You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

History

lhie1 89488a118d commit message		5 years ago
..
README.md	commit message	5 years ago

README.md

Unescape Escape

#English READMe File:

manual

Introduction

This project was originally modified by Fork [scomper/surge.conf] (https://gist.github.com/scomper/915b04a974f9e11952babfd0bbb241a8).

Compatible
- Surge
- Shadowrocket
- Quantumult
Available functions
Import method
- URL
- JSBox
Certificate installation and trust
Android SSR ACL
[Browser Ads] (#browser-ads)
[about] (#about)
Q&A
[client] (# client has r flag to indicate support for -ssr)
[Tutorial / Description] (#Tutorial - Description)
[Profile Sample] (#Profile Sample)
[Acknowledgment] (#Acknowledgment)
License

Application

Configuration	Source	Group
Rules	Rules Channel	Rules
Surge	@lhie1	Surge
Shadowrocket	@lhie1	Shadowrocket
Quantumult	@Jacky Y	Quantumult

Function

automatic proxy / global proxy
Resolve possible interference from local DNS
Solving some website jump issues
can break through some intranet restrictions (company, school)
Intercept part mining JS plugin
Intercepting behavior analysis of commonly used applications and web pages
Block data statistics for popular apps and web pages
Block privacy tracking for popular apps and web pages
Interceptee hijacking of major shopping sites
Block Content Security Policy hijacking
Intercept CNNIC Root Certificate Hijacking
Block some apps’ startup ads
Block traffic statistics from some operators’ hijacked webpages
Block some of the floating ball ads popped up by the operator hijacking webpage
Block common video ads
Block common website ads, other streaming website ads
Shielding Falun Gong and other anti-China forces websites
All domestic websites are connected in a straight line
Apple Service Acceleration (App Store, Apple Music, Apple Streaming, iCloud Backup, iCloud Drive, iTunes, etc.)
Accelerated foreign websites (Google/Youtube/Twitter/Facebook/instagram/wikipedia/Github, etc.)

JSBox

Surge：https://xteko.com/redir?name=Rules-lhie1&url=https://raw.githubusercontent.com/lhie1/Rules/master/JSBox/Rules-lhie1.box

Remote Files

Shadowrocket：https://raw.githubusercontent.com/lhie1/Rules/master/Shadowrocket/Complete.conf


Quantumult_Filter：https://raw.githubusercontent.com/lhie1/Rules/master/Quantumult/Quantumult.conf

Quantumult_Rejection：https://raw.githubusercontent.com/lhie1/Rules/master/Quantumult/Quantumult_URL.conf

MitM

Introduction: MitM (Man-in-the-middle attack, used to decrypt HTTPS traffic)

iOS：

All systems with iOS 9 or higher need to trust the certificate in the machine after installing the certificate to make the certificate valid.

1. Installation:
*  Surge: Configuration - Edit Configuration - HTTPS Decryption - Install Certificate
*  Shadowrocket: Settings - Certificate - Install Certificate
*  Quantumult: Settings - HTTPS - HTTPS Decryption

2. Trust:
Settings - General - About this machine - Certificate trust settings - Trust

Note: You only need to install and trust once. Using the JSBox upgrade rules does not affect the certificate.
Note: Do not generate a new certificate by yourself. As a result, the rule does not match the certificate, which causes the MitM to fail and directly fails to load. After the rule is exported,it can be installed and trusted. If you accidentally click it, re-run the JSBox export rules to install them correctly.

macOS：

About

Rules（(rule discussion / communication流）：https://telegram.me/lhie1x

Rule update notification (new feature / tutorial / description): http://t.me/RuleNews

Android SSR ACL

Project homepage：https://github.com/ACL4SSR/ACL4SSR

1. banAD.acl (default proxy) to advertising + LAN direct connection + domestic IP segment direct connection + domestic common domain name direct connection + foreign agent
https://raw.githubusercontent.com/ACL4SSR/ACL4SSR/master/banAD.acl

2. gfwlist-banAD.acl (default direct connection) to advertising + LAN direct connection + foreign gfwlist list agent
https://raw.githubusercontent.com/ACL4SSR/ACL4SSR/master/gfwlist-banAD.acl

3. onlybanAD.acl (default proxy) to advertising + LAN direct connection + global proxy
https://raw.githubusercontent.com/ACL4SSR/ACL4SSR/master/onlybanAD.acl

4. fullgfwlist.acl (default direct) foreign gfwlist list proxy, no advertising, no whitelist (original SS can directly copy file content)
https://raw.githubusercontent.com/ACL4SSR/ACL4SSR/master/fullgfwlist.acl

5. backcn-banAD.acl (default direct connection) to advertising + domestic IP segment agent + domestic common domain name agent + LAN direct connection + foreign direct connection
https://raw.githubusercontent.com/ACL4SSR/ACL4SSR/master/backcn-banAD.acl

Browser Ads

Adguard：https://adguard.com/en/welcome.html

Q&A

Surge has added a proxy sharing mode that only needs to be turned on to allow other devices on the Wi-Fi network to access the network through this iPhone proxy.

Open Allow Wi-Fi Access in the advanced settings, or modify the configuration file directly, add a line of parameters allow-wifi-access = true

Devices in other Wi-Fi network environments can enter the IP address and port number of the Surge device that has the shared proxy enabled. (Tip: The Surge Log can see the IP address and listening port of the local machine after being turned on.) Fill in the IP address to You need to share the Wi-Fi information of the device in the HTTP proxy.

🍃 Proxy & 🍂 Domestic & ☁️ Others & 🍎 Only

🍃 Proxy：Controls foreign traffic; 🚀 Direct - Direct connection, non-accessible external network; Proxy server - Accessible external network

🍂 Domestic: Control domestic traffic; 🚀 Direct - Smart Offload (Pac); 🍃 Proxy - Global Agent

☁️ Others: Control the flow of non-domestic IP outside the list of rules

🍎 Only: Controls Apple's traffic; if some of Apple's services are difficult to connect directly, setting it as a proxy may improve some issues: 🍎 Only - Proxy

Recommendations: 🍃 Proxy - Proxy Server; 🍂 Domestic - 🚀 Direct ; ☁️ Others - 🍃 Proxy ; 🍎 Only - 🚀 Direct / Proxy Server

🏃 Auto

The test results are for reference only and cannot detect the bandwidth of the VPS.

Please do not use google.com as the test target, which may cause the proxy server ip to be blacklisted, resulting in various operations requiring a verification code.
The target URL is fairly fair to all policies, so choose a URL with nodes around the world like gstatic.com as the test target.
Author's suggestion: http://www.gstatic.com/generate_204

Ad blocking is not in effect

Most ads are cached locally when Surge/Shadowrocket is not enabled. Ad blocking is not effective immediately. Generally, the cache is cleared. Some applications need to be uninstalled and reloaded.

Power consumption

When such an application is turned on, since all network communication is taken over by such software, all network communication power consumption (such as WiFi, 4G) is calculated in such applications, so that such software is in the electricity statistics. The proportion is very high.
But in fact, turning on such apps does not have a significant impact on power consumption.

Does the number of rules affect power consumption, memory, and speed?

No, such an application will generate a search tree each time the rule is loaded. It can be understood as a finite state machine DFA with a host name from the back to the front, not a line-by-line match, and there is a match for each match. Hash cache. In other words, the rule of 2000 rows and the rule of 50 rows are time complexity O(1) of the same order of magnitude.

Surge 2 Prompt to activate too many devices

Surge 2's anti-piracy policy is a single purchase, in the last 180 days, if more than 10 devices have been activated, the new device will be refused (the family share will share the purchaser's account 10 times limit). If you have a special situation, please send an email to the author to reproduce.

Surge 3 Too many prompt rules

Since most of the rules I maintain are used to block ads, they can't be streamlined. If you mind, you can turn off the blocking ads feature when generating rules through JSBox. If you don't mind, please go to More - Warnings and turn off the warning.

What is MitM?

Used to decrypt HTTPS traffic (ie Man-in-the-middle attack referred to as MitM).

Why do I need to enable the MitM function?

Blocking some ads (such as Sina Weibo's launch ads) requires decrypting their HTTPS traffic to get ad requests and block them.

Open some applications (eg: know, instantly, etc.) can't connect?

Check the certificate, make sure the certificate is installed and trusted.

Why is the Surge/Shadowrocket/Quantumult speed difference so large?

Surge is the time to return the http response header packet from the target policy

Shadowrocket supports two speed measurement methods (ICMP/TCP). The default is ICMP mode (ie, Ping). This method is generally used to test whether this server is online.

Quantumult is the time to return the http response header packet from the target policy

Accuracy: Surge -> Quantumult -> Shadowrocket

Why can't Surge block Youku ads?

In order to prevent the ad request from being blocked, Youku is forced to access it through the proxy. Other similar applications use HTTP first packet identification, so the request is also recognized in TUN mode. Surge is a full HTTP Proxy Server and does not attempt HTTP parsing in TUN mode. So this request will not be recognized. However, other similar applications use a problem when using Keep-Alive for HTTP requests, and subsequent requests are not recognized.

What is the difference between the three?

The functions are similar, and the rules based on rules can achieve automatic shunt/ad blocking.

Does MitM affect security (shopping/online/privacy) or performance/speed?

MitM only decrypts HTTPS traffic for addresses in the default Hostname list (open/open source), without security issues and with little impact on performance/speed.
MitM：https://zh.wikipedia.org/wiki/中间人攻击
Surge MitM：https://medium.com/@Blankwonder/5281d8ace79d

Does the usage rule affect the free flow (eg Dawang card)?

My rules are automatically offloaded by default (domestic direct/foreign agent), as long as you don't change the rules or change the proxy mode, it will not affect the flow-free effect.

Suggestions (other random):

🍂 Domestic - DIRECT

☁ Other - DIRECT

Client (with "R" sign indicating support for SSR):

• iOS

Surge: https://appsto.re/cn/D0Q_9.i

Shadowrocket (R): https://appsto.re/cn/UDjM3.i

Quantumult(R): https://itunes.apple.com/us/app/quantumult/id1252015438?mt=8
        
• Android

ShadowsocksR (R): http://omgib13x8.bkt.clouddn.com/ssr-android.apk

Postern (R): http://www.tunnel-workshop.com

• macOS

ShadowsocksX: http://omgib13x8.bkt.clouddn.com/ss-mac.zip

ShadowsocksX-R (R): http://omgib13x8.bkt.clouddn.com/ssr-mac.dmg
        
Flora: https://github.com/huacnlee/flora-kit

Specht Lite: https://github.com/zhuhaow/SpechtLite/releases
        
Surge: http://nssurge.com

• Windows

Shadowsocks: http://omgib13x8.bkt.clouddn.com/ss-win.zip
    
ShadowsocksR (R): http://omgib13x8.bkt.clouddn.com/ssr-win.7z

• Router firmware

Old Maozi: http://www.right.com.cn/forum/thread-161324-1-1.html

Merlin: http://koolshare.cn/thread-133873-1-1.html

Tutorial / Description:

Surge for iOS: https://medium.com/@scomper/a1533c10e80b
    
Surge for macOS: https://medium.com/@scomper/bb7cf735b1b8
    
Shadowrocket for iOS: http://matrix.sspai.com/p/c113cba0
    
SSR for Windows: https://ocvpn.wordpress.com/2016/10/15/shadowsocksr-for-windows setup tutorial
    
SSR for Android: https://yhyy135.github.io/how-to-use-ssr-android/

Acknowledgement

@Eval](https://twitter.com/OAuth4)
@Scomper](https://medium.com/@scomper)
@Neurogram](http://www.taguage.com/user?id=181456)
@suisr9255
@Hackl0us
@unknownTokyo
@Jacky Y
@Fndroid

License

Can be copied, forwarded, but the original author information must be provided, and the project cannot be used for commercial purposes.

README.md Unescape Escape