mirror of
https://github.com/therealaleph/MasterHttpRelayVPN-RUST.git
synced 2026-05-18 06:24:35 +03:00
Shin (Former Aleph)
96d1352728
The app is a Kotlin/Compose front-end that reuses the mhrv-rs crate
via JNI. It speaks VpnService to get a TUN fd, hands that to tun2proxy,
and funnels every app's traffic through the in-process SOCKS5 listener —
no per-app proxy setup on the device.
Two fixes in `src/proxy_server.rs` apply to desktop builds too:
* SNI peek via `LazyConfigAcceptor`. When a browser uses DoH (Chrome's
default), tun2proxy hands us a raw IP in the SOCKS5 CONNECT. Minting
a MITM cert for the IP produced `ERR_CERT_COMMON_NAME_INVALID` on
Cloudflare-fronted sites. We now read the ClientHello's SNI first
and use that both as the cert subject and as the upstream host for
the Apps Script relay (fetching `https://<IP>/...` with an IP in the
Host header gets rejected by CF anyway).
* Short-circuit CORS preflight at the MITM boundary. `UrlFetchApp.fetch()`
rejects `OPTIONS` with a Swedish "Ett attribut med ogiltigt värde
har angetts: method" error, which silently broke every fetch()/XHR
preflight and was the root cause of "JS doesn't load" on Discord,
Yahoo, and similar. Since we already terminate the TLS the browser
talks to, answering the preflight with a permissive 204 is safe —
the real request still goes through the relay.
Android-side capabilities (feature-parity with `mhrv-rs-ui` where it
fits on a phone):
* multi-deployment ID editor
* SNI rotation pool + per-SNI "Test" + "Test all" (JNI into scan_sni)
* live logs panel (JNI ring buffer drained on a 500 ms poll)
* Advanced section: verify_ssl, parallel_relay, log_level, upstream_socks5
* CA install flow that matches modern Android's reality: saves
`Downloads/mhrv-ca.crt` via MediaStore, deep-links Security settings,
then verifies post-hoc by fingerprint lookup in AndroidCAStore (the
KeyChain intent dead-ends with a Close-only dialog on Android 11+)
* Start/Stop debounced to dodge an emulator EGL renderer crash on
rapid taps
Theme matches the desktop palette exactly — always-dark, accent
`#4678B4`, card fill `#1C1E22`, 4dp button / 6dp card radii.
No dynamic color, no light scheme: the desktop is always dark and
we follow.
Build wiring:
* `Cargo.toml`: `cdylib` crate-type added; `jni` + `tun2proxy`
scoped to `cfg(target_os = "android")` so desktop builds pay
nothing.
* `src/data_dir.rs`: `set_data_dir()` override so the Android app's
private filesDir replaces the `directories` crate's desktop default.
* `src/android_jni.rs`: JNI entry points for start/stop/exportCa plus
a ring buffer draining to `Native.drainLogs()` and `testSni()` that
wraps `scan_sni::probe_one`.
* Gradle task chain runs `cargo ndk` before each assemble; post-step
normalizes tun2proxy's hash-suffixed cdylib to a stable filename
so `System.loadLibrary("tun2proxy")` works.
Verified end-to-end on an API 34 emulator: ipleak, yahoo, discord,
cloudflare.com all render; TLS is MITM-ed under our user-installed
CA; service survives rapid Stop/Start cycles.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
94 lines
2.8 KiB
Batchfile
94 lines
2.8 KiB
Batchfile
@rem
|
|
@rem Copyright 2015 the original author or authors.
|
|
@rem
|
|
@rem Licensed under the Apache License, Version 2.0 (the "License");
|
|
@rem you may not use this file except in compliance with the License.
|
|
@rem You may obtain a copy of the License at
|
|
@rem
|
|
@rem https://www.apache.org/licenses/LICENSE-2.0
|
|
@rem
|
|
@rem Unless required by applicable law or agreed to in writing, software
|
|
@rem distributed under the License is distributed on an "AS IS" BASIS,
|
|
@rem WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
@rem See the License for the specific language governing permissions and
|
|
@rem limitations under the License.
|
|
@rem
|
|
@rem SPDX-License-Identifier: Apache-2.0
|
|
@rem
|
|
|
|
@if "%DEBUG%"=="" @echo off
|
|
@rem ##########################################################################
|
|
@rem
|
|
@rem Gradle startup script for Windows
|
|
@rem
|
|
@rem ##########################################################################
|
|
|
|
@rem Set local scope for the variables with windows NT shell
|
|
if "%OS%"=="Windows_NT" setlocal
|
|
|
|
set DIRNAME=%~dp0
|
|
if "%DIRNAME%"=="" set DIRNAME=.
|
|
@rem This is normally unused
|
|
set APP_BASE_NAME=%~n0
|
|
set APP_HOME=%DIRNAME%
|
|
|
|
@rem Resolve any "." and ".." in APP_HOME to make it shorter.
|
|
for %%i in ("%APP_HOME%") do set APP_HOME=%%~fi
|
|
|
|
@rem Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
|
|
set DEFAULT_JVM_OPTS="-Xmx64m" "-Xms64m"
|
|
|
|
@rem Find java.exe
|
|
if defined JAVA_HOME goto findJavaFromJavaHome
|
|
|
|
set JAVA_EXE=java.exe
|
|
%JAVA_EXE% -version >NUL 2>&1
|
|
if %ERRORLEVEL% equ 0 goto execute
|
|
|
|
echo. 1>&2
|
|
echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. 1>&2
|
|
echo. 1>&2
|
|
echo Please set the JAVA_HOME variable in your environment to match the 1>&2
|
|
echo location of your Java installation. 1>&2
|
|
|
|
goto fail
|
|
|
|
:findJavaFromJavaHome
|
|
set JAVA_HOME=%JAVA_HOME:"=%
|
|
set JAVA_EXE=%JAVA_HOME%/bin/java.exe
|
|
|
|
if exist "%JAVA_EXE%" goto execute
|
|
|
|
echo. 1>&2
|
|
echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME% 1>&2
|
|
echo. 1>&2
|
|
echo Please set the JAVA_HOME variable in your environment to match the 1>&2
|
|
echo location of your Java installation. 1>&2
|
|
|
|
goto fail
|
|
|
|
:execute
|
|
@rem Setup the command line
|
|
|
|
|
|
|
|
@rem Execute Gradle
|
|
"%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -jar "%APP_HOME%\gradle\wrapper\gradle-wrapper.jar" %*
|
|
|
|
:end
|
|
@rem End local scope for the variables with windows NT shell
|
|
if %ERRORLEVEL% equ 0 goto mainEnd
|
|
|
|
:fail
|
|
rem Set variable GRADLE_EXIT_CONSOLE if you need the _script_ return code instead of
|
|
rem the _cmd.exe /c_ return code!
|
|
set EXIT_CODE=%ERRORLEVEL%
|
|
if %EXIT_CODE% equ 0 set EXIT_CODE=1
|
|
if not ""=="%GRADLE_EXIT_CONSOLE%" exit %EXIT_CODE%
|
|
exit /b %EXIT_CODE%
|
|
|
|
:mainEnd
|
|
if "%OS%"=="Windows_NT" endlocal
|
|
|
|
:omega
|