2019-01-14 11:24:16 +03:00
|
|
|
Usage: naive --listen=... --proxy=...
|
|
|
|
naive [/path/to/config.json]
|
|
|
|
|
|
|
|
Description:
|
|
|
|
|
|
|
|
naive is a proxy that transports traffic in Chromium's pattern.
|
|
|
|
It works as both a proxy client and a proxy server or together.
|
|
|
|
|
|
|
|
Options in the form of `naive --listen=... --proxy=...` can also be
|
|
|
|
specified using a JSON file:
|
|
|
|
|
|
|
|
{
|
|
|
|
"listen": "...",
|
|
|
|
"proxy": "..."
|
|
|
|
}
|
|
|
|
|
|
|
|
`--listen` can be specified multiple times on the command line,
|
|
|
|
and can be either a string or an array of strings in the JSON file.
|
|
|
|
|
|
|
|
Uses "config.json" by default if run without arguments.
|
|
|
|
|
|
|
|
Options:
|
|
|
|
|
|
|
|
-h, --help
|
|
|
|
|
|
|
|
Shows help message.
|
|
|
|
|
|
|
|
--version
|
|
|
|
|
|
|
|
Prints version.
|
|
|
|
|
|
|
|
--listen=<proto>://[addr][:port]
|
|
|
|
--listen=socks://[[user]:[pass]@][addr][:port]
|
|
|
|
|
|
|
|
Listens at addr:port with protocol <proto>.
|
|
|
|
Can be specified multiple times to listen on multiple ports.
|
|
|
|
|
|
|
|
Available proto: socks, http, redir.
|
|
|
|
Default proto, addr, port: socks, 0.0.0.0, 1080.
|
|
|
|
|
|
|
|
* http: Supports only proxying https:// URLs, no http://.
|
|
|
|
|
|
|
|
* redir: Works with certain iptables setup.
|
|
|
|
|
|
|
|
(Redirecting locally originated traffic)
|
|
|
|
iptables -t nat -A OUTPUT -d $proxy_server_ip -j RETURN
|
|
|
|
iptables -t nat -A OUTPUT -p tcp -j REDIRECT --to-ports 1080
|
|
|
|
|
|
|
|
(Redirecting forwarded traffic on a router)
|
|
|
|
iptables -t nat -A PREROUTING -p tcp -j REDIRECT --to-ports 1080
|
|
|
|
|
|
|
|
Also activates a DNS resolver on the same UDP port. Similar iptables
|
|
|
|
rules can redirect DNS queries to this resolver. The resolver returns
|
|
|
|
artificial addresses that are translated back to the original domain
|
|
|
|
names in proxy requests and then resolved remotely.
|
|
|
|
|
|
|
|
The artificial results are not saved for privacy, so restarting the
|
|
|
|
resolver may cause downstream to cache stale results.
|
|
|
|
|
|
|
|
--proxy=<proto>://<user>:<pass>@<hostname>[:<port>]
|
|
|
|
|
|
|
|
Routes traffic via the proxy server. Connects directly by default.
|
|
|
|
Available proto: https, quic. Infers port by default.
|
|
|
|
|
|
|
|
--insecure-concurrency=<N>
|
|
|
|
|
|
|
|
Use N concurrent tunnel connections to be more robust under bad network
|
|
|
|
conditions. More connections make the tunneling easier to detect and less
|
|
|
|
secure. This project strives for the strongest security against traffic
|
|
|
|
analysis. Using it in an insecure way defeats its purpose.
|
|
|
|
|
|
|
|
If you must use this, try N=2 first to see if it solves your issues.
|
|
|
|
Strongly recommend against using more than 4 connections here.
|
|
|
|
|
|
|
|
--extra-headers=...
|
|
|
|
|
|
|
|
Appends extra headers in requests to the proxy server.
|
|
|
|
Multiple headers are separated by CRLF.
|
|
|
|
|
|
|
|
--host-resolver-rules="MAP proxy.example.com 1.2.3.4"
|
|
|
|
|
|
|
|
Statically resolves a domain name to an IP address.
|
|
|
|
|
|
|
|
--resolver-range=CIDR
|
|
|
|
|
|
|
|
Uses this range in the builtin resolver. Default: 100.64.0.0/10.
|
|
|
|
|
|
|
|
--log=[<path>]
|
|
|
|
|
|
|
|
Saves log to the file at <path>. If path is empty, prints to
|
|
|
|
console. No log is saved or printed by default for privacy.
|
|
|
|
|
|
|
|
--log-net-log=<path>
|
|
|
|
|
|
|
|
Saves NetLog. View at https://netlog-viewer.appspot.com/.
|
|
|
|
|
|
|
|
--ssl-key-log-file=<path>
|
|
|
|
|
|
|
|
Saves SSL keys for Wireshark inspection.
|
2024-05-04 19:51:53 +03:00
|
|
|
|
|
|
|
--no-post-quantum
|
|
|
|
|
|
|
|
Overrides the default and disables post-quantum key agreement.
|