MasterHttpRelayVPN-RUST

aheh/MasterHttpRelayVPN-RUST

Fork 0

mirror of https://github.com/therealaleph/MasterHttpRelayVPN-RUST.git synced 2026-05-17 21:24:48 +03:00

Commit Graph

Author	SHA1	Message	Date
therealaleph	f5397bef43	v0.3.0: SOCKS5 listener + smart TLS/HTTP/plain-TCP dispatch Ports the SOCKS5 + fallback-chain design from @masterking32's MasterHTTP-WithSOCKS branch so xray / Telegram / app-level TCP clients work through this proxy. Changes: - New SOCKS5 listener on listen_port+1 (configurable via socks5_port) - RFC 1928 CONNECT handshake (v5, no-auth, ATYP IPv4/domain/IPv6) - Shared smart dispatch with the HTTP-CONNECT path - Unified dispatch_tunnel() used by both CONNECT entry points: 1. If host matches SNI-rewrite suffix or hosts override: go direct to google_ip via the MITM+TLS tunnel (fast path for google.com, youtube, etc.) 2. Peek the first byte (300ms timeout for server-first protocols): - 0x16: TLS client hello -> MITM + relay via Apps Script (scheme=https) - HTTP method signature: HTTP relay via Apps Script (scheme=http) - Anything else or timeout: plain TCP passthrough to the target - handle_mitm_request() now takes a scheme arg (http/https) so the same code path handles both MITM'd HTTPS and port-80 plain HTTP - New plain_tcp_passthrough helper: bidirectional TCP bridge used as the final fallback (covers MTProto / raw TCP / server-first protos) Config: - Added optional socks5_port field; defaults to listen_port+1 README: - Added browser vs xray/Telegram instructions under 'Step 6' Live-tested: HTTP proxy, HTTP proxy -> HTTPS, SOCKS5 -> HTTP, SOCKS5 -> HTTPS, Google search via SNI-tunnel (now returns full JS page) all pass.	2026-04-21 20:29:24 +03:00
therealaleph	2dd8be72ca	initial release: Rust port of MasterHttpRelayVPN apps_script mode Faithful port of @masterking32's MasterHttpRelayVPN. All credit for the original idea, protocol, and Python implementation goes to him. Implemented: - Local HTTP proxy (CONNECT + plain HTTP) - MITM with on-the-fly per-domain cert generation via rcgen - CA auto-install for macOS / Linux / Windows - Apps Script JSON relay, protocol-compatible with Code.gs - TLS client with SNI spoofing (connect to Google IP, SNI=www.google.com, inner HTTP Host=script.google.com) - Connection pooling (45s TTL, max 20 idle) - Multi-script round-robin for higher quota - Header filtering (strips connection-specific + brotli) - Config-driven, JSON schema matches Python version Deferred (TODOs in code): - HTTP/2 multiplexing - Request batching / coalescing / response cache - Range-based parallel download - SNI-rewrite tunnels for YouTube/googlevideo - Firefox NSS cert install - domain_fronting / google_fronting / custom_domain modes (mostly broken post-Cloudflare 2024, not a priority) 13 unit tests pass, 2.4MB stripped release binary.	2026-04-21 18:03:03 +03:00

Author

SHA1

Message

Date

therealaleph

f5397bef43

v0.3.0: SOCKS5 listener + smart TLS/HTTP/plain-TCP dispatch

Ports the SOCKS5 + fallback-chain design from @masterking32's
MasterHTTP-WithSOCKS branch so xray / Telegram / app-level TCP
clients work through this proxy.

Changes:
- New SOCKS5 listener on listen_port+1 (configurable via socks5_port)
  - RFC 1928 CONNECT handshake (v5, no-auth, ATYP IPv4/domain/IPv6)
  - Shared smart dispatch with the HTTP-CONNECT path
- Unified dispatch_tunnel() used by both CONNECT entry points:
  1. If host matches SNI-rewrite suffix or hosts override: go direct
     to google_ip via the MITM+TLS tunnel (fast path for google.com,
     youtube, etc.)
  2. Peek the first byte (300ms timeout for server-first protocols):
     - 0x16: TLS client hello -> MITM + relay via Apps Script (scheme=https)
     - HTTP method signature: HTTP relay via Apps Script (scheme=http)
     - Anything else or timeout: plain TCP passthrough to the target
- handle_mitm_request() now takes a scheme arg (http/https) so the
  same code path handles both MITM'd HTTPS and port-80 plain HTTP
- New plain_tcp_passthrough helper: bidirectional TCP bridge used as
  the final fallback (covers MTProto / raw TCP / server-first protos)

Config:
- Added optional socks5_port field; defaults to listen_port+1

README:
- Added browser vs xray/Telegram instructions under 'Step 6'

Live-tested: HTTP proxy, HTTP proxy -> HTTPS, SOCKS5 -> HTTP,
SOCKS5 -> HTTPS, Google search via SNI-tunnel (now returns full
JS page) all pass.

2026-04-21 20:29:24 +03:00

therealaleph

2dd8be72ca

initial release: Rust port of MasterHttpRelayVPN apps_script mode

Faithful port of @masterking32's MasterHttpRelayVPN. All credit for
the original idea, protocol, and Python implementation goes to him.

Implemented:
- Local HTTP proxy (CONNECT + plain HTTP)
- MITM with on-the-fly per-domain cert generation via rcgen
- CA auto-install for macOS / Linux / Windows
- Apps Script JSON relay, protocol-compatible with Code.gs
- TLS client with SNI spoofing (connect to Google IP, SNI=www.google.com,
  inner HTTP Host=script.google.com)
- Connection pooling (45s TTL, max 20 idle)
- Multi-script round-robin for higher quota
- Header filtering (strips connection-specific + brotli)
- Config-driven, JSON schema matches Python version

Deferred (TODOs in code):
- HTTP/2 multiplexing
- Request batching / coalescing / response cache
- Range-based parallel download
- SNI-rewrite tunnels for YouTube/googlevideo
- Firefox NSS cert install
- domain_fronting / google_fronting / custom_domain modes
  (mostly broken post-Cloudflare 2024, not a priority)

13 unit tests pass, 2.4MB stripped release binary.

2026-04-21 18:03:03 +03:00

2 Commits