[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-657":3},{"id":4,"name":5,"fullName":6,"owner":7,"repo":5,"description":8,"homepage":9,"htmlUrl":10,"language":11,"languages":10,"totalLinesOfCode":10,"stars":12,"forks":13,"watchers":14,"openIssues":15,"contributorsCount":16,"subscribersCount":16,"size":16,"stars1d":17,"stars7d":18,"stars30d":19,"stars90d":16,"forks30d":16,"starsTrendScore":20,"compositeScore":21,"rankGlobal":10,"rankLanguage":10,"license":22,"archived":23,"fork":23,"defaultBranch":24,"hasWiki":25,"hasPages":23,"topics":26,"createdAt":10,"pushedAt":10,"updatedAt":36,"readmeContent":37,"aiSummary":38,"trendingCount":16,"starSnapshotCount":16,"syncStatus":39,"lastSyncTime":40,"discoverSource":41},657,"mhr-cfw","denuitt1\u002Fmhr-cfw","denuitt1","A Domain-Fronting Relay that routes traffic though GAS (Google Apps Script) and forwards it to Cloudflare Workers. Designed to bypass DPI.","",null,"Python",4361,425,19,120,0,34,43,1198,102,29.89,"MIT License",false,"main",true,[27,28,29,30,31,32,33,34,35],"cloudflare-workers","domain-fronting","dpi","dpi-bypass","google-apps-script","http","mitm","proxy","sni","2026-06-12 02:00:16","# MHR-CFW - MITM Domain-Fronted HTTP Relay + Cloudflare Worker Exit\r\n\r\n[![GitHub](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FGitHub-MHR_CFW-red?logo=github)](https:\u002F\u002Fgithub.com\u002Fdenuitt1\u002Fmhr-cfw)\r\n\r\n\r\n| [English](README.md) | [Persian](README_FA.md) |\r\n| :---: | :---: |\r\n\r\n---\r\n\r\n## How It Works\r\n\r\n### 1 - GAS + Cloudflare Worker Exit\r\n```\r\nClient -> Local Relay -> Google\u002FCDN Front -> GAS (Google Apps Script) Relay -> Cloudflare Worker -> Exit\r\n            |\r\n            +-> Shows www.google.com to network DPI filter\r\n```\r\n\r\n### 2 - GAS + Cloudflare Worker Middle + Self-Hosted Upstream Forwarder Relay Exit\r\n```\r\nClient -> Local Relay -> Google\u002FCDN Front -> GAS (Google Apps Script) Relay -> Cloudflare Worker -> Self-Hosted Upstream Forwarder -> Exit\r\n            |\r\n            +-> Shows www.google.com to network DPI filter\r\n```\r\n\r\nIn normal use, the browser sends traffic to the proxy running on your computer.\r\nThe proxy sends that traffic through Google-facing infrastructure so the network only sees an allowed domain such as `www.google.com`.\r\nYour deployed relay then fetches the real website through cloudflare worker and sends the response back through the same path.\r\n\r\nThis means the filter sees normal-looking Google traffic, while the actual destination stays hidden inside the relay request.\r\n\r\n\r\n--- \r\n\r\n## How to Use\r\n\r\n### 1 - Download project and extract \r\n\r\n```bash\r\ngit clone https:\u002F\u002Fgithub.com\u002Fdenuitt1\u002Fmhr-cfw.git\r\ncd mhr-cfw\r\npip install -r requirements.txt\r\n```\r\n> **Can't reach PyPI directly?** Use this mirror instead:\r\n> ```bash\r\n> pip install -r requirements.txt -i https:\u002F\u002Fmirror-pypi.runflare.com\u002Fsimple\u002F --trusted-host mirror-pypi.runflare.com\r\n> ```\r\n\r\n\r\n### 2 - Set Up the Cloudflare Worker (worker.js)\r\n\r\n1. Open [Cloudflare Dashboard](https:\u002F\u002Fdash.cloudflare.com\u002F) and sign in with your Cloudflare account.\r\n2. From the sidebar, navigate to **Compute > Workers & Pages**\r\n3. Click **Create Application**, Choose **Start with Hello World** and click on **Deploy**\r\n4. Click on **Edit code** and **Delete** all the default code in the editor.\r\n5. Open the [`worker.js`](script\u002Fworker.js) file from this project (under `script\u002F`), **copy everything**, and paste it into the Apps Script editor.\r\n6. **Important:** Change the worker on this line to the worker you created:\r\n   ```javascript\r\n   const WORKER_URL = \"myworker.workers.dev\";\r\n   ```\r\n7. Click **Deploy**.\r\n\r\n### 3 - Set Up the Google Relay (Code.gs)\r\n\r\n1. Open [Google Apps Script](https:\u002F\u002Fscript.google.com\u002F) and sign in with your Google account.\r\n2. Click **New project**.\r\n3. **Delete** all the default code in the editor.\r\n4. Open the [`Code.gs`](script\u002FCode.gs) file from this project (under `script\u002F`), **copy everything**, and paste it into the Apps Script editor.\r\n5. **Important:** Change the password on this line to something only you know, also replace the worker url with your cloudflare worker:\r\n   ```javascript\r\n   const AUTH_KEY = \"your-secret-password-here\";\r\n   const WORKER_URL = \"https:\u002F\u002Fmyworker.workers.dev\";\r\n   ```\r\n6. Click **Deploy** → **New deployment**.\r\n7. Choose **Web app** as the type.\r\n8. Set:\r\n   - **Execute as:** Me\r\n   - **Who has access:** Anyone\r\n9. Click **Deploy**.\r\n10. **Copy the Deployment ID** (it looks like a long random string). You'll need it in the next step.\r\n\r\n> ⚠️ Remember the password you set in step 3. You'll use the same password in the config file below.\r\n\r\n### 4 - Run\r\n\r\nClick on the `run.bat` file (on windows) or `run.sh` file (on linux) to start the relay.\r\n\r\nIf you're running for the first time it will prompt a setup wizard where you have to enter the AUTH_KEY and Google Apps Script Deployment ID.\r\nYou should see a message saying the HTTP proxy is running on `127.0.0.1:8085`\r\n\r\n### 5 - Usage\r\n\r\nWe recommend using [v2rayN client](https:\u002F\u002Fgithub.com\u002F2dust\u002Fv2rayn) and configuring a socks5 proxy.\r\n\r\nYou can also use [FoxyProxy](https:\u002F\u002Fgetfoxyproxy.org\u002F)'s [Chrome extension](https:\u002F\u002Fchromewebstore.google.com\u002Fdetail\u002Ffoxyproxy\u002Fgcknhkkoolaabfmlnjonogaaifnjlfnp?hl=en) or [Firefox extension](https:\u002F\u002Faddons.mozilla.org\u002Fen-US\u002Ffirefox\u002Faddon\u002Ffoxyproxy-standard\u002F) to use this proxy in your browser.\r\n\r\n### 6 - Test your connection\r\n\r\nOpen [ipleak.net](https:\u002F\u002Fipleak.net) in your browser, you should see your ip address set as cloudflare's.\r\n\r\n\u003Cimg width=\"1454\" height=\"869\" alt=\"image\" src=\"https:\u002F\u002Fgithub.com\u002Fuser-attachments\u002Fassets\u002Fdfd3316d-69b6-4b0e-b564-fdb055dbdafd\" \u002F>\r\n\r\n\r\n---\r\n\r\n## Optional: Stable Exit IP via Upstream Forwarder\r\n\r\nCAPTCHAs (Cloudflare Turnstile\u002Fbot challenge, reCAPTCHA, hCaptcha) bind tokens\r\nto the IP that solved the challenge. Cloudflare Workers exit through different\r\nedge IPs per request, so verification on the target site fails even when you\r\nsolve the challenge. This optional add-on lets the Worker forward all `fetch()`\r\ncalls through a small Node server you run on a VPS with a stable IP — giving\r\nthe target site one consistent exit address.\r\n\r\n### When you need this\r\n\r\n- Sites behind Cloudflare's bot challenge keep looping you back to the challenge page.\r\n- Login forms reject you after solving a reCAPTCHA\u002FhCaptcha.\r\n- You need cookie continuity across requests (e.g. `cf_clearance`).\r\n\r\nIf you don't hit these, leave it unconfigured — the Worker behaves exactly as before.\r\n\r\n### Why a separate server is required\r\n\r\nCloudflare Workers don't expose a stable outbound IP — `fetch()` exits through a rotating pool of Cloudflare edge IPs, which is exactly what breaks IP-bound CAPTCHA tokens. Cloudflare's static-egress options (BYOIP, Egress Workers) are Enterprise-tier, so a small VPS with a static IP is the practical workaround. The forwarder is just a thin proxy that re-issues the `fetch()` from a stable address.\r\n\r\n### 1. Deploy the forwarder on a VPS\r\n\r\nThe reference implementation is [`script\u002Fupstream_forwarder.js`](script\u002Fupstream_forwarder.js).\r\nIt needs Node 18+ and no dependencies. Run it behind Caddy or nginx with TLS —\r\nthe Worker rejects non-HTTPS forwarder URLs.\r\n\r\n```bash\r\n# On your VPS (Ubuntu\u002FDebian example):\r\nsudo apt install -y nodejs   # must be 18+\r\nexport AUTH_KEY=\"some-long-random-string-at-least-32-chars\"\r\nexport PORT=8787\r\nnode script\u002Fupstream_forwarder.js\r\n```\r\n\r\nFront it with Caddy for auto-TLS:\r\n\r\n```\r\nforwarder.example.com {\r\n    reverse_proxy 127.0.0.1:8787\r\n}\r\n```\r\n\r\nQuick smoke test:\r\n\r\n```bash\r\ncurl -X POST https:\u002F\u002Fforwarder.example.com\u002Ffwd \\\r\n  -H \"x-upstream-auth: $AUTH_KEY\" \\\r\n  -H \"content-type: application\u002Fjson\" \\\r\n  -d '{\"u\":\"https:\u002F\u002Fhttpbin.org\u002Fip\",\"m\":\"GET\",\"h\":{}}'\r\n```\r\n\r\nThe decoded response body should show the **VPS's IP**.\r\n\r\n### 2. Wire the Worker to the forwarder\r\n\r\nIn the Cloudflare dashboard → your Worker → **Settings → Variables and Secrets**:\r\n\r\n| Name | Type | Value |\r\n|---|---|---|\r\n| `UPSTREAM_FORWARDER_URL` | Secret | `https:\u002F\u002Fforwarder.example.com\u002Ffwd` |\r\n| `UPSTREAM_AUTH_KEY` | Secret | the same `AUTH_KEY` you set on the VPS |\r\n| `UPSTREAM_FAIL_MODE` | Variable | `closed` (default) — return 502 on forwarder failure. Use `open` to fall back to direct fetch. |\r\n| `UPSTREAM_TIMEOUT_MS` | Variable (optional) | default `25000` |\r\n\r\nSave and redeploy the Worker.\r\n\r\n### 3. Verify\r\n\r\nBrowse `https:\u002F\u002Fhttpbin.org\u002Fip` through the proxy — you should see the **VPS's IP**, not Cloudflare's. Then revisit a CAPTCHA-protected site that wasn't working — the challenge should now validate.\r\n\r\n> The forwarder must require auth. Without `AUTH_KEY` it refuses to start. Anyone with the URL and key can use it as a relay, so keep both secret.\r\n\r\n---\r\n\r\n## Disclaimer\r\n\r\n`mhr-cfw` is provided for educational, testing, and research purposes only.\r\n\r\n- **Provided without warranty:** This software is provided \"AS IS\", without express or implied warranty, including merchantability, fitness for a particular purpose, and non-infringement.\r\n- **Limitation of liability:** The developers and contributors are not responsible for any direct, indirect, incidental, consequential, or other damages resulting from the use of this project or the inability to use it.\r\n- **User responsibility:** Running this project outside controlled test environments may affect networks, accounts, proxies, certificates, or connected systems. You are solely responsible for installation, configuration, and use.\r\n- **Legal compliance:** You are responsible for complying with all local, national, and international laws and regulations before using this software.\r\n- **Google services compliance:** If you use Google Apps Script or other Google services with this project, you are responsible for complying with Google's Terms of Service, acceptable use rules, quotas, and platform policies. Misuse may lead to suspension or termination of your Google account or deployments.\r\n- **License terms:** Use, copying, distribution, and modification of this software are governed by the repository license. Any use outside those terms is prohibited.\r\n\r\n---\r\n\r\n## Sources for this project\r\n- https:\u002F\u002Fgithub.com\u002Fmasterking32\u002FMasterHttpRelayVPN\r\n","该项目是一个通过Google Apps Script和Cloudflare Workers实现的域前置中继，旨在绕过深度包检测（DPI）。其核心功能包括使用Python编写的本地代理，该代理将流量伪装成对`www.google.com`的请求并通过Google基础设施转发，然后由Cloudflare Worker处理实际的目标网站请求并返回响应。这种方式使得网络过滤器只能看到正常的Google流量，而实际访问的目标则被隐藏。技术上，它结合了HTTP、中间人攻击（MITM）以及服务器名称指示（SNI）等手段来实现流量的匿名化传输。适用于需要规避网络审查或限制性互联网环境下的安全浏览场景。",2,"2026-06-11 02:38:26","CREATED_QUERY"]