masterhttprelayvpn-proxy
Compare original and translation side by side
🇺🇸
Original
English🇨🇳
Translation
ChineseMasterHttpRelayVPN Proxy
MasterHttpRelayVPN 代理
Skill by ara.so — Daily 2026 Skills collection.
MasterHttpRelayVPN is a domain-fronted HTTP/SOCKS5 proxy that tunnels traffic through Google Apps Script. It disguises requests as Google traffic to evade DPI/firewalls, performs local MITM TLS interception to re-encrypt traffic, and requires only a free Google account — no VPS needed.
Traffic flow:
Browser → Local Proxy (127.0.0.1:8085) → Google IP (front_domain) → Apps Script Relay → Target Website由ara.so提供的技能——2026每日技能合集。
MasterHttpRelayVPN是一款基于域名前置的HTTP/SOCKS5代理,通过Google Apps Script实现流量隧道传输。它将请求伪装成Google流量以规避DPI/防火墙,执行本地MITM TLS拦截并重新加密流量,仅需免费Google账户即可使用——无需VPS。
流量流向:
浏览器 → 本地代理(127.0.0.1:8085) → Google IP(front_domain) → Apps Script中继 → 目标网站Installation
安装
bash
git clone https://github.com/masterking32/MasterHttpRelayVPN.git
cd MasterHttpRelayVPN
pip install -r requirements.txtBehind a firewall (PyPI mirror):
bash
pip install -r requirements.txt -i https://mirror-pypi.runflare.com/simple/ --trusted-host mirror-pypi.runflare.comQuick start scripts (handles venv + deps automatically):
bash
undefinedbash
git clone https://github.com/masterking32/MasterHttpRelayVPN.git
cd MasterHttpRelayVPN
pip install -r requirements.txt防火墙环境下使用(PyPI镜像):
bash
pip install -r requirements.txt -i https://mirror-pypi.runflare.com/simple/ --trusted-host mirror-pypi.runflare.com快速启动脚本(自动处理虚拟环境和依赖):
bash
undefinedLinux/macOS
Linux/macOS
chmod +x start.sh && ./start.sh
chmod +x start.sh && ./start.sh
Windows
Windows
start.bat
---start.bat
---Step 1: Deploy the Google Apps Script Relay
步骤1:部署Google Apps Script中继
- Go to https://script.google.com/ and create a New project
- Delete default code, paste the contents of
apps_script/Code.gs - Set a strong password on this line:
javascript
const AUTH_KEY = "your-secret-password-here"; - Click Deploy → New deployment → Web app
- Execute as: Me
- Who has access: Anyone
- Copy the Deployment ID (long random string)
- 访问https://script.google.com/并创建一个新项目
- 删除默认代码,粘贴中的内容
apps_script/Code.gs - 在以下行设置强密码:
javascript
const AUTH_KEY = "your-secret-password-here"; - 点击部署 → 新建部署 → 网页应用
- 执行方式:我
- 访问权限:任何人
- 复制部署ID(长随机字符串)
Step 2: Configure
步骤2:配置
Option A — Interactive wizard (recommended)
选项A — 交互式向导(推荐)
bash
python setup.pyPrompts for Deployment ID, generates a random , writes .
auth_keyconfig.jsonbash
python setup.py提示输入部署ID,生成随机,并写入。
auth_keyconfig.jsonOption B — Manual config
选项B — 手动配置
bash
cp config.example.json config.jsonEdit :
config.jsonjson
{
"mode": "apps_script",
"google_ip": "216.239.38.120",
"front_domain": "www.google.com",
"script_id": "AKfycb...",
"auth_key": "your-secret-password-here",
"listen_host": "127.0.0.1",
"listen_port": 8085,
"socks5_enabled": true,
"socks5_port": 1080,
"log_level": "INFO",
"verify_ssl": true
}inauth_keymust matchconfig.jsoninAUTH_KEY.Code.gs
bash
cp config.example.json config.json编辑:
config.jsonjson
{
"mode": "apps_script",
"google_ip": "216.239.38.120",
"front_domain": "www.google.com",
"script_id": "AKfycb...",
"auth_key": "your-secret-password-here",
"listen_host": "127.0.0.1",
"listen_port": 8085,
"socks5_enabled": true,
"socks5_port": 1080,
"log_level": "INFO",
"verify_ssl": true
}中的config.json必须与auth_key中的Code.gs一致。AUTH_KEY
Step 3: Run
步骤3:运行
bash
python3 main.pyInstall CA certificate (run once, or re-run anytime):
bash
python main.py --install-certbash
python3 main.py安装CA证书(运行一次即可,也可随时重新运行):
bash
python main.py --install-certConfiguration Reference
配置参考
Main Settings
主要设置
| Key | Description |
|---|---|
| Always |
| Google Apps Script Deployment ID |
| Shared secret between proxy and relay |
| |
| HTTP proxy port (default: |
| Enable SOCKS5 listener |
| SOCKS5 port (default: |
| |
| 配置项 | 说明 |
|---|---|
| 固定为 |
| Google Apps Script部署ID |
| 代理与中继之间的共享密钥 |
| |
| HTTP代理端口(默认: |
| 是否启用SOCKS5监听器 |
| SOCKS5端口(默认: |
| |
Advanced Settings
高级设置
| Key | Default | Description |
|---|---|---|
| | Google IP to connect through |
| | Domain shown to firewall |
| | Verify upstream TLS certs |
| | Multiple deployment IDs for load balancing |
| | Allow LAN devices to use proxy |
| | Hosts that return HTTP 403 (e.g. |
| | Hosts that go direct (no MITM/relay) |
| 配置项 | 默认值 | 说明 |
|---|---|---|
| | 用于连接的Google IP地址 |
| | 向防火墙展示的域名 |
| | 是否验证上游TLS证书 |
| | 用于负载均衡的多个部署ID |
| | 是否允许局域网设备使用代理 |
| | 返回HTTP 403的主机(例如 |
| | 直接访问的主机(无需MITM/中继) |
Full config example with all advanced options
包含所有高级选项的完整配置示例
json
{
"mode": "apps_script",
"google_ip": "216.239.38.120",
"front_domain": "www.google.com",
"script_ids": [
"AKfycbDEPLOYMENT_ID_1",
"AKfycbDEPLOYMENT_ID_2"
],
"auth_key": "super-strong-random-password",
"listen_host": "0.0.0.0",
"listen_port": 8085,
"socks5_enabled": true,
"socks5_port": 1080,
"lan_sharing": true,
"log_level": "INFO",
"verify_ssl": true,
"block_hosts": [
".doubleclick.net",
"ads.example.com"
],
"bypass_hosts": [
"localhost",
".local",
".lan",
"192.168.1.1"
]
}json
{
"mode": "apps_script",
"google_ip": "216.239.38.120",
"front_domain": "www.google.com",
"script_ids": [
"AKfycbDEPLOYMENT_ID_1",
"AKfycbDEPLOYMENT_ID_2"
],
"auth_key": "super-strong-random-password",
"listen_host": "0.0.0.0",
"listen_port": 8085,
"socks5_enabled": true,
"socks5_port": 1080,
"lan_sharing": true,
"log_level": "INFO",
"verify_ssl": true,
"block_hosts": [
".doubleclick.net",
"ads.example.com"
],
"bypass_hosts": [
"localhost",
".local",
".lan",
"192.168.1.1"
]
}CA Certificate Installation (Required for HTTPS)
CA证书安装(HTTPS必需)
The proxy performs MITM TLS interception. A local CA is generated at on first run. Install it once per machine/browser.
ca/ca.crt该代理执行MITM TLS拦截。首次运行时会在生成本地CA证书。每台机器/浏览器需安装一次。
ca/ca.crtLinux (Ubuntu/Debian)
Linux(Ubuntu/Debian)
bash
sudo cp ca/ca.crt /usr/local/share/ca-certificates/masterhttp-relay.crt
sudo update-ca-certificatesbash
sudo cp ca/ca.crt /usr/local/share/ca-certificates/masterhttp-relay.crt
sudo update-ca-certificatesmacOS
macOS
bash
sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain ca/ca.crtbash
sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain ca/ca.crtWindows (PowerShell as Admin)
Windows(以管理员身份运行PowerShell)
powershell
certutil -addstore -f "ROOT" ca\ca.crtpowershell
certutil -addstore -f "ROOT" ca\ca.crtFirefox (all platforms)
Firefox(全平台)
Settings → Privacy & Security → Certificates → View Certificates → Authorities → Import → select → check "Trust this CA to identify websites"
ca/ca.crt⚠️ Never share thefolder. Delete it to regenerate a fresh CA.ca/
设置 → 隐私与安全 → 证书 → 查看证书 → 证书颁发机构 → 导入 → 选择 → 勾选"信任此CA以识别网站"
ca/ca.crt⚠️ 切勿共享文件夹。删除该文件夹可重新生成新的CA证书。ca/
Browser Proxy Configuration
浏览器代理配置
HTTP Proxy:
SOCKS5 Proxy:
127.0.0.1:8085SOCKS5 Proxy:
127.0.0.1:1080HTTP代理:
SOCKS5代理:
127.0.0.1:8085SOCKS5代理:
127.0.0.1:1080Firefox
Firefox
Settings → General → Network Settings → Manual proxy configuration:
- HTTP Proxy: , Port:
127.0.0.18085 - Check: "Also use this proxy for HTTPS"
设置 → 常规 → 网络设置 → 手动配置代理:
- HTTP代理:,端口:
127.0.0.18085 - 勾选:"此代理也用于HTTPS"
Chrome/Edge (Windows system proxy)
Chrome/Edge(Windows系统代理)
Settings → Network → Proxy → Manual proxy setup →
127.0.0.1:8085设置 → 网络和Internet → 代理 → 手动设置代理 →
127.0.0.1:8085Using curl for testing
使用curl测试
bash
curl -x http://127.0.0.1:8085 https://example.combash
curl -x http://127.0.0.1:8085 https://example.comor SOCKS5
或使用SOCKS5
curl --socks5 127.0.0.1:1080 https://example.com
undefinedcurl --socks5 127.0.0.1:1080 https://example.com
undefinedUsing requests in Python
在Python中使用requests库
python
import requests
proxies = {
"http": "http://127.0.0.1:8085",
"https": "http://127.0.0.1:8085",
}
response = requests.get("https://example.com", proxies=proxies)
print(response.status_code)python
import requests
proxies = {
"http": "http://127.0.0.1:8085",
"https": "http://127.0.0.1:8085",
}
response = requests.get("https://example.com", proxies=proxies)
print(response.status_code)LAN Sharing Setup
局域网共享设置
Allow other devices on your network to use the proxy:
json
{
"lan_sharing": true,
"listen_host": "0.0.0.0",
"listen_port": 8085
}On startup, the proxy logs your LAN IP addresses. Configure other devices to use .
<YOUR_LAN_IP>:8085允许网络中的其他设备使用代理:
json
{
"lan_sharing": true,
"listen_host": "0.0.0.0",
"listen_port": 8085
}启动时,代理会记录你的局域网IP地址。将其他设备配置为使用。
<你的局域网IP>:8085Load Balancing with Multiple Relays
多中继负载均衡
Deploy multiple Google Apps Script projects and list all Deployment IDs:
json
{
"script_ids": [
"AKfycbFIRST_DEPLOYMENT_ID",
"AKfycbSECOND_DEPLOYMENT_ID",
"AKfycbTHIRD_DEPLOYMENT_ID"
],
"auth_key": "same-password-in-all-scripts"
}All Apps Script deployments must have the samevalue.AUTH_KEY
部署多个Google Apps Script项目并列出所有部署ID:
json
{
"script_ids": [
"AKfycbFIRST_DEPLOYMENT_ID",
"AKfycbSECOND_DEPLOYMENT_ID",
"AKfycbTHIRD_DEPLOYMENT_ID"
],
"auth_key": "所有脚本使用相同密码"
}所有Apps Script部署必须使用相同的值。AUTH_KEY
Common Patterns
常见配置模式
Blocking ads/trackers
拦截广告/追踪器
json
{
"block_hosts": [
".doubleclick.net",
".googlesyndication.com",
".googleadservices.com",
"ads.example.com"
]
}json
{
"block_hosts": [
".doubleclick.net",
".googlesyndication.com",
".googleadservices.com",
"ads.example.com"
]
}Bypassing local/LAN resources (no MITM)
绕过本地/局域网资源(无需MITM)
json
{
"bypass_hosts": [
"localhost",
"127.0.0.1",
".local",
".lan",
".home.arpa",
"192.168.1.0/24"
]
}json
{
"bypass_hosts": [
"localhost",
"127.0.0.1",
".local",
".lan",
".home.arpa",
"192.168.1.0/24"
]
}Running with debug logging
启用调试日志运行
bash
undefinedbash
undefinedIn config.json
在config.json中设置
{ "log_level": "DEBUG" }
{ "log_level": "DEBUG" }
Or temporarily
或临时启用
python3 main.py
undefinedpython3 main.py
undefinedScripted config generation
脚本化生成配置
python
import json
import secrets
config = {
"mode": "apps_script",
"google_ip": "216.239.38.120",
"front_domain": "www.google.com",
"script_id": "PASTE_DEPLOYMENT_ID_HERE",
"auth_key": secrets.token_urlsafe(32),
"listen_host": "127.0.0.1",
"listen_port": 8085,
"socks5_enabled": True,
"socks5_port": 1080,
"log_level": "INFO",
"verify_ssl": True
}
with open("config.json", "w") as f:
json.dump(config, f, indent=2)
print(f"Generated auth_key: {config['auth_key']}")
print("Remember to set this same value as AUTH_KEY in Code.gs")python
import json
import secrets
config = {
"mode": "apps_script",
"google_ip": "216.239.38.120",
"front_domain": "www.google.com",
"script_id": "粘贴部署ID到此处",
"auth_key": secrets.token_urlsafe(32),
"listen_host": "127.0.0.1",
"listen_port": 8085,
"socks5_enabled": True,
"socks5_port": 1080,
"log_level": "INFO",
"verify_ssl": True
}
with open("config.json", "w") as f:
json.dump(config, f, indent=2)
print(f"生成的auth_key: {config['auth_key']}")
print("请记得在Code.gs中设置相同的AUTH_KEY值")Troubleshooting
故障排除
"Security warning" on every website
每个网站都显示“安全警告”
→ CA certificate not installed. Run or follow the manual install steps above.
python main.py --install-cert→ 未安装CA证书。运行或按照上述手动安装步骤操作。
python main.py --install-certConnection refused on port 8085
8085端口连接被拒绝
→ Check and in . Make sure is running.
listen_hostlisten_portconfig.jsonpython3 main.py→ 检查中的和。确保正在运行。
config.jsonlisten_hostlisten_portpython3 main.py"403 Forbidden" from relay
中继返回“403 Forbidden”
→ in does not match in deployed . Redeploy the script after fixing.
auth_keyconfig.jsonAUTH_KEYCode.gs→ 中的与已部署的中的不匹配。修复后重新部署脚本。
config.jsonauth_keyCode.gsAUTH_KEYGoogle Apps Script quota exceeded
Google Apps Script配额超限
→ Free tier has daily quotas. Add more in for load balancing across multiple deployments.
script_idsconfig.json→ 免费版有每日配额限制。在中添加更多,通过多个部署实现负载均衡。
config.jsonscript_idsverify_ssl
errors
verify_sslverify_ssl
错误
verify_ssljson
{ "verify_ssl": false }Use only for testing; not recommended for production.
json
{ "verify_ssl": false }仅用于测试;不推荐在生产环境中使用。
Regenerate CA certificate
重新生成CA证书
bash
rm -rf ca/
python3 main.py # generates new ca/ca.crt on startupbash
rm -rf ca/
python3 main.py # 启动时会生成新的ca/ca.crtThen reinstall the certificate in OS/browser
然后在操作系统/浏览器中重新安装证书
undefinedundefinedCan't install Python packages (behind firewall)
无法安装Python包(防火墙环境下)
bash
pip install -r requirements.txt \
-i https://mirror-pypi.runflare.com/simple/ \
--trusted-host mirror-pypi.runflare.combash
pip install -r requirements.txt \
-i https://mirror-pypi.runflare.com/simple/ \
--trusted-host mirror-pypi.runflare.comTest the proxy is working
测试代理是否正常工作
bash
undefinedbash
undefinedShould return your external IP routed through Google
返回通过Google路由的外部IP
---
---Project Structure
项目结构
MasterHttpRelayVPN/
├── main.py # Entry point, starts HTTP + SOCKS5 listeners
├── setup.py # Interactive config wizard
├── config.json # Your configuration (gitignored)
├── config.example.json # Template
├── requirements.txt # Python dependencies
├── apps_script/
│ └── Code.gs # Google Apps Script relay code
├── ca/
│ ├── ca.crt # Generated CA certificate (install this)
│ └── ca.key # CA private key (keep secret)
├── start.sh # Linux/macOS quick start
└── start.bat # Windows quick startMasterHttpRelayVPN/
├── main.py # 入口文件,启动HTTP + SOCKS5监听器
├── setup.py # 交互式配置向导
├── config.json # 你的配置文件(已加入git忽略)
├── config.example.json # 配置模板
├── requirements.txt # Python依赖
├── apps_script/
│ └── Code.gs # Google Apps Script中继代码
├── ca/
│ ├── ca.crt # 生成的CA证书(需安装)
│ └── ca.key # CA私钥(需保密)
├── start.sh # Linux/macOS快速启动脚本
└── start.bat # Windows快速启动脚本