Brook is a cross-platform strong encryption and not detectable proxy. Zero-Configuration. Brook 是一个跨平台的强加密无特征的代理软件. 零配置.

TxThinking

Last update: Jan 4, 2023

Overview

Brook

中文

v20210401

[GUI] Block list(Ad Block)
Bypass & Block rule
[GUI] Forward DNS
[GUI] OpenWrt GUI client
[GUI] Fake DNS
[CLI] $ brook tproxy
Script
Document
Community(ask here)
go mod

What is Brook

Document

Brook is a cross-platform strong encryption and not detectable proxy.
Brook's goal is to keep it simple, stupid and not detectable.

Install CLI

The CLI file has both server and client functions

Download from releases

# For example, on linux amd64, v20210401

curl -L https://github.com/txthinking/brook/releases/download/v20210401/brook_linux_amd64 -o /usr/bin/brook
chmod +x /usr/bin/brook

Install via nami 🔥

nami install github.com/txthinking/brook

Install via brew

brew install brook

Install GUI

The GUI file has only client function

Download from releases: macOS, Windows, Android, iOS

Install via brew

brew install --cask brook

brew install --cask brooklite

Usage

Docs

NAME:
   Brook - A cross-platform strong encryption and not detectable proxy

USAGE:
   brook [global options] command [command options] [arguments...]

VERSION:
   20210401

AUTHOR:
   Cloud <[email protected]>

COMMANDS:
   server        Run as brook server, both TCP and UDP
   servers       Run as multiple brook servers
   client        Run as brook client, both TCP and UDP, to start a socks5 proxy, [src <-> socks5 <-> $ brook client <-> $ brook server <-> dst], [works with $ brook server]
   map           Run as mapping, both TCP and UDP, this means access [from address] is equal to [to address], [src <-> from address <-> $ brook server <-> to address], [works with $ brook server]
   dns           Run as DNS server, both TCP and UDP, [src <-> $ brook dns <-> $ brook server <-> dns server] or [src <-> $ brook dns <-> dns server for bypass], [works with $ brook server]
   tproxy        Run as transparent proxy, both TCP and UDP, only works on Linux, [src <-> $ brook tproxy <-> $ brook server <-> dst], [works with $ brook server]
   wsserver      Run as brook wsserver, both TCP and UDP, it will start a standard http server and websocket server
   wssserver     Run as brook wssserver, both TCP and UDP, it will start a standard https server and websocket server
   wsclient      Run as brook wsclient, both TCP and UDP, to start a socks5 proxy, [src <-> socks5 <-> $ brook wsclient <-> $ brook wsserver <-> dst], [works with $ brook wsserver]
   wssclient     Run as brook wssclient, both TCP and UDP, to start a socks5 proxy, [src <-> socks5 <-> $ brook wssclient <-> $ brook wssserver <-> dst], [works with $ brook wssserver]
   link          Print brook link
   qr            Print brook server QR code
   relay         Run as standalone relay, both TCP and UDP, this means access [listen address] is equal to access [to address], [src <-> listen address <-> to address]
   relays        Run as multiple standalone relays
   socks5        Run as standalone standard socks5 server, both TCP and UDP
   socks5tohttp  Convert socks5 to http proxy, [src <-> listen address(http proxy) <-> socks5 address <-> dst]
   hijackhttps   Hijack domains and assume is TCP/TLS/443. Requesting these domains from anywhere in the system will be hijacked . [src <-> $ brook hijackhttps <-> socks5 server] or [src <-> direct]
   pac           Run as PAC server or save PAC to file
   howto         Print some useful tutorial resources
   help, h       Shows a list of commands or help for one command

GLOBAL OPTIONS:
   --debug, -d               Enable debug (default: false)
   --listen value, -l value  Listen address for debug (default: ":6060")
   --help, -h                show help (default: false)
   --version, -v             print the version (default: false)

COPYRIGHT:
   https://github.com/txthinking/brook

Docs

Contributing

Please read CONTRIBUTING.md first

License

Licensed under The GPLv3 License

Comments

Android blank page
Describe actual behavior

What is your expected behavior

Specifications like the version of the project, operating system, or hardware

Steps to deploy the server

Steps to reproduce the problem

bug android
opened by nihaonanshen 41

How do I provide username for a remote socks5 server?

Prerequisites

[x] Did you check the wiki?
[x] Did you search in issues?
[x] Are you running the latest version?
[x] I will write this in English.

Environment

Windows 10 x64

My question is about CLI version. When i'm running Brook.exe I see an option to specify socks5 login and password (becuase my proxy server requires authorisation).

However when I'm running CLI it doesn't take a username parameter so I cannot specify it.

PS C:\Brook> .\brook_windows_amd64.exe client -l 127.0.0.1:1080 -i 127.0.0.1 -s 55.55.55.55:1080 -u myuser -p mypass
Incorrect Usage: flag provided but not defined: -u

NAME:
   brook_windows_amd64.exe client - Run as client mode

USAGE:
   brook_windows_amd64.exe client [command options] [arguments...]

OPTIONS:
   --listen value, -l value    Client listen address, like: 127.0.0.1:1080
   --ip value, -i value        Client IP address, like: 127.0.0.1
   --server value, -s value    Server address, like: 1.2.3.4:1080
   --password value, -p value  Server password
   --tcpTimeout value          connection tcp keepalive timeout (s) (default: 60)
   --tcpDeadline value         connection deadline time (s) (default: 0)
   --udpDeadline value         connection deadline time (s) (default: 60)
   --udpSessionTime value      udp session time (s), in most cases need this (default: 60)
   --http                      If true, client start a http(s) proxy. default socks5

2019/11/27 17:12:46 flag provided but not defined: -u

This is how I do curl the remote socks5 server:

curl --socks5 55.55.55.55:1080 --user myuser:mypass http://ifcfg.co

How do I run the proxy server on a localhost with remote socks5 server authorisation?

question Vote if you need this feature too help each other

opened by Pzixel 26

Please try the new macOS/Windows GUI client

https://storage.googleapis.com/txthinking-file/_/Brook.dmg

https://storage.googleapis.com/txthinking-file/_/Brook.exe

It is not good enough at the moment, but simple may be better compatible.
PR welcome

opened by txthinking 24
ios无法连接

今天ios突然无法连接，ios客户端点开始连接按钮，无法打开vpn图标，在设置vpn里面打开开关，显示断开连接，mac客户端也一样，无意中打开pac网址：https://www.txthinking.com/pac/white.list及https://www.txthinking.com/pac/black.list发现被墙，现只能用全局才能打开vpn（白名单和黑名单模式均不能打开vpn）

pc端正常

brookv0601
PR welcome

opened by duduzz2017 23
iOS 13升级20210101版后系统VPN处显示【需要更新】无法使用
我的服务端使用以下命令部署 nohup ./brook_linux_amd64 server -l :12345 -p xxx & 使用最新20210101版本

mac客户端使用正常

iOS13客户端从0909升级到0101版本后无法建立VPN连接，点击connect之后按钮变为disconnect，但系统设置的VPN里显示【需要更新】的红字，如图所示：
opened by bonboru93 22
suddenly not work on all my android phone

brook not work on all of my Android phone(Huawei, One Plus 5) a few days ago.

But iPhone can still use with same server.

Both the server's and Android client’s version are the newest.
can not reproduce help each other

opened by jay816314 21
Latest release v20180601 Brook.apk 部分手机无法正常使用
Describe actual behavior

What is your expected behavior

Specifications like the version of the project, operating system, or hardware

Steps to deploy the server

Steps to reproduce the problem

0.Latest release v20180601 Brook.apk 在华为p20 上及小米note3 均无法正常使用 1.华为p20安装完以后，打开使用，点击开启特别慢，完了以后，通知栏有图标，但是无法科学上网 2.小米note3安装以后，打开使用，点击开启特别慢，而且无法正常开启，通知栏无图标。
PR welcome
opened by liaodijin 21

vpn mode in macos doesn't work ,but do work in windows and linux

Describe actual behavior

captondeMacBook-Air:~ capton$ sudo ./brook vpn -l 127.0.0.1:1080 -s myhost_ip:10086 -p 1125
Ctrl-C to quit
Quitting...
listen udp 127.0.0.1:53: bind: address already in use
captondeMacBook-Air:~ capton$

What is your expected behavior

captondeMacBook-Air:~ capton$ sudo ./brook vpn -l 127.0.0.1:1080 -s myhost_ip:10086 -p 1125
Ctrl-C to quit

Specifications like the version of the project, operating system, or hardware

Version of project : Brook 20180909 OS : macOS High Sierra 10.13.4 (17E199) CPU : 1.6 GHz Intel Core i5

Steps to deploy the server

nohup ./brook servers -l ":10085 1125" -l ":10086 1125" --tcpDeadline 10 >/dev/null 2>log &

Steps to reproduce the problem

opened by Ccapton 20

Android device with larger aspect ratios cause blank page, (Samsung S8 etc.)
Describe actual behavior

What is your expected behavior

Specifications like the version of the project, operating system, or hardware

Steps to reproduce the problem

首页无法显示

Android 7.0

Samsung s8+

bug android
opened by ElementMTT 18
‘Invalid args, please reopen app’ after upgrade

Gui Client show error ‘Invalid args, please reopen app’ after upgrade the client and server to v20220406(from v20210701). the issue remains after reinstall both client and server. Client: mac catalina Server: debian10

opened by LeonTheAlchemist 17
Windows error with client config
Describe actual behavior

What is your expected behavior

Expect to see working brook client connection

Specifications like the version of the project, operating system, or hardware

v20171111

Steps to deploy the server

Create brook server

Download client and configure as it must to be

Receive error

https://imgur.com/a/hpjTh https://imgur.com/a/TYfnH

P/s i use this script on server side https://doub.io/brook-jc3/

I will be glad to see help if someone can install it manually on server side and on pc
desktop
opened by asterriya 16
Brook 加密传输协议中，客户端收到的信息不可靠

你好，这个漏洞类似于 https://github.com/shadowsocks/shadowsocks-org/issues/183

Brook 加密传输协议中 TCP 双向的加密参数、协议结构相似，且服务端返回给客户端的是一条完全独立的加密流，这使得对客户端的攻击成为可能：中间人可以把返回流替换成以往记录的请求流或返回流，或即时交换两条返回流等，客户端无法在解密时发现异常，会把完全错误的信息返回给上层应用。要解决该漏洞，返回流以某种方式关联请求流即可，比如 HKDF 的 info 改为请求流的第一个 nonce。

UDP 包同理，但问题更多一些，举例较麻烦，不展开。总之，建议 UDP 请求包内加入基于源二元组的唯一标识符（顺便实现了端口复用），返回包也带上它，并且也加上时间戳校验。但请求包与返回包的明文格式不能完全相同，需要有一个字段来区分它们。

opened by RPRX 1
metrics support

hi. thanks for this project! wondering if you've considered providing a metrics protocol (prometheus) support for brook. I'd be happy to co-author with you.

opened by mosajjal 2
TPROXY中，类似BypassList, 请再增加一个ProxyList参数

ProxyList中的Domain和IP，都通过Brook。这样就实现了Brook GFW模式的问题。直接ipset只能处理IP List，通常需要结合dnsmasq才能处理域名List，iptables还需要自己写，各种实现脚本都比较复杂。 Brook TPROXY模式中，通过接管dns，能很好的处理bypass域名的问题，同理，处理proxyList的域名和IP也应该通过类似逻辑就可以简单实现。

opened by Tint0ri 3
wssserver配置出错

您好，我在配置brook wssserver --domainaddress domain.com:443 --password hello --cert /root/cert.pem --certkey /root/certkey.pem时出现了这个错误http: TLS handshake error i/o timeout，请问怎么解决呢？

opened by LuckySmile1999 8