naiveproxy/USAGE.txt
2023-11-05 19:27:33 +08:00

100 lines
3.1 KiB
Plaintext

Usage: naive --listen=... --proxy=...
naive [/path/to/config.json]
Description:
naive is a proxy that transports traffic in Chromium's pattern.
It works as both a proxy client and a proxy server or together.
Options in the form of `naive --listen=... --proxy=...` can also be
specified using a JSON file:
{
"listen": "...",
"proxy": "..."
}
`--listen` can be specified multiple times on the command line,
and can be either a string or an array of strings in the JSON file.
Uses "config.json" by default if run without arguments.
Options:
-h, --help
Shows help message.
--version
Prints version.
--listen=<proto>://[addr][:port]
--listen=socks://[[user]:[pass]@][addr][:port]
Listens at addr:port with protocol <proto>.
Can be specified multiple times to listen on multiple ports.
Available proto: socks, http, redir.
Default proto, addr, port: socks, 0.0.0.0, 1080.
* http: Supports only proxying https:// URLs, no http://.
* redir: Works with certain iptables setup.
(Redirecting locally originated traffic)
iptables -t nat -A OUTPUT -d $proxy_server_ip -j RETURN
iptables -t nat -A OUTPUT -p tcp -j REDIRECT --to-ports 1080
(Redirecting forwarded traffic on a router)
iptables -t nat -A PREROUTING -p tcp -j REDIRECT --to-ports 1080
Also activates a DNS resolver on the same UDP port. Similar iptables
rules can redirect DNS queries to this resolver. The resolver returns
artificial addresses that are translated back to the original domain
names in proxy requests and then resolved remotely.
The artificial results are not saved for privacy, so restarting the
resolver may cause downstream to cache stale results.
--proxy=<proto>://<user>:<pass>@<hostname>[:<port>]
Routes traffic via the proxy server. Connects directly by default.
Available proto: https, quic. Infers port by default.
--insecure-concurrency=<N>
Use N concurrent tunnel connections to be more robust under bad network
conditions. More connections make the tunneling easier to detect and less
secure. This project strives for the strongest security against traffic
analysis. Using it in an insecure way defeats its purpose.
If you must use this, try N=2 first to see if it solves your issues.
Strongly recommend against using more than 4 connections here.
--extra-headers=...
Appends extra headers in requests to the proxy server.
Multiple headers are separated by CRLF.
--host-resolver-rules="MAP proxy.example.com 1.2.3.4"
Statically resolves a domain name to an IP address.
--resolver-range=CIDR
Uses this range in the builtin resolver. Default: 100.64.0.0/10.
--log=[<path>]
Saves log to the file at <path>. If path is empty, prints to
console. No log is saved or printed by default for privacy.
--log-net-log=<path>
Saves NetLog. View at https://netlog-viewer.appspot.com/.
--ssl-key-log-file=<path>
Saves SSL keys for Wireshark inspection.