .exe will be created in:
artifacts\installer\
The installer creates a Start Menu shortcut and a Desktop shortcut by default.
The upstream repository documents that the Windows setup uses v2rayN/Xray, a per-user certificate generated by xray.exe tls cert -ca -file=mycert, Windows trusted root installation, and the MITM-DomainFronting Xray config: