[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-80947":3},{"id":4,"name":5,"fullName":6,"owner":7,"repo":5,"description":8,"homepage":9,"htmlUrl":9,"language":10,"languages":9,"totalLinesOfCode":9,"stars":11,"forks":12,"watchers":13,"openIssues":14,"contributorsCount":15,"subscribersCount":15,"size":15,"stars1d":15,"stars7d":16,"stars30d":12,"stars90d":15,"forks30d":15,"starsTrendScore":15,"compositeScore":17,"rankGlobal":9,"rankLanguage":9,"license":18,"archived":19,"fork":19,"defaultBranch":20,"hasWiki":21,"hasPages":19,"topics":22,"createdAt":9,"pushedAt":9,"updatedAt":23,"readmeContent":24,"aiSummary":25,"trendingCount":15,"starSnapshotCount":15,"syncStatus":12,"lastSyncTime":26,"discoverSource":27},80947,"rm-sni-spoofer","rm-rfd\u002Frm-sni-spoofer","rm-rfd","A windows only App for SNI spoofing with Xray profile panel",null,"Python",34,2,32,3,0,1,1.43,"GNU General Public License v3.0",false,"main",true,[],"2026-06-12 02:04:08","# RM SNI Spoofer\n\nThis project is built on top of the work by Patterniha: https:\u002F\u002Fgithub.com\u002Fpatterniha\u002FSNI-Spoofing. Big thanks for the original idea and code that inspired this repository.\n\n> \u003Cdiv style=\"color: #e83220; font-weight:500;\">This software is provided as-is, without any warranty or guarantee of connectivity, reliability, or fitness for any particular purpose. Use it at your own risk. The user is solely responsible for any outcomes, issues, or consequences that may arise from using this project.\u003C\u002Fdiv>\n\nRM SNI Spoofer is a Windows-only local TCP relay that injects a decoy TLS ClientHello with a spoofed SNI, then forwards the real traffic normally. The fake packet is sent with an intentionally wrong TCP sequence number so packet filters can see it on the wire without it becoming part of the live stream.\n\nThe app also includes a desktop control panel for managing Xray share links, starting and stopping the relay, and running delay tests. The codebase is split across GUI orchestration, runtime control, Xray helpers, packet injection, and subprocess wrappers instead of a single monolithic entry point.\n\n## What It Does\n\nFor each incoming TCP connection, the program listens on `LISTEN_HOST:LISTEN_PORT`, opens an outbound connection to the configured `CONNECT_IP`, watches that connection with WinDivert through `pydivert`, injects the fake TLS handshake, and then relays bytes in both directions without modifying the real payload.\n\nIf an active Xray profile is configured, the app starts the bundled `xray.exe` process. In the proxy-based modes, Xray exposes one local mixed proxy on `127.0.0.1:LOCAL_PROXY_PORT`, and its outbound traffic is rewired back to the local relay listener. In `tunnel whole system` mode, Xray creates a Wintun-backed TUN adapter and the app takes ownership of the default IPv4 route, a direct exclusion route for `CONNECT_IP`, and the tunnel adapter DNS settings while the relay is running.\n\nThe connection mode controls what the app owns while the relay is running:\n\n- `clear system proxy`: the app clears the Windows system proxy while keeping the local mixed proxy available for manual clients.\n- `set system proxy`: the app points the Windows system proxy at `127.0.0.1:LOCAL_PROXY_PORT` while the relay is running.\n- `tunnel whole system`: the app uses the bundled Xray TUN backend with `wintun.dll`, moves the default IPv4 route onto the Xray adapter, pins `CONNECT_IP` outside the tunnel, applies `TUNNEL_DNS_SERVERS` to the tunnel adapter, and restores those changes on stop or stale-state repair. This mode requires administrator rights and carries UDP traffic through the tunnel backend.\n\nThe GUI stores direct `vless:\u002F\u002F` and `trojan:\u002F\u002F` share links in an `XRAY Profiles` table, lets you mark one row active, and runs delay tests for selected rows. Only the active profile powers the relay. Delay tests are available only in the proxy-based modes and are intentionally blocked while `tunnel whole system` is selected.\n\n## Key Limits\n\n- Windows only.\n- IPv4 only in the current entry point.\n- The proxy-based relay path is TCP-only; UDP works in `tunnel whole system` mode through the bundled Xray TUN backend.\n- One fixed upstream destination per run.\n- `wrong_seq` is the only active bypass method.\n- Share-link mode expects port `443` unless `FORCE_CONNECT_PORT` is enabled.\n\n## Project Layout\n\n- `src\u002Fmain.py`: canonical command-line bootstrap and `--headless` entry point.\n- `src\u002Fgui\u002Fwindow.py`: desktop control panel shell and layout orchestration.\n- `src\u002Fgui\u002Frelay.py`: relay start\u002Fstop actions, delay-test actions, and config assembly from GUI state.\n- `src\u002Fgui\u002Fprofiles.py`: profile-table behavior, selection state, and persistence glue.\n- `src\u002Fgui\u002Flogs.py`: log queue routing and display formatting.\n- `src\u002Fgui\u002Feditor.py`: reusable text and context-menu helpers.\n- `src\u002Fgui\u002Fdialogs.py`: support, help, and share-link dialogs.\n- `src\u002Fgui\u002Fwidgets.py`: custom panels and buttons.\n- `src\u002Fgui\u002Ftheme.py`: theme tokens, icons, and style setup.\n- `src\u002Fcore\u002Fconfig\u002Fapp_config.py`: config loading, normalization, and profile record helpers.\n- `src\u002Fcore\u002Fruntime\u002Fruntime_controller.py`: mode-aware runtime ownership, startup, shutdown, and stale-state repair.\n- `src\u002Fcore\u002Fruntime\u002Fruntime_state.py`: shared runtime settings, runtime-path resolution, and Xray startup decisions.\n- `src\u002Fcore\u002Fruntime\u002Ftunnel_backend.py`: bundled Xray TUN backend, route ownership, DNS ownership, and stale tunnel cleanup.\n- `src\u002Fcore\u002Fruntime\u002Frelay_server.py`: headless relay startup and accept-loop orchestration.\n- `src\u002Fservices\u002Frelay_runtime.py`: GUI subprocess launcher for the headless runtime.\n- `src\u002Fservices\u002Fdelay_test.py`: temporary relay and proxy runtime for delay probes.\n- `src\u002Fcore\u002Fxray\u002Fconfig.py`: Xray share-link parsing and config generation.\n- `src\u002Fcore\u002Fxray\u002Fprocess.py`: bundled Xray process lifecycle.\n- `src\u002Fcore\u002Fpacket_injection\u002F`: WinDivert wrapper, per-connection state, and fake packet injection.\n- `src\u002Futils\u002Fnetwork_tools.py` and `src\u002Futils\u002Fpacket_templates.py`: low-level network and TLS packet helpers.\n- `src\u002Fassets\u002F`: packaged fonts, icons, and app logos.\n\n## Configuration\n\nRuntime settings live in `config.json`. The most important fields are `LISTEN_HOST`, `LISTEN_PORT`, `CONNECT_IP`, `CONNECT_PORT`, `FORCE_CONNECT_PORT`, `FAKE_SNI`, `CONNECTION_MODE`, `LOCAL_PROXY_BIND_HOST`, `LOCAL_PROXY_PORT`, `TUNNEL_DNS_SERVERS`, `XRAY_PROFILES`, `XRAY_ACTIVE_PROFILE_ID`, `XRAY_BINARY_PATH`, `XRAY_LOG_LEVEL`, and `XRAY_RELAY_HOST`.\n\n`TUNNEL_DNS_SERVERS` is a list of IPv4 DNS servers that the app applies to the Xray tunnel adapter while `tunnel whole system` is active. The current default is Cloudflare IPv4 (`1.1.1.1`, `1.0.0.1`).\n\n`LOCAL_PROXY_BIND_HOST` controls which IPv4 address the local Xray mixed proxy binds to. The default is `127.0.0.1`. Set it to `0.0.0.0` only when you intentionally want other devices on the same LAN to use the proxy, because the mixed proxy is unauthenticated. If Windows Firewall prompts while LAN sharing is enabled, allow the app only on private or otherwise trusted networks.\n\n`FAKE_SNI` only changes the spoofed value in the injected packet. It does not affect DNS resolution or choose the upstream IP.\n\nThe GUI reads these values from disk at startup and builds temporary runtime configs from the current form values when starting the relay or running delay tests. Profile add, edit, remove, and active-row changes are handled through the GUI helpers in `src\u002Fgui\u002Fprofiles.py`.\n\nConnection-mode and mixed-port planning is documented in `implementation-docs\u002Fplan-connection-mode.md` and `implementation-docs\u002Fplan-connection-mode-todo.md`. The current release uses one mixed local proxy port for the proxy-based modes and supports `tunnel whole system` through the bundled Xray TUN backend for TCP-oriented traffic.\n\n## Requirements\n\n- Windows\n- Python 3.11\n- `pydivert`\n- WinDivert support available to `pydivert`\n- `xray\\\\xray.exe` when using the Xray\u002Fprofile flow\n- `xray\\\\wintun.dll` beside `xray\\\\xray.exe` when using `tunnel whole system`\n- Administrator privileges are usually required for packet capture and injection, and are required for `tunnel whole system`\n\nInstall dependencies:\n\n```powershell\npy -m venv .venv\n.\\.venv\\Scripts\\Activate.ps1\npip install -r requirements.txt\n```\n\n## Run\n\n```powershell\npython -m src\n```\n\nThis opens the GUI by default. Use `python -m src --headless` for console-only relay mode, and add `--config path\\to\\config.json` to point at a different config file.\n\nWhen Xray is active in the proxy-based modes, the app exposes a local mixed proxy on `127.0.0.1:LOCAL_PROXY_PORT`.\n\nIn `clear system proxy` mode, Windows proxy settings are cleared while the relay is running. In `set system proxy` mode, Windows proxy settings are temporarily pointed at `127.0.0.1:LOCAL_PROXY_PORT` and restored when the relay stops.\n\nIn `tunnel whole system` mode, the app must be started as Administrator. While that mode is running, the app brings up the bundled Xray TUN adapter, installs a direct `\u002F32` route for `CONNECT_IP` through the pre-tunnel gateway, moves the default IPv4 route to the tunnel adapter, applies `TUNNEL_DNS_SERVERS` to the tunnel adapter, and restores those app-owned route and DNS changes when the relay stops or stale tunnel state is repaired.\n\nDelay tests remain limited to the proxy-based modes because they use temporary runtimes and should not take over system routes or DNS.\n\n## Build\n\nTo create a Windows bundle containing the exe, `config.json`, assets from `src\u002Fassets\u002F`, and the runtime files under `xray\\\\`:\n\n```powershell\npip install -r requirements-build.txt\npython build.py\n```\n\nUse `python build.py --force-connect-port` if you want the bundled config to always use `CONNECT_PORT` instead of the port from an active share link.\n\n`build.py` packages `src\u002Fmain.py` as the application entry point and stages fonts, icons, logos, and the bundled Xray runtime directory.\n\nThe output bundle is written to `dist\\\\RM SNI Spoofer\\\\`.\n\n## Notes\n\n- The relay is low-level and timing-sensitive.\n- Packet injection failures or unexpected packets close the connection.\n- If the chosen `CONNECT_IP` does not actually serve the expected site, the later TLS handshake will still fail.\n- Relay start and delay tests require an active Xray profile.\n- Delay test results are persisted in `config.json` and restored the next time the app opens.\n- The app restores the previous Windows proxy state on normal stop when it changed that state itself.\n- Tunnel mode restores its app-owned routes and tunnel adapter DNS state on normal stop and stale-state repair.\n- UDP works in `tunnel whole system` mode through the bundled Xray TUN backend when an active Xray profile is configured.\n\n## License\n\nThis repository includes the GNU GPL v3 license in `LICENSE`.\n","RM SNI Spoofer 是一个仅适用于 Windows 的本地 TCP 中继工具，通过注入带有伪造 SNI 的 TLS ClientHello 数据包来绕过网络审查。该项目基于 Patterniha 的工作，并使用了 pydivert 库来监听和处理 TCP 连接。它能够转发真实流量而不修改实际负载，同时提供了一个桌面控制面板以管理 Xray 分享链接、启动\u002F停止中继以及运行延迟测试。该软件适合需要绕过特定网络限制的场景，例如访问被封锁的网站或服务。用户可以配置不同的连接模式，包括清除系统代理、设置系统代理或隧道整个系统，其中后者需要管理员权限并支持 UDP 流量传输。","2026-06-11 04:02:58","CREATED_QUERY"]