GitFeed
Back to feed

MasterHttpRelayVPN-RUST: Portable DPI Bypass via Google Apps Script

therealaleph/MasterHttpRelayVPN-RUST
843
+116/day
107
RustSecurity🚀 Just Launched

Rust port of @masterking32's MasterHttpRelayVPN — all credit to @masterking32 for the original idea and Python implementation. Free DPI bypass via a Google Apps Script relay with TLS SNI concealment. CLI + cross-platform desktop UI, HTTP + SOCKS5 proxy, no runtime deps.

AI Analysis

A zero-dependency Rust port of a DPI-circumvention tool using Google Apps Script as a relay.

Built for Developers and users in restricted network environments needing a lightweight, cross-platform censorship circumvention tool.

From the README

MasterHttpRelayVPN-RUST

Rust port of @masterking32's MasterHttpRelayVPN. All credit for the original idea and the Python implementation goes to @masterking32. This is a faithful reimplementation of the apps_script mode, packaged as two tiny binaries (CLI + desktop UI) with no runtime dependencies.

Free DPI bypass via Google Apps Script as a remote relay, with TLS SNI concealment. Your ISP's censor sees traffic going to www.google.com; behind the scenes a free Google Apps Script that you deploy in your own Google account fetches the real website for you.

Heads up on authorship: the bulk of this Rust port was written with Anthropic's Claude driving, reviewed by a human on every commit. Bug reports, fixes, and contributions are all welcome — see the issues page.

English Guide | راهنمای فارسی

Why this exists

The original Python project is excellent but requires Python + pip install cryptography h2 + system deps. For users in hostile networks that install process is often itself broken (blocked PyPI, missing wheels, Windows without Python). This port is a single ~2.5 MB executable that you download and run. Nothing else.

How it works

Browser / Telegram / xray
        |
        | HTTP proxy (8085)  or  SOCKS5 (8086)
        v
mhrv-rs (local)
        |
        | TLS to Google IP, SNI = www.google.com
        v                       ^
   DPI sees www.google.com      |
        |                       | Host: script.google.com (inside TLS)
        v                       |
  Google edge frontend ---------+
        |
        v
  Apps Script relay (your free Google account)
        |
        v
  Real destination

The censor's DPI sees www.google.com in the TLS SNI and lets it through. Google's frontend hosts both www.google.com and script.google.com on the same IP and routes by the HTTP Host header inside the encrypted stream.

For a handful of Google-owned domains (google.com, youtube.com, fonts.googleapis.com, …) the same tunnel is used directly instead of going through the Apps Script relay. This bypasses the per-fetch quota and fixes the "User-Agent is always Google-Apps-Script" problem for those domains. You can add more domains via the hosts map in config.

Platforms

Linux (x86_64, aarch64), macOS (x86_64, aarch64), Windows (x86_64), Android 7.0+ (universal APK covering arm64, armv7, x86_64, x86). Prebuilt binaries on the releases page.

Android users — grab mhrv-rs-android-universal-v*.apk and follow the full walk-through in docs/android.md. The Android build runs the exact same mhrv-rs crate as the desktop (via JNI) and adds a TUN bridge via tun2proxy, so every app on the device routes through the proxy without per-app configuration.

What's in a release

Each archive

View on GitHub