masktunnel

package module
v1.0.6 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 8, 2025 License: GPL-3.0 Imports: 28 Imported by: 0

README

MaskTunnel

A smart proxy that automatically mimics different browsers to bypass detection systems.

What is MaskTunnel?

MaskTunnel is an HTTP proxy that automatically changes its "fingerprint" to match different browsers (Chrome, Firefox, Safari, etc.) based on the User-Agent header in requests. This helps bypass websites that try to detect and block automated traffic.

Key benefits:

  • JA3/JA4 TLS fingerprint simulation: Mimics real browser JA3/JA4 TLS fingerprints (Chrome, Firefox, Safari, Edge)
  • Akamai HTTP/2 fingerprint bypass: Replicates browser-specific HTTP/2 SETTINGS and frame patterns
  • Dynamic adaptation: Automatically selects correct fingerprints based on User-Agent headers
  • JavaScript injection: Inject custom code to bypass client-side detection
  • Zero configuration: Works out-of-the-box with any HTTP client or browser

Installation

# Run with default settings
docker run -p 8080:8080 jackzzs/masktunnel
Binary Releases

Download pre-built binaries from the releases page.

Build from Source
git clone https://github.com/cloudflyer-project/masktunnel
cd masktunnel
go build ./cmd/masktunnel

Usage

Start the Proxy

Basic proxy on port 8080:

./masktunnel -port 8080

Configure your browser or application to use http://localhost:8080 as the HTTP proxy.

Common Options

Add authentication:

./masktunnel -username myuser -password mypass -port 8080

Inject custom JavaScript into web pages:

./masktunnel -payload "console.log('Hello from MaskTunnel!');" -port 8080

Chain through another proxy:

./masktunnel -upstream-proxy http://upstream:8080 -port 8080
Testing the Fingerprinting

Test that different User-Agents produce different fingerprints:

Chrome fingerprint:

curl -x http://localhost:8080 \
     -H "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" \
     https://tls.peet.ws/api/all

Firefox fingerprint:

curl -x http://localhost:8080 \
     -H "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:120.0) Gecko/20100101 Firefox/120.0" \
     https://tls.peet.ws/api/all

The fingerprints returned should be different for each browser.

Command Line Options

Option Description Default
-port Proxy listen port 8080
-addr Proxy listen address ``
-username Username for proxy authentication ``
-password Password for proxy authentication ``
-payload JavaScript to inject into responses ``
-upstream-proxy Forward requests to upstream proxy ``
-user-agent Override User-Agent header ``
-cert TLS certificate file cert.pem
-key TLS key file key.pem
-verbose Enable verbose logging false

Acknowledgments

MaskTunnel builds upon the excellent work of:

License

This project is licensed under the GPLv3 License.

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func GetSupportedBrowsers 

func GetSupportedBrowsers() []string

GetSupportedBrowsers returns list of supported browsers

func GetSupportedVersions 

func GetSupportedVersions(browserName string) []int

GetSupportedVersions returns list of supported versions for specified browser

Types

type BasicAuth 

type BasicAuth struct {
	// contains filtered or unexported fields
}

BasicAuth handles HTTP Basic Authentication for proxy

func NewBasicAuth 

func NewBasicAuth(username, password string) *BasicAuth

NewBasicAuth creates a new basic auth handler

func (*BasicAuth) GetAuthRequiredResponse 

func (ba *BasicAuth) GetAuthRequiredResponse() *http.Response

GetAuthRequiredResponse returns HTTP 407 response for auth required

func (*BasicAuth) IsEnabled 

func (ba *BasicAuth) IsEnabled() bool

IsEnabled returns true if authentication is enabled

func (*BasicAuth) Validate 

func (ba *BasicAuth) Validate(req *http.Request) bool

Validate validates the proxy authentication from request

type BrowserFingerprint 

type BrowserFingerprint struct {
	Browser          string
	HTTP2Fingerprint string
	TLSProfile       string
}

BrowserFingerprint contains complete browser fingerprint

func GetBrowserFingerprint 

func GetBrowserFingerprint(userAgent string) (*BrowserFingerprint, error)

GetBrowserFingerprint gets complete browser fingerprint from User-Agent

type BrowserInfo 

type BrowserInfo struct {
	Name    string
	Version string
	Major   int
}

BrowserInfo contains browser information

func ParseUserAgent 

func ParseUserAgent(userAgent string) (*BrowserInfo, error)

ParseUserAgent parses User-Agent string

type BufferedMITMConn added in v1.0.6 

type BufferedMITMConn struct {
	net.Conn
	Reader *bufio.Reader
}

BufferedMITMConn wraps a connection with a buffered reader for protocol detection

func (*BufferedMITMConn) Read added in v1.0.6 

func (bc *BufferedMITMConn) Read(p []byte) (int, error)

type CertManager 

type CertManager struct {
	// contains filtered or unexported fields
}

CertManager manages certificate generation for MITM

func NewCertManager 

func NewCertManager() (*CertManager, error)

NewCertManager creates a new certificate manager

func (*CertManager) GetCACert 

func (cm *CertManager) GetCACert() []byte

GetCACert returns the CA certificate in PEM format

func (*CertManager) GetCertificate 

func (cm *CertManager) GetCertificate(hostname string) (*tls.Certificate, error)

GetCertificate returns a certificate for the given hostname

type ChunkedWriter added in v1.0.6 

type ChunkedWriter struct {
	// contains filtered or unexported fields
}

ChunkedWriter is a helper to wrap a net.Conn to write in chunked encoding format.

func NewChunkedWriter added in v1.0.6 

func NewChunkedWriter(conn net.Conn, useChunked bool) *ChunkedWriter

NewChunkedWriter creates a new ChunkedWriter.

func (*ChunkedWriter) Close added in v1.0.6 

func (cw *ChunkedWriter) Close() error

Close finalizes the stream. For chunked encoding, it writes the final zero-length chunk. This is implicitly called by io.Copy when the source reader returns EOF.

func (*ChunkedWriter) Write added in v1.0.6 

func (cw *ChunkedWriter) Write(p []byte) (n int, err error)

Write implements io.Writer. It writes data in chunked format if useChunked is true.

type Config 

type Config struct {
	Addr          string
	Port          string
	UserAgent     string
	Payload       string
	UpstreamProxy string
	Username      string
	Password      string
	CertFile      string
	KeyFile       string
	Verbose       int
}

Config holds the proxy server configuration

type HTTP2Fingerprint 

type HTTP2Fingerprint struct {
	Settings     string
	WindowUpdate string
	Priority     string
	PseudoHeader string
}

HTTP2Fingerprint contains HTTP/2 fingerprint configuration

type Manager 

type Manager struct {
	// contains filtered or unexported fields
}

Manager manages all azuretls sessions

func NewManager 

func NewManager() *Manager

NewManager creates a new session manager

func (*Manager) CloseAll 

func (m *Manager) CloseAll()

CloseAll closes all sessions

func (*Manager) GetSession 

func (m *Manager) GetSession(userAgent, upstreamProxy string) (*azuretls.Session, error)

GetSession gets or creates session based on configuration

func (*Manager) GetSessionCount 

func (m *Manager) GetSessionCount() int

GetSessionCount returns current session count

type PayloadInjector 

type PayloadInjector struct {
	// contains filtered or unexported fields
}

PayloadInjector handles JavaScript payload injection into responses

func NewPayloadInjector 

func NewPayloadInjector(payload string) *PayloadInjector

NewPayloadInjector creates a new payload injector

func (*PayloadInjector) InjectIntoResponse 

func (p *PayloadInjector) InjectIntoResponse(body []byte, contentType string) []byte

InjectIntoResponse injects payload into HTTP response based on content type

func (*PayloadInjector) PrependToBuffer 

func (p *PayloadInjector) PrependToBuffer(buf *bytes.Buffer, contentType string)

PrependToBuffer prepends payload to buffer for streaming responses

func (*PayloadInjector) ShouldInject 

func (p *PayloadInjector) ShouldInject(contentType string) bool

ShouldInject checks if payload should be injected based on content type

type Server 

type Server struct {
	// contains filtered or unexported fields
}

Server represents the MaskTunnel proxy server

func NewServer 

func NewServer(config *Config) *Server

NewServer creates a new proxy server instance

func (*Server) ServeHTTP 

func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request)

ServeHTTP implements http.Handler interface

func (*Server) Start 

func (s *Server) Start() error

Start starts the proxy server

func (*Server) Stop 

func (s *Server) Stop() error

Stop stops the proxy server

Source Files

View all Source files

Directories

Path Synopsis
cmd
masktunnel command

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.