// Project XHTTP https://t.me/projectXhttp
// Serverless with mitm for iran v1
// Requirements -> Xray-core v25.2.18+, a self-signed-certificate: you can create with "./xray tls cert -ca -file=mycert" command.
// also, the certificate must be imported into "Trusted-Root-Certification-Authorities" of system/browser
{
"log": {
"loglevel": "warning", "dnsLog": false, "access": "none"
},
"dns":{
"hosts": {
"geosite:category-ads-all": ["10.10.34.36", "2001:4188:2:600:10:10:34:36"]
},
"servers": [
"h2c://1.1.1.1/dns-query",
{"address": "localhost", "domains": ["geosite:private", "geosite:category-ir"]}
],
"tag": "dns-query",
"disableFallback": true
},
"inbounds": [
{
"tag": "dns-in",
"port": 10853,
"protocol": "dokodemo-door",
"settings": {
"address": "1.1.1.1",
"port": 53,
"network": "tcp,udp"
}
},
{
"tag": "socks-in",
"port": 10808,
"protocol": "socks",
"sniffing": {
"enabled": true,
"destOverride": ["http", "tls", "quic"],
"routeOnly": false
},
"settings": {"udp": true}
},
{
"port": 4431,
"tag": "tls-decrypt-h11",
"protocol": "dokodemo-door",
"settings": {
"network": "tcp",
"port": 443,
"followRedirect": true
},
"streamSettings": {
"security": "tls",
"tlsSettings": {
"alpn": ["http/1.1"],
"certificates": [
{
"usage": "issue",
"certificateFile": "mycert.crt", // certificate path
"keyFile": "mycert.key" // private-key path
}
]
}
}
},
{
"port": 4432,
"tag": "tls-decrypt-h211",
"protocol": "dokodemo-door",
"settings": {
"network": "tcp",
"port": 443,
"followRedirect": true
},
"streamSettings": {
"security": "tls",
"tlsSettings": {
"alpn": ["h2","http/1.1"],
"certificates": [
{
"usage": "issue",
"certificateFile": "mycert.crt", // certificate path
"keyFile": "mycert.key" // private-key path
}
]
}
}
}
],
"outbounds": [
{
"tag": "block",
"protocol": "blackhole"
},
{
"tag": "direct",
"protocol": "freedom",
"settings": {"domainStrategy": "ForceIP"}
},
{
"tag": "redirect-out-h11",
"protocol": "freedom",
"settings": {
"redirect": "127.0.0.1:4431"
}
},
{
"tag": "redirect-out-h211",
"protocol": "freedom",
"settings": {
"redirect": "127.0.0.1:4432"
}
},
{
"tag": "tls-repack-dns",
"protocol": "freedom",
"settings": {"domainStrategy": "ForceIP"},
"streamSettings": {
"security": "tls",
"tlsSettings": {
"serverName": "www.bing.com",
"verifyPeerCertInNames": ["fromMitM", "www.bing.com"],
"alpn": ["fromMitM"],
"fingerprint": "chrome"
}
}
},
{
"tag": "tls-repack-google",
"protocol": "freedom",
"settings": {"domainStrategy": "ForceIP"},
"streamSettings": {
"security": "tls",
"tlsSettings": {
"serverName": "www.google.com",
"verifyPeerCertInNames": ["fromMitM", "www.google.com", "dns.google", "www.googlevideo.com", "www.youtube.com"],
"alpn": ["fromMitM"],
"fingerprint": "chrome"
}
}
},
{
"tag": "tls-repack-meta",
"protocol": "freedom",
"settings": {"domainStrategy": "ForceIP"},
"streamSettings": {
"security": "tls",
"tlsSettings": {
"serverName": "www.whatsapp.com",
"verifyPeerCertInNames": ["fromMitM", "www.whatsapp.com", "www.facebook.com", "www.ar.meta.com", "www.fb.com", "www.whatsapp.net", "www.atlassolutions.com", "www.secure.facebook.com", "www.extern.facebook.com", "www.internet.org", "www.oculus.com", "www.wit.ai", "www.facebook-dns.com", "www.instagram.com", "www.meta.com", "www.external-disputes.meta.com", "www.fbe2e.com", "www.cloud.x2p.facebook.net", "www.secure.latest.facebook.com"],
"alpn": ["fromMitM"],
"fingerprint": "chrome"
}
}
},
{
"tag": "tls-repack-fastly",
"protocol": "freedom",
"settings": {"domainStrategy": "ForceIP"},
"streamSettings": {
"security": "tls",
"tlsSettings": {
"serverName": "www.fastly.com",
"verifyPeerCertInNames": ["fromMitM", "www.fastly.com", "www.reddit.com", "x.com"],
"alpn": ["fromMitM"],
"fingerprint": "chrome"
}
}
},
{
"tag": "dns-out",
"protocol": "dns",
"settings": {"nonIPQuery": "skip", "network": "tcp", "address": "1.1.1.1", "port": 53},
"streamSettings": {
"sockopt": {
"dialerProxy": "chain1-fragment"
}
}
},
{
"tag": "super-fragment",
"protocol": "freedom",
"settings": {
"fragment": {
"packets": "tlshello",
"length": "6",
"interval": "0"
}
},
"streamSettings": {
"sockopt": {
"dialerProxy": "chain1-fragment"
}
}
},
{
"tag": "chain1-fragment",
"protocol": "freedom",
"settings": {
"fragment": {
"packets": "1-3",
"length": "517",
"interval": "1"
}
},
"streamSettings": {
"sockopt": {
"dialerProxy": "chain2-fragment"
}
}
},
{
"tag": "chain2-fragment",
"protocol": "freedom",
"settings": {
"domainStrategy": "ForceIP",
"fragment": {
"packets": "1-1",
"length": "1",
"interval": "2"
}
},
"streamSettings": {
"sockopt": {
"tcpNoDelay": true
}
}
},
{
"tag": "udp-noises",
"protocol": "freedom",
"settings": {
"domainStrategy": "ForceIP",
"noises": [
{"type": "rand", "packet": "257-507", "delay": "1"}, {"type": "rand", "packet": "257-507", "delay": "1"},
{"type": "rand", "packet": "257-507", "delay": "1"}, {"type": "rand", "packet": "257-507", "delay": "1"},
{"type": "rand", "packet": "257-507", "delay": "1"}, {"type": "rand", "packet": "257-507", "delay": "1"},
{"type": "rand", "packet": "257-507", "delay": "1"}, {"type": "rand", "packet": "257-507", "delay": "1"},
{"type": "rand", "packet": "257-507", "delay": "1"}, {"type": "rand", "packet": "257-507", "delay": "1"},
{"type": "rand", "packet": "257-507", "delay": "1"}, {"type": "rand", "packet": "257-507", "delay": "1"},
{"type": "rand", "packet": "257-507", "delay": "1"}, {"type": "rand", "packet": "257-507", "delay": "1"},
{"type": "rand", "packet": "257-507", "delay": "1"}, {"type": "rand", "packet": "257-507", "delay": "1"},
{"type": "rand", "packet": "257-507", "delay": "1"}, {"type": "rand", "packet": "257-507", "delay": "1"},
{"type": "rand", "packet": "257-507", "delay": "1"}, {"type": "rand", "packet": "257-507", "delay": "1"},
{"type": "rand", "packet": "257-507", "delay": "1"}, {"type": "rand", "packet": "257-507", "delay": "1"},
{"type": "rand", "packet": "257-507", "delay": "1"}, {"type": "rand", "packet": "257-507", "delay": "1"},
{"type": "rand", "packet": "257-507", "delay": "1"}, {"type": "rand", "packet": "257-507", "delay": "10"}
]
}
}
],
"routing": {
"domainStrategy": "IPOnDemand",
"rules": [
{"outboundTag": "dns-out",
"inboundTag": ["dns-in"]
},
{"outboundTag": "dns-out",
"inboundTag": ["socks-in"], "port": 53
},
{"outboundTag": "tls-repack-dns",
"inboundTag": ["dns-query"]
},
{"outboundTag": "block",
"domain": ["geosite:category-ads-all"]
},
{"outboundTag": "block",
"ip": ["10.10.34.0/24", "2001:4188:2:600:10:10:34:36", "2001:4188:2:600:10:10:34:35"]
},
{"outboundTag": "direct",
"domain": ["geosite:private", "geosite:category-ir"]
},
{"outboundTag": "direct",
"ip": ["geoip:private", "geoip:ir"]
},
{"outboundTag": "chain1-fragment",
"inboundTag": ["socks-in"],
"network": "tcp",
"ip": ["geoip:cloudflare", "geoip:cloudfront"]
},
{
"outboundTag": "redirect-out-h11",
"inboundTag": ["socks-in"],
"network": "tcp",
"protocol": ["tls"],
"port": 443,
"domain": ["domain:googlevideo.com"]
},
{
"outboundTag": "redirect-out-h211",
"inboundTag": ["socks-in"],
"network": "tcp",
"protocol": ["tls"],
"port": 443,
"domain": ["geosite:youtube", "geosite:x", "geosite:reddit", "geosite:meta"]
},
{"outboundTag": "tls-repack-google",
"domain": ["geosite:youtube", "domain:googlevideo.com"],
"inboundTag": ["tls-decrypt-h11", "tls-decrypt-h211"]
},
{"outboundTag": "tls-repack-meta",
"domain": ["geosite:meta"],
"inboundTag": ["tls-decrypt-h11", "tls-decrypt-h211"]
},
{"outboundTag": "tls-repack-fastly",
"domain": ["geosite:x", "geosite:reddit"],
"inboundTag": ["tls-decrypt-h11", "tls-decrypt-h211"]
},
{"outboundTag": "udp-noises",
"network": "udp"
},
{"outboundTag": "chain1-fragment",
"network": "tcp"
}
]
}
}