lampmanyao / xproxyapp Goto Github PK
View Code? Open in Web Editor NEWA client for Xproxy on iOS and macOS
License: MIT License
A client for Xproxy on iOS and macOS
License: MIT License
Welcome to XproxyApp ==================== The XproxyApp is a client for Xproxy on iOS and macOS, and Xproxy is a user-space VPN. The Xproxy dir in this repo is different with the Xproxy (see https://github.com/lampmanyao/xproxy), the former is a http/https proxy, the later is a SOCKS5 proxy. System Requirements ------------------- iOS 16.0 or later macOS 14.0 or later HOW IT WORKS ------------ NetworkExtension on iOS doesn't provide proxy settings for socks, but it has two kinds of proxy settings: http and https. We can setup http and https proxy settings in startTunnel() of NEPacketTunnelProvider like this: var localProxyAddres = "127.0.0.1" var localProxyPort = 8080 let networkSettings = NEPacketTunnelNetworkSettings(tunnelRemoteAddress: "172.20.10.25") networkSettings.mtu = 1500 let ipv4Settings = NEIPv4Settings(addresses: ["172.20.10.25"], subnetMasks: ["255.255.255.0"]) let proxySettings = NEProxySettings() // set the http proxy proxySettings.httpEnabled = true proxySettings.httpServer = NEProxyServer(address: localProxyAddress, port: localProxyPort) // set the https proxy proxySettings.httpsEnabled = true proxySettings.httpsServer = NEProxyServer(address: localProxyAddress, port: localProxyPort) proxySettings.matchDomains = [""] // exception list proxySettings.exceptionList = exceptionList networkSettings.proxySettings = proxySettings networkSettings.ipv4Settings = ipv4Settings setTunnelNetworkSettings(networkSettings) { error in guard error == nil else { completionHandler(error) return } if (start_local_proxy() == 0) { completionHandler(nil) } else { completionHandler(nil) } } start_local_proxy() will run a local http/https proxy server (local-proxy) which is listening on the localProxyPort, the system will redirect all the http and https traffics except the domains in the exceptionList to the local-proxy. ┌ ─ ─ ─ ┐ 0. http request ┌ ─ ─ ─ ─ ─ ─ ─ ┐ ┌ ─ ─ ─ ─ ─ ─ ─ ┐ ┌ ─ ─ ─ ─ ─ ┐ | |"GET http://example.com/| local-proxy |1. SOCKS5 CONNECT request | remote-proxy | 2. open a tcp | | │ │ http/1.1" │┌─────┐ ┌─────┐├ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ >│┌─────┐ ┌─────┐├ ─ ─ ─ ─ ─ ─ ─ >│ │ | |─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─>|│ │ │ │| |│ │ │ │| | | │ │ ││ │ │ ││3. SOCKS5 CONNECT response││ │ │ ││ │ │ | app | |│ tcp │ │ tcp │|<─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─|│ tcp │ │ tcp │| |example.com| │ │ ││ │ │ ││ ││ │ │ ││blinded exchange│ │ | | blinded exchange data |│ │ │ │| blinded exchange data |│ │ │ │| data | | │ │< ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─>│└─────┘ └─────┘│< ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─>│└─────┘ └─────┘│< ─ ─ ─ ─ ─ ─ ─>│ │ └ ─ ─ ─ ┘ └ ─ ─ ─ ─ ─ ─ ─ ┘ └ ─ ─ ─ ─ ─ ─ ─ ┘ └ ─ ─ ─ ─ ─ ┘ Handle request -------------- The crucial part of the local-proxy is turn the http/https request into a handshake packet communicate with the remote-proxy, of course, the handshake packet could be any coustom packet, the handshake packet of Xproxy is taken from SOCKS5 - the SOCKS5 CONNECT request. The request looks like 'GET http://example.com[:port]/ http/1.1' is the http request, the request looks like 'CONNECT example.com:443 http/1.1' is the https request. 1. the local-proxy extracts the domain and the port from the request line, and sends it to the remote-proxy as a SOCKS5 CONNECT request 2. the remote-proxy opens a tcp connection to example.com:80 3. the remote-proxy replies a SOCKS5 CONNECT response to the local-proxy 4. a) the local-proxy forwards the request to the remote-proxy if the request is http request; b) the local-proxy replies a 'HTTP/1.1 200 Connection Established' response to the app if the request is https request 5. exchange data blindly Each packet between the local-proxy and the remote-proxy is as below: ┌─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ + ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ~ ~ ~ ─ ─┐ |encrypted payload length| encrypted payload ...... | └─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ + ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ~ ~ ~ ─ ─┘ the payload length is a 4-byte unsigned integer, following a payload length data. Dependency ---------- On Linux or macOS: - libssl-dev OpenSSL-3.2.0 is precompiled as static library at openssl/lib, iOS and macOS (Intel and Apple Sillicon). Compilation ----------- 1. % cd Xproxy 2. % autoreconf --install 3. % ./configure 4. % make local-proxy ----------- Runing on Linux or macOS: % ./local-proxy -c ./local.com remote-proxy ------------ Runing on Linux or macOS: % ./remote-proxy -c ./remote.conf TODOs ----- - udp proxy - more secure cipher-suit
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.