-
Notifications
You must be signed in to change notification settings - Fork 885
/
USAGE.txt
112 lines (73 loc) · 3.68 KB
/
USAGE.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
Usage: naive --listen=... --proxy=...
naive [/path/to/config.json]
Description:
naive is a proxy that transports traffic in Chromium's pattern.
It works as both a proxy client and a proxy server or together.
Options in the form of `naive --listen=... --proxy=...` can also be
specified using a JSON file:
{
"listen": "...",
"proxy": "..."
}
Specifying a flag multiple times on the command line is equivalent to
having an array of multiple strings in the JSON file.
Uses "config.json" by default if run without arguments.
Options:
-h, --help
Shows help message.
--version
Prints version.
--listen=LISTEN-URI
LISTEN-URI = <LISTEN-PROTO>"://"[<USER>":"<PASS>"@"][<ADDR>][":"<PORT>]
LISTEN-PROTO = "socks" | "http" | "redir"
Listens at addr:port with protocol <LISTEN-PROTO>.
Can be specified multiple times to listen on multiple ports.
Default proto, addr, port: socks, 0.0.0.0, 1080.
Note: redir requires specific iptables rules and uses no authentication.
(Redirecting locally originated traffic)
iptables -t nat -A OUTPUT -d $proxy_server_ip -j RETURN
iptables -t nat -A OUTPUT -p tcp -j REDIRECT --to-ports 1080
(Redirecting forwarded traffic on a router)
iptables -t nat -A PREROUTING -p tcp -j REDIRECT --to-ports 1080
Also activates a DNS resolver on the same UDP port. Similar iptables
rules can redirect DNS queries to this resolver. The resolver returns
artificial addresses that are translated back to the original domain
names in proxy requests and then resolved remotely.
The artificial results are not saved for privacy, so restarting the
resolver may cause downstream to cache stale results.
--proxy=PROXY
PROXY = PROXY-CHAIN | SOCKS-PROXY
PROXY-CHAIN = <PROXY-URI>[","<PROXY-CHAIN>]
PROXY-URI = <PROXY-PROTO>"://"[<USER>":"<PASS>"@"]<HOSTNAME>[":"<PORT>]
PROXY-PROTO = "http" | "https" | "quic"
SOCKS-PROXY = "socks://"<HOSTNAME>[":"<PORT>]
Routes traffic via the proxy chain.
The default proxy is directly connection without proxying.
The last PROXY-URI is negotiated automatically for Naive padding.
Limitations:
* QUIC proxies cannot follow TCP-based proxies in a proxy chain.
* The user needs to ensure there is no loop in the proxy chain.
* SOCKS proxies do not support chaining, authentication, or Naive padding.
--insecure-concurrency=<N>
Use N concurrent tunnel connections to be more robust under bad network
conditions. More connections make the tunneling easier to detect and less
secure. This project strives for the strongest security against traffic
analysis. Using it in an insecure way defeats its purpose.
If you must use this, try N=2 first to see if it solves your issues.
Strongly recommend against using more than 4 connections here.
--extra-headers=...
Appends extra headers in requests to the proxy server.
Multiple headers are separated by CRLF.
--host-resolver-rules="MAP proxy.example.com 1.2.3.4"
Statically resolves a domain name to an IP address.
--resolver-range=CIDR
Uses this range in the builtin resolver. Default: 100.64.0.0/10.
--log=[<path>]
Saves log to the file at <path>. If path is empty, prints to
console. No log is saved or printed by default for privacy.
--log-net-log=<path>
Saves NetLog. View at https://netlog-viewer.appspot.com/.
--ssl-key-log-file=<path>
Saves SSL keys for Wireshark inspection.
--no-post-quantum
Overrides the default and disables post-quantum key agreement.