README

Tested on OSX and linux.

Get start

bundle install

rake down_mmdb
rake unzip_mmdb

# Optional, it is for mitm
rake gen_ca
rake install_ca

cp config.example.json config.json

cd examples
ruby proxy.rb # only http/https and socks 5 proxy
ruby mitm.rb # mitm server for https packet capture
ruby ss.rb # ssocks server

Memory Info

# brew install glances
glances

Settings

Terminal setting in .zshrc or .bashrc ...

function setp(){
  export http_proxy='http://127.0.0.1:7777'
  export https_proxy='http://127.0.0.1:7777'
  echo "HTTP Proxy on"
}

function unsetp(){
  unset http_proxy
  unset https_proxy
  echo "HTTP Proxy off"
}

OSX NetWork Setting(It is not work for terminal)

# ignore proxy
127.0.0.1, 192.168.0.0/16, 10.0.0.0/8, 172.16.0.0/12, 100.64.0.0/10, localhost, *.local, 0.0.0.0

Idea form

• NEKit
• surge for Mac
• charles
• privoxy
• ritm: Man-in-the-middle attack
• bbtfr/evil-proxy: A ruby http/https proxy, with SSL MITM support to do 👿 things.
• kone: Beautiful than tun2socks

Test

rake

Rules, see more config.example.json

• There are 4 adapters, direct, mitm, http(https) and shadowsocks.
• There are 6 actions, http(https):http_adapter, shadowsocks:shadowsocks_adapter, direct:direct_adapter, speed:select fastest adapters, mitm:mitm_adapter, and reject:just close this socket.
• There are 6 rule types, geoip, domain, domain_keyword, domain_suffix, ip_cidr and other, note: rules are in order.
• Filters is for packet capture, just work for http. if it is https, please use mitm action

Note

• If you are using https adapter, the auth will be ignore

Todo

• http/https proxy server
• socks5 proxy server
• direct adapter
• ssocks adapter
• ssocks server
• rule manager
• geolite2 support
• reject, but in browser has some bug???
• packet capture: http/https support
• reload config.json
• yaml config support
• surge config support
• cache rule match
• log
• packet filter: header and body(http/https support)
• DNS server
• multi DNS query to different DNS server at the same time, just select the fastest
• DNS cache
• speed adapter: simple implement with ping, only for proxy, not direct
• http/https adapter
• socks 5 proxy server adapter
• v2ray adapter support
• command line tools
• websocket for view
• websocket proxy support
• websocket-extensions support
• tun2socks support with iptables
• kcp support
• IPV6 support, need to test
• more ssocks method support
• http multipart/form-data support
• x-forwarded-for and x-real-ip suport
• local https proxy support
• socks 5 UDP relay

ssocks server TODO

• onetime authentication
• autoban
• download big file memory bug

Known bugs

• altamiracorp.com: DNS resolve bug. Resolv.getaddress in request and EventMachine::connect in relay.
• safari not working
• ip support: 123.56.230.53:29231
• 网易云音乐 search not work, download file with http?
• mitm can not handle http, https only
• DNS ResolvError may break proxy
• ip cidr cal a long time
• use proxy when Resolv::ResolvError no address for api.smoot.apple.com.cn
• weixin upload image http proxy only
• Too many open files - ps (Errno::EMFILE)
• delete ipv6 utun Tunnelblick

Proxy

Http/https

• squid + stunnel
• tinyproxy + stunnel
• Squid SSL 相关特性总结

ssocks

• My ssocks server

Reference

• ettercap
• libpcap
• iperf3
• Tun/Tap interface tutorial