Usage: naive --listen=... --proxy=... naive [/path/to/config.json] Description: naive is a proxy that transports traffic in Chromium's pattern. It works as both a proxy client and a proxy server or together. Options in the form of `naive --listen=... --proxy=...` can also be specified using a JSON file: { "listen": "...", "proxy": "..." } Uses "config.json" by default if run without arguments. Options: -h, --help Shows help message. --version Prints version. --listen=://[addr][:port] --listen=socks://[[user]:[pass]@][addr][:port] Listens at addr:port with protocol . Available proto: socks, http, redir. Default proto, addr, port: socks, 0.0.0.0, 1080. * http: Supports only proxying https:// URLs, no http://. * redir: Works with certain iptables setup. (Redirecting locally originated traffic) iptables -t nat -A OUTPUT -d $proxy_server_ip -j RETURN iptables -t nat -A OUTPUT -p tcp -j REDIRECT --to-ports 1080 (Redirecting forwarded traffic on a router) iptables -t nat -A PREROUTING -p tcp -j REDIRECT --to-ports 1080 Also activates a DNS resolver on the same UDP port. Similar iptables rules can redirect DNS queries to this resolver. The resolver returns artificial addresses that are translated back to the original domain names in proxy requests and then resolved remotely. The artificial results are not saved for privacy, so restarting the resolver may cause downstream to cache stale results. --proxy=://:@[:] Routes traffic via the proxy server. Connects directly by default. Available proto: https, quic. Infers port by default. --insecure-concurrency= Use N concurrent tunnel connections to be more robust under bad network conditions. More connections make the tunneling easier to detect and less secure. This project strives for the strongest security against traffic analysis. Using it in an insecure way defeats its purpose. If you must use this, try N=2 first to see if it solves your issues. Strongly recommend against using more than 4 connections here. --extra-headers=... Appends extra headers in requests to the proxy server. Multiple headers are separated by CRLF. --host-resolver-rules="MAP proxy.example.com 1.2.3.4" Statically resolves a domain name to an IP address. --resolver-range=CIDR Uses this range in the builtin resolver. Default: 100.64.0.0/10. --log=[] Saves log to the file at . If path is empty, prints to console. No log is saved or printed by default for privacy. --log-net-log= Saves NetLog. View at https://netlog-viewer.appspot.com/. --ssl-key-log-file= Saves SSL keys for Wireshark inspection.