Skip to content
/ snirect Public

A transparent proxy designed to bypass SNI-based censorship (SNI RST).

License

MIT license
2 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

xihale/snirect

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

15 Commits
.github/workflows
.github/workflows
 
 
cmd/snirect
cmd/snirect
 
 
internal
internal
 
 
scripts
scripts
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 

Repository files navigation

Snirect

Snirect is a transparent HTTP/HTTPS proxy designed to bypass SNI-based censorship (SNI RST). Go implementation of Accesser (Python).

Cross-Platform: Linux · macOS · Windows

📚 Dataset Source

Domain rules and configuration data are sourced from Cealing-Host.

🚀 Quick Start (Simple)

Just want to get started? Run these commands:

Linux / macOS

# One-time setup
./snirect install

# Start proxy and enable system proxy
snirect -s

Windows (PowerShell as Administrator)

# One-time setup
.\snirect.exe install

# Start proxy and enable system proxy
snirect.exe -s

That's it! Your system is now using Snirect to bypass SNI-based blocking.

To stop: Press Ctrl+C to stop the proxy, and your system proxy will be automatically cleared.

📋 Command Reference

Quick Command What it does
snirect -s Start proxy + enable system proxy (simplest way)
snirect status Check if everything is working
snirect install Install binary and service
snirect uninstall Complete removal

🔧 Advanced Usage

Click to expand advanced topics

Installation Options

Option 1: From Release (Recommended)

Linux:

chmod +x snirect-linux-amd64
./snirect-linux-amd64 install

macOS:

chmod +x snirect-darwin-arm64
./snirect-darwin-arm64 install

Windows (PowerShell as Administrator):

.\snirect-windows-amd64.exe install

Option 2: From Source

git clone https://github.com/xihale/snirect.git
cd snirect
make install

What install does:

  • Linux: Copies to ~/.local/bin, creates systemd user service
  • macOS: Copies to /usr/local/bin, creates launchd service
  • Windows: Copies to %LOCALAPPDATA%\Programs\snirect, creates scheduled task

注意: 首次运行 (snirect -s) 会自动安装 CA 证书,也可以手动运行 snirect install-cert。安装证书后,你 必须重启 浏览器(如 Chrome, Firefox)或相关应用,代理才能正常生效。

Running Methods

Method 1: Service (Recommended for daily use)

Linux (systemd):

systemctl --user start snirect    # Start
systemctl --user stop snirect     # Stop
systemctl --user status snirect   # Check status
journalctl --user -u snirect -f   # View logs

macOS (launchd):

launchctl start com.snirect.proxy
launchctl stop com.snirect.proxy
tail -f ~/Library/Logs/snirect.log

Windows (Task Scheduler):

schtasks /Run /TN Snirect
schtasks /End /TN Snirect

Method 2: Direct (For testing or temporary use)

snirect              # Run with defaults
snirect -s           # Run and auto-set system proxy
snirect --help       # See all options

Proxy Configuration

System-wide (Persistent)

snirect set-proxy     # Enable
snirect unset-proxy   # Disable

Current Terminal Only (Temporary)

# Linux / macOS
eval $(snirect proxy-env)

# Windows CMD
FOR /F %i IN ('snirect.exe proxy-env') DO %i

# Windows PowerShell
& snirect.exe proxy-env | Invoke-Expression

Certificate Management

snirect cert-status      # Check if CA is installed
snirect install-cert     # Install CA certificate
snirect uninstall-cert   # Remove CA certificate

All Available Commands

Command Aliases Description
install i, setup Install binary and service
uninstall rm, remove Full system cleanup
status Check proxy/CA/service status
set-proxy sp Enable system proxy
unset-proxy up Disable system proxy
install-cert ic, install-ca Install root CA
uninstall-cert uc, uninstall-ca Remove root CA
cert-status cs, ca-status Check CA installation
proxy-env Print shell proxy settings
reset-config Reset config to defaults
completion Shell completion scripts
env Check system environment

Configuration

Config file location:

  • Linux/macOS: ~/.config/snirect/config.toml
  • Windows: %APPDATA%\snirect\config.toml

Key options:

  • check_hostname: Certificate verification (default: false for compatibility)
  • ipv6: Enable IPv6 support (default: true)
  • importca: Auto-install CA cert - "auto", "always", or "never"
  • server.port: Proxy port (default: 7654)

Rules

Snirect uses rules to determine which domains need SNI modification. Default rules are integrated from Cealing-Host.

Rule files:

  • ~/.config/snirect/rules.toml — Domain rules
  • ~/.config/snirect/config.toml — DNS configuration

To update rules:

make update-rules

⚠️ Security Note

Some rules (Google/YouTube) use third-party public proxy IPs that require check_hostname = false. This has MITM risks. For better security:

  1. Use your own trusted proxy IPs
  2. Monitor the TODO list for GGC IP updates
  3. Consider contributing verified IPs

🛠️ Troubleshooting

Issue Solution
"Certificate warnings in browser" 运行 snirect install-cert 并重启浏览器
"tls: unknown certificate" CA 证书安装失败或缓存未刷新。请尝试重启应用,或检查系统证书管理器中是否存在相应证书。
"Port already in use" Change server.port in config.toml
"Proxy not working" Run snirect status to check
"Can't access some sites" Check rules.toml or run make update-rules

Credits

Inspired by Accesser (Python) by URenko.

About

A transparent proxy designed to bypass SNI-based censorship (SNI RST).

Resources

Readme

License

MIT license
Activity

Stars

2 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

2 tags

Packages

No packages published

Languages