From 0815c1d30a81c84504c095a82e8ebb2d98cd5e81 Mon Sep 17 00:00:00 2001 From: patterniha <71074308+patterniha@users.noreply.github.com> Date: Sun, 23 Feb 2025 14:57:40 +0330 Subject: [PATCH] Add Serverless-for-Iran (#213) Co-authored-by: RPRX <63339210+RPRX@users.noreply.github.com> --- Serverless-for-Iran/README.md | 24 ++ Serverless-for-Iran/serverless_for_Iran.jsonc | 175 ++++++++++ .../serverless_with_mitm_for_Iran.jsonc | 326 ++++++++++++++++++ 3 files changed, 525 insertions(+) create mode 100644 Serverless-for-Iran/README.md create mode 100644 Serverless-for-Iran/serverless_for_Iran.jsonc create mode 100644 Serverless-for-Iran/serverless_with_mitm_for_Iran.jsonc diff --git a/Serverless-for-Iran/README.md b/Serverless-for-Iran/README.md new file mode 100644 index 0000000..1c49eb5 --- /dev/null +++ b/Serverless-for-Iran/README.md @@ -0,0 +1,24 @@ +# Access almost all websites & services directly, for every person in Iran + +**Configs here can not contain "bypassing sanctions" contents (inappropriate on US GitHub)** + +**Please join the official Xray Iranian group https://t.me/projectXhttp to get the whole working configs** + +# Serverless for Iran + +bypass censorship using fragment and noise. + +it doesn't change the IP, so it is not suitable for anonymity and websites that have sanctioned Iran. + +# Serverless with MitM-Domain-Fronting for Iran (Xray-core v25.2.21+) + +same as "serverless for Iran" but using h2c(doh domain fronting) for dns and MitM for these services that support domain fronting: +* youtube +* x +* reddit +* meta (facebook, instagram, ...) + +(This list will be updated) + +you need a self-signed-certificate: you can create with "./xray tls cert -ca -file=mycert" command. +also, the certificate must be imported into "Trusted-Root-Certification-Authorities" of system/browser. diff --git a/Serverless-for-Iran/serverless_for_Iran.jsonc b/Serverless-for-Iran/serverless_for_Iran.jsonc new file mode 100644 index 0000000..d795fe9 --- /dev/null +++ b/Serverless-for-Iran/serverless_for_Iran.jsonc @@ -0,0 +1,175 @@ +// Configs here can not contain "bypassing sanctions" contents (inappropriate on US GitHub) +// Please join the official Xray Iranian group https://t.me/projectXhttp to get the whole working configs + +// Serverless for Iran v1 +// Xray-core v25.2.21+ + + +{ + "log": { + "loglevel": "warning", "dnsLog": false, "access": "none" + }, + + "dns":{ + "hosts": { + "geosite:category-ads-all": ["10.10.34.36", "2001:4188:2:600:10:10:34:36"], + "dns.cloudflare.com": "cloudflare.com" + }, + "servers": [ + "https://dns.cloudflare.com/dns-query", + {"address": "localhost", "domains": ["geosite:private", "geosite:category-ir", "full:cloudflare.com"]} + ], + "tag": "dns-query", + "disableFallback": true + }, + + "inbounds": [ + { + "tag": "dns-in", + "port": 10853, + "protocol": "dokodemo-door", + "settings": { + "address": "1.1.1.1", + "port": 53, + "network": "tcp,udp" + } + }, + { + "tag": "socks-in", + "port": 10808, + "protocol": "socks", + "sniffing": { + "enabled": true, + "destOverride": ["http", "tls", "quic"], + "routeOnly": false + }, + "settings": {"udp": true} + } + ], + + "outbounds": [ + { + "tag": "block", + "protocol": "blackhole" + }, + { + "tag": "direct", + "protocol": "freedom", + "settings": {"domainStrategy": "ForceIP"} + }, + { + "tag": "dns-out", + "protocol": "dns", + "settings": {"nonIPQuery": "skip", "network": "tcp", "address": "1.1.1.1", "port": 53}, + "streamSettings": { + "sockopt": { + "dialerProxy": "chain1-fragment" + } + } + }, + { + "tag": "super-fragment", + "protocol": "freedom", + "settings": { + "fragment": { + "packets": "tlshello", + "length": "6", + "interval": "0" + } + }, + "streamSettings": { + "sockopt": { + "dialerProxy": "chain1-fragment" + } + } + }, + { + "tag": "chain1-fragment", + "protocol": "freedom", + "settings": { + "fragment": { + "packets": "1-3", + "length": "517", + "interval": "1" + } + }, + "streamSettings": { + "sockopt": { + "dialerProxy": "chain2-fragment" + } + } + }, + { + "tag": "chain2-fragment", + "protocol": "freedom", + "settings": { + "domainStrategy": "ForceIP", + "fragment": { + "packets": "1-1", + "length": "1", + "interval": "2" + } + }, + "streamSettings": { + "sockopt": { + "tcpNoDelay": true + } + } + }, + { + "tag": "udp-noises", + "protocol": "freedom", + "settings": { + "domainStrategy": "ForceIP", + "noises": [ + {"type": "rand", "packet": "257-507", "delay": "1"}, {"type": "rand", "packet": "257-507", "delay": "1"}, + {"type": "rand", "packet": "257-507", "delay": "1"}, {"type": "rand", "packet": "257-507", "delay": "1"}, + {"type": "rand", "packet": "257-507", "delay": "1"}, {"type": "rand", "packet": "257-507", "delay": "1"}, + {"type": "rand", "packet": "257-507", "delay": "1"}, {"type": "rand", "packet": "257-507", "delay": "1"}, + {"type": "rand", "packet": "257-507", "delay": "1"}, {"type": "rand", "packet": "257-507", "delay": "1"}, + {"type": "rand", "packet": "257-507", "delay": "1"}, {"type": "rand", "packet": "257-507", "delay": "1"}, + {"type": "rand", "packet": "257-507", "delay": "1"}, {"type": "rand", "packet": "257-507", "delay": "1"}, + {"type": "rand", "packet": "257-507", "delay": "1"}, {"type": "rand", "packet": "257-507", "delay": "1"}, + {"type": "rand", "packet": "257-507", "delay": "1"}, {"type": "rand", "packet": "257-507", "delay": "1"}, + {"type": "rand", "packet": "257-507", "delay": "1"}, {"type": "rand", "packet": "257-507", "delay": "1"}, + {"type": "rand", "packet": "257-507", "delay": "1"}, {"type": "rand", "packet": "257-507", "delay": "1"}, + {"type": "rand", "packet": "257-507", "delay": "1"}, {"type": "rand", "packet": "257-507", "delay": "1"}, + {"type": "rand", "packet": "257-507", "delay": "1"}, {"type": "rand", "packet": "257-507", "delay": "10"} + ] + } + } + ], + + "routing": { + "domainStrategy": "IPOnDemand", + "rules": [ + {"outboundTag": "dns-out", + "inboundTag": ["dns-in"] + }, + {"outboundTag": "dns-out", + "inboundTag": ["socks-in"], "port": 53 + }, + {"outboundTag": "chain1-fragment", // or "super-fragment" + "inboundTag": ["dns-query"] + }, + {"outboundTag": "block", + "domain": ["geosite:category-ads-all"] + }, + {"outboundTag": "block", + "ip": ["10.10.34.0/24", "2001:4188:2:600:10:10:34:36", "2001:4188:2:600:10:10:34:35"] + }, + {"outboundTag": "direct", + "domain": ["geosite:private", "geosite:category-ir"] + }, + {"outboundTag": "direct", + "ip": ["geoip:private", "geoip:ir"] + }, + {"outboundTag": "udp-noises", + "network": "udp" + }, + {"outboundTag": "chain1-fragment", // or "super-fragment" + "network": "tcp" + } + ] + } +} diff --git a/Serverless-for-Iran/serverless_with_mitm_for_Iran.jsonc b/Serverless-for-Iran/serverless_with_mitm_for_Iran.jsonc new file mode 100644 index 0000000..e7dfd2d --- /dev/null +++ b/Serverless-for-Iran/serverless_with_mitm_for_Iran.jsonc @@ -0,0 +1,326 @@ +// Configs here can not contain "bypassing sanctions" contents (inappropriate on US GitHub) +// Please join the official Xray Iranian group https://t.me/projectXhttp to get the whole working configs + +// Serverless with MitM-Domain-Fronting for Iran v1 +// Xray-core v25.2.21+ + +// Requires a self-signed-certificate: you can create it using "./xray tls cert -ca -file=mycert" command +// also, the certificate must be imported into "Trusted-Root-Certification-Authorities" of system/browser + + +{ + "log": { + "loglevel": "warning", "dnsLog": false, "access": "none" + }, + + "dns":{ + "hosts": { + "geosite:category-ads-all": ["10.10.34.36", "2001:4188:2:600:10:10:34:36"] + }, + "servers": [ + "h2c://1.1.1.1/dns-query", + {"address": "localhost", "domains": ["geosite:private", "geosite:category-ir"]} + ], + "tag": "dns-query", + "disableFallback": true + }, + + "inbounds": [ + { + "tag": "dns-in", + "port": 10853, + "protocol": "dokodemo-door", + "settings": { + "address": "1.1.1.1", + "port": 53, + "network": "tcp,udp" + } + }, + { + "tag": "socks-in", + "port": 10808, + "protocol": "socks", + "sniffing": { + "enabled": true, + "destOverride": ["http", "tls", "quic"], + "routeOnly": false + }, + "settings": {"udp": true} + }, + { + "port": 4431, + "tag": "tls-decrypt-h11", + "protocol": "dokodemo-door", + "settings": { + "network": "tcp", + "port": 443, + "followRedirect": true + }, + "streamSettings": { + "security": "tls", + "tlsSettings": { + "alpn": ["http/1.1"], + "certificates": [ + { + "usage": "issue", + "certificateFile": "mycert.crt", // certificate path + "keyFile": "mycert.key" // private-key path + } + ] + } + } + }, + { + "port": 4432, + "tag": "tls-decrypt-h211", + "protocol": "dokodemo-door", + "settings": { + "network": "tcp", + "port": 443, + "followRedirect": true + }, + "streamSettings": { + "security": "tls", + "tlsSettings": { + "alpn": ["h2","http/1.1"], + "certificates": [ + { + "usage": "issue", + "certificateFile": "mycert.crt", // certificate path + "keyFile": "mycert.key" // private-key path + } + ] + } + } + } + ], + + "outbounds": [ + { + "tag": "block", + "protocol": "blackhole" + }, + { + "tag": "direct", + "protocol": "freedom", + "settings": {"domainStrategy": "ForceIP"} + }, + { + "tag": "redirect-out-h11", + "protocol": "freedom", + "settings": { + "redirect": "127.0.0.1:4431" + } + }, + { + "tag": "redirect-out-h211", + "protocol": "freedom", + "settings": { + "redirect": "127.0.0.1:4432" + } + }, + { + "tag": "tls-repack-dns", + "protocol": "freedom", + "settings": {"domainStrategy": "ForceIP"}, + "streamSettings": { + "security": "tls", + "tlsSettings": { + "serverName": "www.bing.com", + "verifyPeerCertInNames": ["fromMitM", "www.bing.com"], + "alpn": ["fromMitM"], + "fingerprint": "chrome" + } + } + }, + { + "tag": "tls-repack-google", + "protocol": "freedom", + "settings": {"domainStrategy": "ForceIP"}, + "streamSettings": { + "security": "tls", + "tlsSettings": { + "serverName": "www.google.com", + "verifyPeerCertInNames": ["fromMitM", "www.google.com", "dns.google", "www.googlevideo.com", "www.youtube.com"], + "alpn": ["fromMitM"], + "fingerprint": "chrome" + } + } + }, + { + "tag": "tls-repack-meta", + "protocol": "freedom", + "settings": {"domainStrategy": "ForceIP"}, + "streamSettings": { + "security": "tls", + "tlsSettings": { + "serverName": "www.whatsapp.com", + "verifyPeerCertInNames": ["fromMitM", "www.whatsapp.com", "www.facebook.com", "www.ar.meta.com", "www.fb.com", "www.whatsapp.net", "www.atlassolutions.com", "www.secure.facebook.com", "www.extern.facebook.com", "www.internet.org", "www.oculus.com", "www.wit.ai", "www.facebook-dns.com", "www.instagram.com", "www.meta.com", "www.external-disputes.meta.com", "www.fbe2e.com", "www.cloud.x2p.facebook.net", "www.secure.latest.facebook.com"], + "alpn": ["fromMitM"], + "fingerprint": "chrome" + } + } + }, + { + "tag": "tls-repack-fastly", + "protocol": "freedom", + "settings": {"domainStrategy": "ForceIP"}, + "streamSettings": { + "security": "tls", + "tlsSettings": { + "serverName": "www.fastly.com", + "verifyPeerCertInNames": ["fromMitM", "www.fastly.com", "www.reddit.com", "x.com"], + "alpn": ["fromMitM"], + "fingerprint": "chrome" + } + } + }, + { + "tag": "dns-out", + "protocol": "dns", + "settings": {"nonIPQuery": "skip", "network": "tcp", "address": "1.1.1.1", "port": 53}, + "streamSettings": { + "sockopt": { + "dialerProxy": "chain1-fragment" + } + } + }, + { + "tag": "super-fragment", + "protocol": "freedom", + "settings": { + "fragment": { + "packets": "tlshello", + "length": "6", + "interval": "0" + } + }, + "streamSettings": { + "sockopt": { + "dialerProxy": "chain1-fragment" + } + } + }, + { + "tag": "chain1-fragment", + "protocol": "freedom", + "settings": { + "fragment": { + "packets": "1-3", + "length": "517", + "interval": "1" + } + }, + "streamSettings": { + "sockopt": { + "dialerProxy": "chain2-fragment" + } + } + }, + { + "tag": "chain2-fragment", + "protocol": "freedom", + "settings": { + "domainStrategy": "ForceIP", + "fragment": { + "packets": "1-1", + "length": "1", + "interval": "2" + } + }, + "streamSettings": { + "sockopt": { + "tcpNoDelay": true + } + } + }, + { + "tag": "udp-noises", + "protocol": "freedom", + "settings": { + "domainStrategy": "ForceIP", + "noises": [ + {"type": "rand", "packet": "257-507", "delay": "1"}, {"type": "rand", "packet": "257-507", "delay": "1"}, + {"type": "rand", "packet": "257-507", "delay": "1"}, {"type": "rand", "packet": "257-507", "delay": "1"}, + {"type": "rand", "packet": "257-507", "delay": "1"}, {"type": "rand", "packet": "257-507", "delay": "1"}, + {"type": "rand", "packet": "257-507", "delay": "1"}, {"type": "rand", "packet": "257-507", "delay": "1"}, + {"type": "rand", "packet": "257-507", "delay": "1"}, {"type": "rand", "packet": "257-507", "delay": "1"}, + {"type": "rand", "packet": "257-507", "delay": "1"}, {"type": "rand", "packet": "257-507", "delay": "1"}, + {"type": "rand", "packet": "257-507", "delay": "1"}, {"type": "rand", "packet": "257-507", "delay": "1"}, + {"type": "rand", "packet": "257-507", "delay": "1"}, {"type": "rand", "packet": "257-507", "delay": "1"}, + {"type": "rand", "packet": "257-507", "delay": "1"}, {"type": "rand", "packet": "257-507", "delay": "1"}, + {"type": "rand", "packet": "257-507", "delay": "1"}, {"type": "rand", "packet": "257-507", "delay": "1"}, + {"type": "rand", "packet": "257-507", "delay": "1"}, {"type": "rand", "packet": "257-507", "delay": "1"}, + {"type": "rand", "packet": "257-507", "delay": "1"}, {"type": "rand", "packet": "257-507", "delay": "1"}, + {"type": "rand", "packet": "257-507", "delay": "1"}, {"type": "rand", "packet": "257-507", "delay": "10"} + ] + } + } + ], + + "routing": { + "domainStrategy": "IPOnDemand", + "rules": [ + {"outboundTag": "dns-out", + "inboundTag": ["dns-in"] + }, + {"outboundTag": "dns-out", + "inboundTag": ["socks-in"], "port": 53 + }, + {"outboundTag": "tls-repack-dns", + "inboundTag": ["dns-query"] + }, + {"outboundTag": "block", + "domain": ["geosite:category-ads-all"] + }, + {"outboundTag": "block", + "ip": ["10.10.34.0/24", "2001:4188:2:600:10:10:34:36", "2001:4188:2:600:10:10:34:35"] + }, + {"outboundTag": "direct", + "domain": ["geosite:private", "geosite:category-ir"] + }, + {"outboundTag": "direct", + "ip": ["geoip:private", "geoip:ir"] + }, + {"outboundTag": "chain1-fragment", // or "super-fragment" + "inboundTag": ["socks-in"], + "network": "tcp", + "ip": ["geoip:cloudflare", "geoip:cloudfront"] + }, + { + "outboundTag": "redirect-out-h11", + "inboundTag": ["socks-in"], + "network": "tcp", + "protocol": ["tls"], + "port": 443, + "domain": ["domain:googlevideo.com"] + }, + { + "outboundTag": "redirect-out-h211", + "inboundTag": ["socks-in"], + "network": "tcp", + "protocol": ["tls"], + "port": 443, + "domain": ["geosite:youtube", "geosite:x", "geosite:reddit", "geosite:meta"] + }, + {"outboundTag": "tls-repack-google", + "domain": ["geosite:youtube", "domain:googlevideo.com"], + "inboundTag": ["tls-decrypt-h11", "tls-decrypt-h211"] + }, + {"outboundTag": "tls-repack-meta", + "domain": ["geosite:meta"], + "inboundTag": ["tls-decrypt-h11", "tls-decrypt-h211"] + }, + {"outboundTag": "tls-repack-fastly", + "domain": ["geosite:x", "geosite:reddit"], + "inboundTag": ["tls-decrypt-h11", "tls-decrypt-h211"] + }, + {"outboundTag": "udp-noises", + "network": "udp" + }, + {"outboundTag": "chain1-fragment", // or "super-fragment" + "network": "tcp" + } + ] + } +}