[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-653":3},{"id":4,"name":5,"fullName":6,"owner":7,"repo":5,"description":8,"homepage":9,"htmlUrl":10,"language":11,"languages":10,"totalLinesOfCode":10,"stars":12,"forks":13,"watchers":14,"openIssues":15,"contributorsCount":16,"subscribersCount":16,"size":16,"stars1d":17,"stars7d":18,"stars30d":19,"stars90d":16,"forks30d":16,"starsTrendScore":20,"compositeScore":21,"rankGlobal":10,"rankLanguage":10,"license":22,"archived":23,"fork":23,"defaultBranch":24,"hasWiki":23,"hasPages":23,"topics":25,"createdAt":10,"pushedAt":10,"updatedAt":35,"readmeContent":36,"aiSummary":37,"trendingCount":16,"starSnapshotCount":16,"syncStatus":38,"lastSyncTime":39,"discoverSource":40},653,"MasterHttpRelayVPN","masterking32\u002FMasterHttpRelayVPN","masterking32","Domain-fronted HTTP\u002FSOCKS5 proxy tunneling traffic through Google Apps Script with MITM TLS interception, HTTP\u002F1-2 multiplexing, and DPI evasion.","https:\u002F\u002Ft.me\u002Fmasterdnsvpn",null,"Python",3851,446,73,9,0,29,40,762,87,29.95,"MIT License",false,"python_testing",[26,27,28,29,30,31,32,33,34],"dpi","google","http","masterhttprelayvpn","mitm","proxy","relay","sni","vpn","2026-06-12 02:00:16","# MasterHttpRelayVPN\n\n[![GitHub](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FGitHub-MasterHttpRelayVPN-blue?logo=github)](https:\u002F\u002Fgithub.com\u002Fmasterking32\u002FMasterHttpRelayVPN) [![Ask DeepWiki](https:\u002F\u002Fdeepwiki.com\u002Fbadge.svg)](https:\u002F\u002Fdeepwiki.com\u002Fmasterking32\u002FMasterHttpRelayVPN) [![oosmetrics](https:\u002F\u002Fapi.oosmetrics.com\u002Fapi\u002Fv1\u002Fbadge\u002Fachievement\u002F85a1f608-5c6d-4fcd-9b7f-b1ff8b680852.svg)](https:\u002F\u002Foosmetrics.com\u002Frepo\u002Fmasterking32\u002FMasterHttpRelayVPN) [![oosmetrics](https:\u002F\u002Fapi.oosmetrics.com\u002Fapi\u002Fv1\u002Fbadge\u002Fachievement\u002Fde9bee73-bc68-4f98-ba83-6957007046b1.svg)](https:\u002F\u002Foosmetrics.com\u002Frepo\u002Fmasterking32\u002FMasterHttpRelayVPN)\n\n**[🇮🇷 راهنمای فارسی (Persian)](README_FA.md)**\n\nA free tool that lets you access the internet freely by hiding your traffic behind trusted websites like Google. No VPS or server needed — just a free Google account.\n\n> **How it works in simple terms:** Your browser talks to this tool on your computer. This tool disguises your traffic to look like normal Google traffic. The firewall\u002Ffilter sees \"google.com\" and lets it pass. Behind the scenes, a free Google Apps Script relay fetches the real website for you.\n\n\n---\n\n## Announcement and Support Channel 📢\n\nFor the latest news, releases, and project updates, follow our Telegram channel: [Telegram Channel](https:\u002F\u002Ft.me\u002Fmasterdnsvpn)\n\n---\n\n### If you like this project, please support it by starring it on GitHub (⭐). It helps the project get discovered.\n\n---\n\n### Optional Financial Support 💸\n\n- TON network:\n\n`masterking32.ton`\n\n- EVM-compatible networks (ETH and compatible chains):\n\n`0x517f07305D6ED781A089322B6cD93d1461bF8652`\n\n- TRC20 network (TRON):\n\n`TLApdY8APWkFHHoxebxGY8JhMeChiETqFH`\n\nEvery contribution and every piece of feedback is appreciated. Support directly helps ongoing development and improvement.\n\n---\n\n## Disclaimer\n\nMasterHttpRelayVPN is provided for educational, testing, and research purposes only.\n\n- **Provided without warranty:** This software is provided \"AS IS\", without express or implied warranty, including merchantability, fitness for a particular purpose, and non-infringement.\n- **Limitation of liability:** The developers and contributors are not responsible for any direct, indirect, incidental, consequential, or other damages resulting from the use of this project or the inability to use it.\n- **User responsibility:** Running this project outside controlled test environments may affect networks, accounts, proxies, certificates, or connected systems. You are solely responsible for installation, configuration, and use.\n- **Legal compliance:** You are responsible for complying with all local, national, and international laws and regulations before using this software.\n- **Google services compliance:** If you use Google Apps Script or other Google services with this project, you are responsible for complying with Google's Terms of Service, acceptable use rules, quotas, and platform policies. Misuse may lead to suspension or termination of your Google account or deployments.\n- **License terms:** Use, copying, distribution, and modification of this software are governed by the repository license. Any use outside those terms is prohibited.\n\n---\n\n## How It Works\n\n```\nBrowser -> Local Proxy -> Google\u002FCDN front -> Your relay -> Target website\n |\n +-> shows google.com to the network filter\n```\n\nIn normal use, the browser sends traffic to the proxy running on your computer.\nThe proxy sends that traffic through Google-facing infrastructure so the network only sees an allowed domain such as `www.google.com`.\nYour deployed relay then fetches the real website and sends the response back through the same path.\n\nThis means the filter sees normal-looking Google traffic, while the actual destination stays hidden inside the relay request.\n\n---\n\n## Quick Start (Recommended)\n\nOne command sets up a virtualenv, installs dependencies, launches an interactive\nconfig wizard, and starts the proxy.\n\n**Windows:**\n```cmd\ngit clone https:\u002F\u002Fgithub.com\u002Fmasterking32\u002FMasterHttpRelayVPN.git\ncd MasterHttpRelayVPN\nstart.bat\n```\n\n**Linux \u002F macOS:**\n```bash\ngit clone https:\u002F\u002Fgithub.com\u002Fmasterking32\u002FMasterHttpRelayVPN.git\ncd MasterHttpRelayVPN\nchmod +x start.sh\n.\u002Fstart.sh\n```\n\nThe first time it runs, the wizard asks for your Google Apps Script Deployment ID\nand generates a strong random password for you. Follow the Apps Script deployment\ninstructions in **Step 2** below before running the wizard so you have a\nDeployment ID ready.\n\n\n## Step-by-Step Setup Guide (Manual)\n\n### Step 1: Download This Project\n\n```bash\ngit clone https:\u002F\u002Fgithub.com\u002Fmasterking32\u002FMasterHttpRelayVPN.git\ncd MasterHttpRelayVPN\npip install -r requirements.txt\n```\n\n> **Can't reach PyPI directly?** Use this mirror instead:\n> ```bash\n> pip install -r requirements.txt -i https:\u002F\u002Fmirror-pypi.runflare.com\u002Fsimple\u002F --trusted-host mirror-pypi.runflare.com\n> ```\n\nOr download the ZIP from [GitHub](https:\u002F\u002Fgithub.com\u002Fmasterking32\u002FMasterHttpRelayVPN) and extract it.\n\n### Step 2: Set Up the Google Relay (Code.gs)\n\nThis is the \"relay\" that sits on Google's servers and fetches websites for you. It's free.\n\n1. Open [Google Apps Script](https:\u002F\u002Fscript.google.com\u002F) and sign in with your Google account.\n2. Click **New project**.\n3. **Delete** all the default code in the editor.\n4. Open the [`Code.gs`](apps_script\u002FCode.gs) file from this project (under `apps_script\u002F`), **copy everything**, and paste it into the Apps Script editor.\n5. **Important:** Change the password on this line to something only you know:\n ```javascript\n const AUTH_KEY = \"your-secret-password-here\";\n ```\n6. Click **Deploy** → **New deployment**.\n7. Choose **Web app** as the type.\n8. Set:\n - **Execute as:** Me\n - **Who has access:** Anyone\n9. Click **Deploy**.\n - If prompted, click **Authorize access**.\n - You may see **Google hasn't verified this app**. Click **Advanced** then **Go to \u003Cyour project name> (unsafe)** to continue.\n10. **Copy the Deployment ID** (it looks like a long random string). You'll need it in the next step.\n\n> ⚠️ Remember the password you set in step 5. You'll use the same password in the config file below.\n\n### Step 3: Configure\n\n**Option A — interactive wizard (recommended):**\n```bash\npython setup.py\n```\nIt'll prompt for your Deployment ID, generate a random `auth_key`, and write\n`config.json` for you.\n\n**Option B — manual:**\n\n1. Copy the example config file:\n ```bash\n cp config.example.json config.json\n ```\n On Windows, you can also just copy & rename the file manually.\n\n2. Open `config.json` in any text editor and fill in your values:\n ```json\n {\n \"google_ip\": \"216.239.38.120\",\n \"front_domain\": \"www.google.com\",\n \"script_id\": \"PASTE_YOUR_DEPLOYMENT_ID_HERE\",\n \"auth_key\": \"your-secret-password-here\",\n \"listen_host\": \"127.0.0.1\",\n \"http_port\": 8085,\n \"socks5_port\": 1080,\n \"log_level\": \"INFO\",\n \"verify_ssl\": true\n }\n ```\n - `script_id` → Paste the Deployment ID from Step 2.\n - `auth_key` → The **same password** you set in `Code.gs`.\n\n### Step 3.5: Optional Exit Node for Full-Tunnel (ChatGPT\u002FTurnstile Friendly)\n\nSome websites block Google datacenter IPs when traffic exits directly from Apps Script.\nTo fix that, configure an exit node so traffic path becomes:\n\n```text\nBrowser -> Local Proxy -> Apps Script -> Exit Node (Cloudflare \u002F Deno \u002F VPS) -> Target website\n```\n\nYou can deploy any one of these exit-node backends:\n\n1. Cloudflare Workers: [`apps_script\u002Fcloudflare_worker.js`](apps_script\u002Fcloudflare_worker.js)\n2. Deno Deploy: [`apps_script\u002Fdeno_deploy.ts`](apps_script\u002Fdeno_deploy.ts)\n3. Your own VPS server\n\nFull step-by-step deployment guide (all providers):\n- [docs\u002Fexit-node\u002FEXIT_NODE_DEPLOYMENT.md](docs\u002Fexit-node\u002FEXIT_NODE_DEPLOYMENT.md)\n\nSet the same PSK secret inside the exit-node code (`PSK` constant) and in `config.json`.\n\nThen configure provider switching like this:\n\n```json\n\"exit_node\": {\n \"enabled\": true,\n \"provider\": \"cloudflare\",\n \"url\": \"https:\u002F\u002FYOUR-WORKER.YOUR-SUBDOMAIN.workers.dev\",\n \"psk\": \"CHANGE_ME_TO_A_STRONG_SECRET\",\n \"mode\": \"full\",\n \"hosts\": [\n \"chatgpt.com\",\n \"openai.com\",\n \"claude.ai\",\n \"anthropic.com\"\n ]\n}\n```\n\nNotes:\n- For simple setup, only fill `provider`, `url`, and `psk`.\n- Switch provider by changing `exit_node.provider` and `exit_node.url`.\n- `mode: \"full\"` = everything goes through exit node (ignore `hosts`).\n- `mode: \"selective\"` = only domains in `hosts` go through exit node.\n- `psk` must exactly match your deployed exit node secret.\n\nProduction recommendation:\n- Keep `verify_ssl: true`\n- Keep `listen_host: 127.0.0.1` unless LAN sharing is explicitly needed\n- Rotate both secrets periodically\n- Never publish your live exit-node URL with valid PSK\n\n### Step 4: Run\n\n```bash\npython3 main.py\n```\n\nYou should see a message saying the HTTP proxy is running on `127.0.0.1:8085` and SOCKS5 on `127.0.0.1:1080`.\n\n### Step 5: Set Up Your Browser\n\nSet your browser to use the proxy:\n\n- **Proxy Address:** `127.0.0.1`\n- **Proxy Port:** `8085`\n- **Type:** HTTP\n- **Optional SOCKS5 Port:** `1080`\n\n**How to set proxy in common browsers:**\n- **Firefox:** Settings → General → Network Settings → Manual proxy → enter `127.0.0.1` port `8085` for HTTP Proxy → check \"Also use this proxy for HTTPS\"\n- **Chrome\u002FEdge:** Uses system proxy. Go to Windows Settings → Network → Proxy → Manual setup → enter `127.0.0.1:8085`\n- **Or** use extensions like [FoxyProxy](https:\u002F\u002Faddons.mozilla.org\u002Fen-US\u002Ffirefox\u002Faddon\u002Ffoxyproxy-standard\u002F) or [SwitchyOmega](https:\u002F\u002Fchrome.google.com\u002Fwebstore\u002Fdetail\u002Fproxy-switchyomega\u002F) for easier switching.\n\n### Step 6: Install the CA Certificate (Required for HTTPS)\n\nWhen using `apps_script` mode, the tool needs to decrypt and re-encrypt HTTPS traffic locally. It generates a CA certificate on first run. **You must install it** or you'll see security warnings on every website.\n\nThe certificate file is created at `ca\u002Fca.crt` inside the project folder after the first run.\n\n#### Windows\n1. Double-click `ca\u002Fca.crt`.\n2. Click **Install Certificate**.\n3. Choose **Current User** (or Local Machine for all users).\n4. Select **Place all certificates in the following store** → click **Browse** → choose **Trusted Root Certification Authorities**.\n5. Click **Next** → **Finish**.\n6. Restart your browser.\n\n#### macOS\n1. Double-click `ca\u002Fca.crt` — it opens in Keychain Access.\n2. It goes into the **login** keychain.\n3. Find the certificate, double-click it.\n4. Click on View Certificate then expand **Trust** → set **When using this certificate** to **Always Trust**.\n5. Select System in the Keychain section and press add button.\n6. Close and enter your password. Restart your browser.\n\n#### Linux (Ubuntu\u002FDebian)\n```bash\nsudo cp ca\u002Fca.crt \u002Fusr\u002Flocal\u002Fshare\u002Fca-certificates\u002Fmasterhttp-relay.crt\nsudo update-ca-certificates\n```\nRestart your browser.\n\n#### Firefox (All Platforms)\nFirefox uses its own certificate store, so even after OS-level install you need to do this:\n1. Go to **Settings** → **Privacy & Security** → **Certificates** → **View Certificates**.\n2. Go to the **Authorities** tab → click **Import**.\n3. Select `ca\u002Fca.crt` from the project folder.\n4. Check **Trust this CA to identify websites** → click **OK**.\n\n> **Auto-install on startup:** When running in `apps_script` mode the proxy will automatically detect if the CA is not yet trusted and attempt to install it for you. If it succeeds you'll see a confirmation in the log; if it fails (e.g. needs administrator rights) it will print instructions. You can also run `python main.py --install-cert` at any time to (re-)install the certificate.\n\n> **Uninstalling:** To remove the certificate from your system's trust stores, run `python main.py --uninstall-cert` or use `start.bat --uninstall-cert` on Windows. This removes the certificate from all system trust stores and Firefox profiles.\n\n> ⚠️ **Security note:** This certificate only works locally on your machine. Don't share the `ca\u002F` folder with anyone. If you want to start fresh, delete the `ca\u002F` folder and the tool will generate a new one.\n\n---\n\n## LAN Sharing (Optional)\n\nBy default, the proxy only listens on `127.0.0.1` (localhost), meaning only your computer can use it. To allow other devices on your local network (LAN) to use the proxy:\n\n1. Set `\"lan_sharing\": true` in your `config.json`\n2. The proxy will automatically listen on all network interfaces (`0.0.0.0`)\n3. The startup log will show your LAN IP addresses that other devices can connect to\n\n**Example LAN configuration:**\n```json\n{\n \"lan_sharing\": true,\n \"listen_host\": \"0.0.0.0\",\n \"http_port\": 8085\n}\n```\n\n**Security Warning:** When LAN sharing is enabled, anyone on your local network can use your proxy. Ensure your network is trusted and consider additional security measures.\n\n**On other devices:** Configure them to use your computer's LAN IP (shown in the startup log) and port 8085 as the HTTP proxy.\n\n---\n\n## Docker (Optional)\n\nIf you prefer running the proxy in a container instead of managing a Python environment, Docker is supported.\n\n**Requirements:** [Docker](https:\u002F\u002Fdocs.docker.com\u002Fget-docker\u002F) and [Docker Compose](https:\u002F\u002Fdocs.docker.com\u002Fcompose\u002F)\n\n### Setup\n\n1. Copy and fill in your config:\n ```bash\n cp config.example.json config.json\n # Edit config.json — set your script_id and auth_key\n ```\n\n2. Build and start:\n ```bash\n docker compose up -d\n ```\n\nThe container automatically listens on `0.0.0.0`, so both ports are reachable from the host:\n- `127.0.0.1:8085` — HTTP proxy\n- `127.0.0.1:1080` — SOCKS5 proxy\n\n### CA Certificate in Docker\n\nOn first run, the container generates `ca\u002Fca.crt` into the `.\u002Fca` volume on your host. Install it in your browser manually — see [Step 6](#step-6-install-the-ca-certificate-required-for-https) above. Running `--install-cert` inside the container has no effect on the host OS certificate store.\n\n### Useful Commands\n\n```bash\ndocker compose up -d # Start in background\ndocker compose logs -f # Follow logs\ndocker compose restart # Restart after config change\ndocker compose down # Stop and remove container\ndocker compose build # Rebuild image after code change\n```\n\n> **`config.json` is mounted read-only** into the container and is never baked into the image, so your secrets stay on the host.\n\n---\n\n## Modes Overview\n\nThis project is centered on the **Apps Script** relay (free, no VPS needed). For destinations that block Google egress, you can optionally chain an edge exit node (Cloudflare Workers, Deno Deploy, or your own VPS).\n\n---\n\n## Configuration Options\n\n### Main Settings\n\n| Setting | What It Does |\n|---------|-------------|\n| `auth_key` | Password shared between your computer and the relay |\n| `script_id` | Your Google Apps Script Deployment ID |\n| `listen_host` | Where to listen (`127.0.0.1` = only this computer, `0.0.0.0` = all interfaces for LAN sharing) |\n| `http_port` | Which HTTP proxy port to listen on (default: `8085`) |\n| `lan_sharing` | Enable LAN sharing to allow other devices on your network to use the proxy (`false` by default) |\n| `log_level` | How much detail to show: `DEBUG`, `INFO`, `WARNING`, `ERROR` |\n\n### Advanced Settings\n\n| Setting | Default | What It Does |\n|---------|---------|-------------|\n| `google_ip` | `216.239.38.120` | Google IP address to connect through |\n| `front_domain` | `www.google.com` | Domain shown to the firewall\u002Ffilter |\n| `verify_ssl` | `true` | Verify the TLS certificate on the local fronted connection to Google\u002FCDN |\n| `relay_timeout` | `25` | Total timeout for one relayed request before it fails |\n| `tls_connect_timeout` | `15` | Timeout for the proxy's TLS connection to the fronted Google\u002FCDN endpoint |\n| `tcp_connect_timeout` | `10` | Timeout for direct TCP tunnels and outbound SNI-rewrite connects |\n| `script_ids` | — | Multiple Script IDs for load balancing (array) |\n| `chunked_download_extensions` | see [config.example.json](config.example.json) | File extensions that should use parallel range downloading. Supports `\".*\"` to probe all GET downloads. |\n| `chunked_download_min_size` | `5242880` | Minimum total file size (5 MB) before range-parallel download stays enabled |\n| `chunked_download_chunk_size` | `524288` | Per-range chunk size used by parallel downloads |\n| `chunked_download_max_parallel` | `8` | Maximum simultaneous range requests for one download |\n| `chunked_download_max_chunks` | `256` | Soft upper bound for total chunk requests; chunk size is raised automatically for very large files |\n| `hosts` | `{}` | Manual DNS override map (`hostname` or `.suffix` -> IP). Example: `{ \"example.org\": \"93.184.216.34\", \".internal.lan\": \"192.168.1.10\" }`. |\n| `block_hosts` | `[]` | Hosts that must never be tunneled (return HTTP 403). Supports exact names (`ads.example.com`) or leading-dot suffixes (`.doubleclick.net`). |\n| `direct_hosts` | `[]` | Hosts that must always go direct (no MITM and no relay\u002Fdomain-fronting). Supports exact names and leading-dot suffixes. |\n| `bypass_hosts` | `[\"localhost\", \".local\", \".lan\", \".home.arpa\"]` | Hosts that go direct (no MITM, no relay). Useful for LAN resources or sites that break under MITM. |\n| `direct_google_exclude` | see [config.example.json](config.example.json) | Google apps that must use the MITM relay path instead of the fast direct tunnel. |\n| `youtube_via_relay` | `false` | Route YouTube (`youtube.com`, `youtu.be`, `youtube-nocookie.com`) through the Apps Script relay instead of the SNI-rewrite path. The SNI-rewrite path uses Google's frontend IP which enforces SafeSearch and can cause **\"Video Unavailable\"** errors. Setting this to `true` fixes playback at the cost of using more Apps Script executions and slightly higher latency. |\n| `exit_node.provider` | `cloudflare` | Selected exit-node backend: `cloudflare`, `deno`, `vps`, or `custom`. |\n| `exit_node.url` | `\"\"` | Beginner-friendly single URL for the selected provider. |\n\nPractical host-policy example:\n\n```json\n{\n \"block_hosts\": [\n \"ads.example.com\",\n \".doubleclick.net\"\n ],\n \"direct_hosts\": [\n \"chat.openai.com\",\n \".openai.com\"\n ],\n \"hosts\": {\n \"example.org\": \"93.184.216.34\",\n \".internal.lan\": \"192.168.1.10\"\n }\n}\n```\n\n- `block_hosts`: deny requests entirely (`403`) for exact names or full suffix trees.\n- `direct_hosts`: force plain direct tunnel only (no MITM, no relay fronting).\n- `hosts`: force DNS mapping before any real lookup (useful for testing\u002Fsplit-DNS workarounds).\n\nNote: the relay response body cap is now a code constant (`MAX_RESPONSE_BODY_BYTES`) in [src\u002Fcore\u002Fconstants.py](src\u002Fcore\u002Fconstants.py), not a user config key.\n\n### Optional Dependencies\n\nInstall everything from [`requirements.txt`](requirements.txt). All listed packages are optional — the proxy runs with no third-party dependencies in basic modes, but without them you lose features:\n\n| Package | Provides |\n|---------|----------|\n| `cryptography` | MITM TLS interception (required for `apps_script` mode with HTTPS sites) |\n| `h2` | HTTP\u002F2 multiplexing to the Apps Script relay (significantly faster) |\n| `brotli` | Decompression of `Content-Encoding: br` responses |\n| `zstandard` | Decompression of `Content-Encoding: zstd` responses |\n\n\n### Load Balancing\n\nTo increase speed, deploy `Code.gs` multiple times to different Apps Script projects and use all their IDs:\n\n```json\n{\n \"script_ids\": [\n \"DEPLOYMENT_ID_1\",\n \"DEPLOYMENT_ID_2\",\n \"DEPLOYMENT_ID_3\"\n ]\n}\n```\n> ⚠️ **Note:** If you are using multiple deployments, the auth-keys must be identical. (All deployments must use the same auth-key.)\n---\n\n## Updating the Google Relay\n\nIf you change `Code.gs`, you must **create a new deployment** in Google Apps Script (Deploy → New deployment) and **update the `script_id`** in your `config.json`. Just editing the code does not update the live version.\n\n---\n\n## Command Line Options\n\n```bash\npython3 main.py # Normal start\npython3 main.py -p 9090 # Use HTTP port 9090 instead\npython3 main.py --socks5-port 1081 # Use SOCKS5 port 1081\npython3 main.py --log-level DEBUG # Show detailed logs\npython3 main.py -c \u002Fpath\u002Fto\u002Fconfig.json # Use a different config file\npython3 main.py --install-cert # Install MITM CA certificate and exit\npython3 main.py --uninstall-cert # Remove MITM CA certificate and exit\npython3 main.py --no-cert-check # Skip automatic CA install check on startup\npython3 main.py --scan # Scan Google IPs and find the fastest one\n```\n\n> **Auto-install:** On startup (MITM mode), the proxy automatically checks if the CA certificate is trusted and attempts to install it. Use `--no-cert-check` to skip this. If auto-install fails (e.g. needs elevation), run `python main.py --install-cert` manually or follow Step 6 above.\n\n### Scanning for the Fastest Google IP\n\nIf your current `google_ip` in `config.json` is blocked or slow, you can scan to find a faster one:\n\n```bash\npython3 main.py --scan\n```\n\nThis will:\n1. Probe 27 candidate Google IPs in parallel\n2. Measure latency from your network\n3. Display results in a table\n4. Recommend the fastest IP\n5. Exit with exit code 0 if at least one IP is reachable, 1 otherwise\n\n**Example output:**\n```\nScanning 27 Google frontend IPs\n SNI: www.google.com\n Timeout: 4s per IP\n Concurrency: 8 parallel probes\n\nIP LATENCY STATUS\n-------------------- ------------ -------------------------\n216.239.32.120 42ms OK\n216.239.34.120 45ms OK\n216.239.36.120 52ms OK\n142.250.80.142 timeout timeout\n...\n\nResult: 15 \u002F 27 reachable\n\nTop 3 fastest IPs:\n 1. 216.239.32.120 (42ms)\n 2. 216.239.34.120 (45ms)\n 3. 216.239.36.120 (52ms)\n\nRecommended: Set \"google_ip\": \"216.239.32.120\" in config.json\n```\n\nAfter scanning, update your `config.json` with the recommended IP and restart the proxy.\n\n---\n\n## Architecture\n\n```\n┌─────────┐ ┌──────────────┐ ┌─────────────┐ ┌──────────┐\n│ Browser │────►│ Local Proxy │────►│ CDN \u002F Google │────►│ Relay │──► Internet\n│ │◄────│ (this tool) │◄────│ (fronted) │◄────│ Endpoint │◄──\n└─────────┘ └──────────────┘ └─────────────┘ └──────────┘\n HTTP\u002FCONNECT TLS (SNI: ok) Fetch target\n MITM (optional) Host: relay Return response\n```\n\n---\n\n## Project Files\n\n```\nMasterHttpRelayVPN\u002F\n├── main.py # Entry point: starts the proxy\n├── setup.py # Interactive wizard — writes config.json\n├── start.bat \u002F start.sh # One-click launcher (venv + deps + wizard + run)\n├── config.example.json # Copy to config.json and fill in your values\n├── requirements.txt # Python dependencies\n├── Dockerfile # Container image definition\n├── docker-compose.yml # Compose config: ports, volumes, restart policy\n├── apps_script\u002F\n│ ├── Code.gs # The relay script you deploy to Google Apps Script\n│ ├── cloudflare_worker.js # Exit node template for Cloudflare Workers\n│ └── deno_deploy.ts # Exit node template for Deno Deploy\n├── ca\u002F # Generated MITM CA (do NOT share)\n│ ├── ca.crt\n│ └── ca.key\n└── src\u002F # Proxy implementation\n ├── proxy_server.py # Accepts HTTP CONNECT and SOCKS5\n ├── domain_fronter.py # Apps Script relay client (fronted through Google)\n ├── h2_transport.py # Optional HTTP\u002F2 multiplexing\n ├── mitm.py # On-the-fly TLS interception\n ├── cert_installer.py # Cross-platform CA installer (Windows\u002FmacOS\u002FLinux + Firefox)\n ├── codec.py # Content-Encoding decoder (gzip\u002Fdeflate\u002Fbr\u002Fzstd)\n ├── google_ip_scanner.py # Scanner to find the fastest reachable Google IP\n ├── constants.py # Tunable defaults and shared data\n └── logging_utils.py # Colored, aligned log formatter\n```\n\n---\n\n## Troubleshooting\n\n| Problem | Solution |\n|---------|----------|\n| \"Config not found\" | Copy `config.example.json` to `config.json` and fill in your values |\n| Browser shows certificate errors | Install the CA certificate (see Step 6 above) |\n| Telegram works but browser doesn't load sites | Almost certainly the CA certificate is not installed. Follow Step 6 to install `ca\u002Fca.crt`, then **fully close and reopen your browser** (for Chrome\u002FEdge, make sure no Chrome process is running in the background before reopening). |\n| Installed the cert but browser still errors | Chrome and Edge cache certificates — you must **completely close** the browser (check Task Manager \u002F system tray) and reopen it for the new cert to take effect. Firefox requires a separate import (see Step 6 Firefox section). |\n| \"unauthorized\" error | Make sure `auth_key` in `config.json` matches `AUTH_KEY` in `Code.gs` exactly |\n| Connection timeout | Try a different `google_ip` or check your internet connection |\n| Slow browsing | Deploy multiple `Code.gs` copies and use `script_ids` array for load balancing |\n| `502 Bad JSON` error | Google returned an unexpected response (HTML instead of JSON). Causes: wrong `script_id`, Apps Script daily quota exhausted, or the deployment wasn't re-created after editing `Code.gs`. Check your `script_id` and create a **new deployment** if you recently changed `Code.gs`. |\n| Telegram works on HTTP proxy but not on SOCKS5 | **Expected.** SOCKS5 clients resolve hostnames locally and connect to raw IPs, so Telegram's MTProto-obfuscated bytes reach a blocked IP that we can neither direct-tunnel nor intercept. Configure Telegram as an **HTTP proxy** (`127.0.0.1:8085`) instead — it sends hostnames, which the proxy handles via SNI-rewrite through Google. |\n| Google and YouTube open but YouTube videos don't play and other sites don't load | The connection to `script.google.com` was not successfully established. This is likely caused by an issue with the deployment of `Code.gs` on Google Apps Script, or the daily execution quota has been exhausted. Re-deploy `Code.gs` with a new deployment and verify your `script_id`, or wait until the quota resets (midnight Pacific Time \u002F 10:30 AM Iran Time). |\n\n---\n\n## Security Tips\n\n- **Never share your `config.json`** — it has your password in it.\n- **Change the default `AUTH_KEY`** in `Code.gs` before deploying.\n- **Don't share the `ca\u002F` folder** — it contains your private certificate key.\n- Keep `listen_host` as `127.0.0.1` so only your computer can use the proxy.\n- Every google scripts deployment has limit of 20,000 requests in 24 hours\n---\n\n## Special Thanks\n\nSpecial thanks to [@abolix](https:\u002F\u002Fgithub.com\u002Fabolix) for making this project possible.\n\n## Sources\n\n- **Ad blocker filter lists:** [PersianBlocker](https:\u002F\u002Fgithub.com\u002FMasterKia\u002FPersianBlocker\u002F) by MasterKia\n\n## License\n\nMIT\n","MasterHttpRelayVPN 是一个通过伪装成可信网站(如 Google)的流量来帮助用户自由访问互联网的工具。其核心功能包括利用中间人TLS拦截、HTTP\u002F1-2多路复用及深度包检测规避技术,使网络审查难以识别真实访问目标。该工具基于Python开发,无需额外租用VPS或服务器,仅需一个免费的Google账号即可运行。适用于需要绕过网络限制但又不想或无法使用传统VPN服务的场景。",2,"2026-06-11 02:38:26","CREATED_QUERY"]