mirror of
https://github.com/klzgrad/naiveproxy.git
synced 2024-11-27 15:56:09 +03:00
96 lines
2.9 KiB
Plaintext
96 lines
2.9 KiB
Plaintext
|
Usage: naive --listen=... --proxy=...
|
||
|
naive [/path/to/config.json]
|
||
|
|
||
|
Description:
|
||
|
|
||
|
naive is a proxy that transports traffic in Chromium's pattern.
|
||
|
It works as both a proxy client and a proxy server or together.
|
||
|
|
||
|
Options in the form of `naive --listen=... --proxy=...` can also be
|
||
|
specified using a JSON file:
|
||
|
|
||
|
{
|
||
|
"listen": "...",
|
||
|
"proxy": "..."
|
||
|
}
|
||
|
|
||
|
Uses "config.json" by default if run without arguments.
|
||
|
|
||
|
Options:
|
||
|
|
||
|
-h, --help
|
||
|
|
||
|
Shows help message.
|
||
|
|
||
|
--version
|
||
|
|
||
|
Prints version.
|
||
|
|
||
|
--listen=<proto>://[addr][:port]
|
||
|
--listen=socks://[[user]:[pass]@][addr][:port]
|
||
|
|
||
|
Listens at addr:port with protocol <proto>.
|
||
|
|
||
|
Available proto: socks, http, redir.
|
||
|
Default proto, addr, port: socks, 0.0.0.0, 1080.
|
||
|
|
||
|
* http: Supports only proxying https:// URLs, no http://.
|
||
|
|
||
|
* redir: Works with certain iptables setup.
|
||
|
|
||
|
(Redirecting locally originated traffic)
|
||
|
iptables -t nat -A OUTPUT -d $proxy_server_ip -j RETURN
|
||
|
iptables -t nat -A OUTPUT -p tcp -j REDIRECT --to-ports 1080
|
||
|
|
||
|
(Redirecting forwarded traffic on a router)
|
||
|
iptables -t nat -A PREROUTING -p tcp -j REDIRECT --to-ports 1080
|
||
|
|
||
|
Also activates a DNS resolver on the same UDP port. Similar iptables
|
||
|
rules can redirect DNS queries to this resolver. The resolver returns
|
||
|
artificial addresses that are translated back to the original domain
|
||
|
names in proxy requests and then resolved remotely.
|
||
|
|
||
|
The artificial results are not saved for privacy, so restarting the
|
||
|
resolver may cause downstream to cache stale results.
|
||
|
|
||
|
--proxy=<proto>://<user>:<pass>@<hostname>[:<port>]
|
||
|
|
||
|
Routes traffic via the proxy server. Connects directly by default.
|
||
|
Available proto: https, quic. Infers port by default.
|
||
|
|
||
|
--insecure-concurrency=<N>
|
||
|
|
||
|
Use N concurrent tunnel connections to be more robust under bad network
|
||
|
conditions. More connections make the tunneling easier to detect and less
|
||
|
secure. This project strives for the strongest security against traffic
|
||
|
analysis. Using it in an insecure way defeats its purpose.
|
||
|
|
||
|
If you must use this, try N=2 first to see if it solves your issues.
|
||
|
Strongly recommend against using more than 4 connections here.
|
||
|
|
||
|
--extra-headers=...
|
||
|
|
||
|
Appends extra headers in requests to the proxy server.
|
||
|
Multiple headers are separated by CRLF.
|
||
|
|
||
|
--host-resolver-rules="MAP proxy.example.com 1.2.3.4"
|
||
|
|
||
|
Statically resolves a domain name to an IP address.
|
||
|
|
||
|
--resolver-range=CIDR
|
||
|
|
||
|
Uses this range in the builtin resolver. Default: 100.64.0.0/10.
|
||
|
|
||
|
--log=[<path>]
|
||
|
|
||
|
Saves log to the file at <path>. If path is empty, prints to
|
||
|
console. No log is saved or printed by default for privacy.
|
||
|
|
||
|
--log-net-log=<path>
|
||
|
|
||
|
Saves NetLog. View at https://netlog-viewer.appspot.com/.
|
||
|
|
||
|
--ssl-key-log-file=<path>
|
||
|
|
||
|
Saves SSL keys for Wireshark inspection.
|