mirror of
https://github.com/klzgrad/naiveproxy.git
synced 2024-12-01 01:36:09 +03:00
113 lines
3.7 KiB
Plaintext
113 lines
3.7 KiB
Plaintext
|
Usage: naive --listen=... --proxy=...
|
||
|
naive [/path/to/config.json]
|
||
|
|
||
|
Description:
|
||
|
|
||
|
naive is a proxy that transports traffic in Chromium's pattern.
|
||
|
It works as both a proxy client and a proxy server or together.
|
||
|
|
||
|
Options in the form of `naive --listen=... --proxy=...` can also be
|
||
|
specified using a JSON file:
|
||
|
|
||
|
{
|
||
|
"listen": "...",
|
||
|
"proxy": "..."
|
||
|
}
|
||
|
|
||
|
Specifying a flag multiple times on the command line is equivalent to
|
||
|
having an array of multiple strings in the JSON file.
|
||
|
|
||
|
Uses "config.json" by default if run without arguments.
|
||
|
|
||
|
Options:
|
||
|
|
||
|
-h, --help
|
||
|
|
||
|
Shows help message.
|
||
|
|
||
|
--version
|
||
|
|
||
|
Prints version.
|
||
|
|
||
|
--listen=LISTEN-URI
|
||
|
|
||
|
LISTEN-URI = <LISTEN-PROTO>"://"[<USER>":"<PASS>"@"][<ADDR>][":"<PORT>]
|
||
|
LISTEN-PROTO = "socks" | "http" | "redir"
|
||
|
|
||
|
Listens at addr:port with protocol <LISTEN-PROTO>.
|
||
|
Can be specified multiple times to listen on multiple ports.
|
||
|
Default proto, addr, port: socks, 0.0.0.0, 1080.
|
||
|
|
||
|
Note: redir requires specific iptables rules and uses no authentication.
|
||
|
|
||
|
(Redirecting locally originated traffic)
|
||
|
iptables -t nat -A OUTPUT -d $proxy_server_ip -j RETURN
|
||
|
iptables -t nat -A OUTPUT -p tcp -j REDIRECT --to-ports 1080
|
||
|
|
||
|
(Redirecting forwarded traffic on a router)
|
||
|
iptables -t nat -A PREROUTING -p tcp -j REDIRECT --to-ports 1080
|
||
|
|
||
|
Also activates a DNS resolver on the same UDP port. Similar iptables
|
||
|
rules can redirect DNS queries to this resolver. The resolver returns
|
||
|
artificial addresses that are translated back to the original domain
|
||
|
names in proxy requests and then resolved remotely.
|
||
|
|
||
|
The artificial results are not saved for privacy, so restarting the
|
||
|
resolver may cause downstream to cache stale results.
|
||
|
|
||
|
--proxy=PROXY
|
||
|
|
||
|
PROXY = PROXY-CHAIN | SOCKS-PROXY
|
||
|
PROXY-CHAIN = <PROXY-URI>[","<PROXY-CHAIN>]
|
||
|
PROXY-URI = <PROXY-PROTO>"://"[<USER>":"<PASS>"@"]<HOSTNAME>[":"<PORT>]
|
||
|
PROXY-PROTO = "http" | "https" | "quic"
|
||
|
SOCKS-PROXY = "socks://"<HOSTNAME>[":"<PORT>]
|
||
|
|
||
|
Routes traffic via the proxy chain.
|
||
|
The default proxy is directly connection without proxying.
|
||
|
The last PROXY-URI is negotiated automatically for Naive padding.
|
||
|
Limitations:
|
||
|
* QUIC proxies cannot follow TCP-based proxies in a proxy chain.
|
||
|
* The user needs to ensure there is no loop in the proxy chain.
|
||
|
* SOCKS proxies do not support chaining, authentication, or Naive padding.
|
||
|
|
||
|
--insecure-concurrency=<N>
|
||
|
|
||
|
Use N concurrent tunnel connections to be more robust under bad network
|
||
|
conditions. More connections make the tunneling easier to detect and less
|
||
|
secure. This project strives for the strongest security against traffic
|
||
|
analysis. Using it in an insecure way defeats its purpose.
|
||
|
|
||
|
If you must use this, try N=2 first to see if it solves your issues.
|
||
|
Strongly recommend against using more than 4 connections here.
|
||
|
|
||
|
--extra-headers=...
|
||
|
|
||
|
Appends extra headers in requests to the proxy server.
|
||
|
Multiple headers are separated by CRLF.
|
||
|
|
||
|
--host-resolver-rules="MAP proxy.example.com 1.2.3.4"
|
||
|
|
||
|
Statically resolves a domain name to an IP address.
|
||
|
|
||
|
--resolver-range=CIDR
|
||
|
|
||
|
Uses this range in the builtin resolver. Default: 100.64.0.0/10.
|
||
|
|
||
|
--log=[<path>]
|
||
|
|
||
|
Saves log to the file at <path>. If path is empty, prints to
|
||
|
console. No log is saved or printed by default for privacy.
|
||
|
|
||
|
--log-net-log=<path>
|
||
|
|
||
|
Saves NetLog. View at https://netlog-viewer.appspot.com/.
|
||
|
|
||
|
--ssl-key-log-file=<path>
|
||
|
|
||
|
Saves SSL keys for Wireshark inspection.
|
||
|
|
||
|
--no-post-quantum
|
||
|
|
||
|
Overrides the default and disables post-quantum key agreement.
|