GitHub - txthinking/brook: Brook is a cross-platform(Linux/MacOS/Windows/Android...
source link: https://github.com/txthinking/brook
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Brook
A cross-platform network tool designed for developers.
Install
Install brook command
nami can automatically download the command corresponding to your system. If on Windows, run in Git Bash
or
If your system is not Linux, MacOS, Windows, or don't want nami, you can download it directly on the releases page
or
the script but only some parameters are supported:bash <(curl https://bash.ooo/brook.sh)
or
scripts written by others
or
Archlinux:pacman -S brook
(may be outdated)
or
brew:brew install brook
(may be outdated)
Install nami
bash <(curl https://bash.ooo/nami.sh)
Install brook
nami install brook
Install Brook GUI client
- iOS & M1 Mac
- Android: Brook.apk
- macOS
- Windows
- Windows: requires that the latest version of Edge(chromium-based) has been installed
- Windows Security Virus & threat protection: Settings -> Update & Security -> Windows Security -> Virus & threat protection -> Virus & threat protection settings -> manage settings -> Exclusions -> Add or remove exclusions -> Add an exclusion -> File -> Select Brook.exe
- OpenWrt
- Linux CLI or tun2brook
brook subcommand
and command line arguments
- all
subcoommand
:brook --help
- command line arguments of
subommand
:brook xxx --help
brook rule format
There are three types of rule files
- domain list: One domain name per line, the suffix matches mode. Can be a local file or an HTTPS URL
- CIDR v4 list: One CIDR per line, which can be a local file or an HTTPS URL
- CIDR v6 list: One CIDR per line, which can be a local file or an HTTPS URL
Rules file can be used for
- Server-side: blocking domain name and IP
- brook dns: bypass, block domain
- brook tproxy: bypass, block, domain, ip
- OpenWrt: bypass, block, domain, ip
- Brook GUI: bypass, block, domain, ip
Examples
List some examples of common scene commands, pay attention to replace the parameters such as IP, port, password, domain name, certificate path, etc. in the example by yourself
Run brook server
SRC --TCP--> brook client/relayoverbrook/dns/tproxy/GUI Client --TCP(Brook Protocol)--> brook server --TCP--> DST
SRC --UDP--> brook client/relayoverbrook/dns/tproxy/GUI Client --UDP/TCP(Brook Protocol)--> brook server --UDP--> DST
brook server --listen :9999 --password hello
Get brook link
brook link --server 1.2.3.4:9999 --password hello --name 'my brook server'
or get brook link with --udpovertcp
brook link --server 1.2.3.4:9999 --password hello --udpovertcp --name 'my brook server'
Run brook wsserver
SRC --TCP--> brook wsclient/relayoverbrook/dns/tproxy/GUI Client --TCP(Brook Protocol)--> brook wsserver --TCP--> DST
SRC --UDP--> brook wsclient/relayoverbrook/dns/tproxy/GUI Client --TCP(Brook Protocol)--> brook wsserver --UDP--> DST
brook wsserver --listen :9999 --password hello
Get brook link
brook link --server ws://1.2.3.4:9999 --password hello --name 'my brook wsserver'
or get brook link with domain, even if that's not your domain
brook link --server ws://hello.com:9999 --password hello --address 1.2.3.4:9999 --name 'my brook wsserver'
Run brook wssserver: automatically certificate
Make sure your domain has been resolved to your server IP successfully. Automatic certificate issuance requires the use of port 80
brook wssserver --domainaddress domain.com:443 --password hello
Get brook link
brook link --server wss://domain.com:443 --password hello --name 'my brook wssserver'
Run brook wssserver Use a certificate issued by an existing trust authority
Make sure your domain has been resolved to your server IP successfully
brook wssserver --domainaddress domain.com:443 --password hello --cert /root/cert.pem --certkey /root/certkey.pem
Get brook link
brook link --server wss://domain.com:443 --password hello --name 'my brook wssserver'
Run brook wssserver issue untrusted certificates yourself, any domain
Install mad
nami install mad
Generate root ca
mad ca --ca /root/ca.pem --key /root/cakey.pem
Generate domain cert by root ca
mad cert --ca /root/ca.pem --ca_key /root/cakey.pem --cert /root/cert.pem --key /root/certkey.pem --domain domain.com
Run brook
brook wssserver --domainaddress domain.com:443 --password hello --cert /root/cert.pem --certkey /root/certkey.pem
Get brook link with --insecure
brook link --server wss://domain.com:443 --password hello --name 'my brook wssserver' --address 1.2.3.4:443 --insecure
or get brook link with --ca
brook link --server wss://domain.com:443 --password hello --name 'my brook wssserver' --address 1.2.3.4:443 --ca /root/ca.pem
withoutBrookProtocol
Better performance, but data is not strongly encrypted using Brook protocol. So please use certificate encryption, and it is not recommended to use --withoutBrookProtocol and --insecure together
withoutBrookProtocol automatically certificate
Make sure your domain has been resolved to your server IP successfully. Automatic certificate issuance requires the use of port 80
brook wssserver --domainaddress domain.com:443 --password hello --withoutBrookProtocol
Get brook link
brook link --server wss://domain.com:443 --password hello --withoutBrookProtocol
withoutBrookProtocol Use a certificate issued by an existing trust authority
Make sure your domain has been resolved to your server IP successfully
brook wssserver --domainaddress domain.com:443 --password hello --cert /root/cert.pem --certkey /root/certkey.pem --withoutBrookProtocol
Get brook link
brook link --server wss://domain.com:443 --password hello --name 'my brook wssserver' --withoutBrookProtocol
withoutBrookProtocol issue untrusted certificates yourself, any domain
Install mad
nami install mad
Generate root ca
mad ca --ca /root/ca.pem --key /root/cakey.pem
Generate domain cert by root ca
mad cert --ca /root/ca.pem --ca_key /root/cakey.pem --cert /root/cert.pem --key /root/certkey.pem --domain domain.com
Run brook wssserver
brook wssserver --domainaddress domain.com:443 --password hello --cert /root/cert.pem --certkey /root/certkey.pem --withoutBrookProtocol
Get brook link
brook link --server wss://domain.com:443 --password hello --withoutBrookProtocol --address 1.2.3.4:443 --ca /root/ca.pem
brook server wsserver wssserver forward to another socks5 server on server-side
- --toSocks5
- --toSocks5Username
- --toSocks5Password
brook server wsserver wssserver block domain and ip on server-side
- --blockDomainList
- --blockCIDR4List
- --blockCIDR6List
- --updateListInterval
Run brook socks5, A stand-alone standard socks5 server
SRC --TCP--> brook socks5 --TCP--> DST
SRC --UDP--> brook socks5 --UDP--> DST
brook socks5 --listen :1080 --socks5ServerIP 1.2.3.4
Get brook link
brook link --server socks5://1.2.3.4:1080
Run brook socks5 with username and password. A stand-alone standard socks5 server
brook socks5 --listen :1080 --socks5ServerIP 1.2.3.4 --username hello --password world
Get brook link
brook link --server socks5://1.2.3.4:1080 --username hello --password world
brook relayoverbrook can relay a local address to a remote address over brook, both TCP and UDP, it works with brook server wsserver wssserver.
SRC --TCP--> brook relayoverbrook --TCP(Brook Protocol) --> brook server/wsserver/wssserver --TCP--> DST
SRC --UDP--> brook relayoverbrook --TCP/UDP(Brook Protocol) --> brook server/wsserver/wssserver --UDP--> DST
brook relayoverbrook ... --from 127.0.0.1:5353 --to 8.8.8.8:53
brook dns can create a encrypted DNS server, both TCP and UDP, it works with brook server wsserver wssserver.
SRC --TCP--> brook dns --TCP(Brook Protocol) --> brook server/wsserver/wssserver --TCP--> DST
SRC --UDP--> brook dns --TCP/UDP(Brook Protocol) --> brook server/wsserver/wssserver --UDP--> DST
brook dns ... --listen 127.0.0.1:53
- --dns
- --dnsForBypass
- --bypassDomainList
- --blockDomainList
brook tproxy Transparent Proxy Gateway on official OpenWrt
No need to manipulate iptables!
opkg install ca-certificates openssl-util ca-bundle coreutils-nohup iptables-mod-tproxy
brook tproxy --link 'brook://...' --dnsListen :5353
- OpenWrt DNS forwardings: OpenWrt Web -> Network -> DHCP and DNS -> General Settings -> DNS forwardings -> 127.0.0.1#5353
- OpenWrt Ignore resolve file: OpenWrt Web -> Network -> DHCP and DNS -> Resolv and Hosts Files -> Ignore resolve file
- By default, OpenWrt will automatically issue the IP of the router as gateway and DNS for your computers and mobiles
- --dnsForDefault
- --dnsForBypass
- --bypassDomainList
- --bypassCIDR4List
- --bypassCIDR6List
- --blockDomainList
brook tproxy Transparent Proxy Gateway on Ubuntu
No need to manipulate iptables!
systemctl stop systemd-resolved
systemctl disable systemd-resolved
echo nameserver 8.8.8.8 > /etc/resolv.conf
brook tproxy --link 'brook://...' --dnsListen :53
- You may need to manually configure the computer or mobile gateway and DNS.
- If you are running in a virtual machine and the host is using a wireless card, it may not work.
brook tproxy Transparent Proxy Gateway on M1 macOS
https://talks.txthinking.com/articles/brook-gateway-on-m1-macos-en.article
brook tproxy Transparent Proxy Gateway on Intel macOS
https://talks.txthinking.com/articles/brook-gateway-on-intel-macos-en.article
brook tproxy Transparent Proxy Gateway on Windows
https://talks.txthinking.com/articles/brook-gateway-on-windows-en.article
GUI for official OpenWrt
Dependencies: ca-certificates openssl-util ca-bundle coreutils-nohup iptables-mod-tproxy
No need to manipulate iptables!
port 9999, 1080, 5353 will be used. It work with brook server, brook wsserver and brook wssserver.
- Download the ipk file for your router
- Upload and install: OpenWrt Web -> System -> Software -> Upload Package...
- Refresh page, the Brook menu will appear at the top
- OpenWrt Web -> Brook -> type and Connect
- And OpenWrt DNS forwardings: OpenWrt Web -> Network -> DHCP and DNS -> General Settings -> DNS forwardings -> 127.0.0.1#5353
- And OpenWrt Ignore resolve file: OpenWrt Web -> Network -> DHCP and DNS -> Resolv and Hosts Files -> Ignore resolve file
- By default, OpenWrt will automatically issue the IP of the router as gateway and DNS for your computers and mobiles
brook relay can relay a address to a remote address. It can relay any tcp and udp server
SRC --TCP--> brook relay --TCP--> DST
SRC --UDP--> brook relay --UDP--> DST
brook relay --from :9999 --to 1.2.3.4:9999
brook socks5tohttp can convert a socks5 to a http proxy
brook socks5tohttp --socks5 127.0.0.1:1080 --listen 127.0.0.1:8010
brook pac creates pac server
brook pac --listen 127.0.0.1:8080 --proxy 'SOCKS5 127.0.0.1:1080; SOCKS 127.0.0.1:1080; DIRECT' --bypassDomainList ...
brook pac creates pac file
brook pac --file proxy.pac --proxy 'SOCKS5 127.0.0.1:1080; SOCKS 127.0.0.1:1080; DIRECT' --bypassDomainList ...
Command/Client | Remark | Support IPv4 | Support IPv6 |
---|---|---|---|
brook server | CLI | Yes | Yes |
brook client | CLI | Yes | Yes |
brook wsserver | CLI | Yes | Yes |
brook wsclient | CLI | Yes | Yes |
brook wssserver | CLI | Yes | Yes |
brook wssclient | CLI | Yes | Yes |
brook relayoverbrook | CLI | Yes | Yes |
brook dns | CLI | Yes | Yes |
brook tproxy | CLI | Yes | Yes |
brook connect | CLI | Yes | Yes |
brook relay | CLI | Yes | Yes |
brook socks5 | CLI | Yes | Yes |
brook socks5tohttp | CLI | Yes | Yes |
brook hijackhttps | CLI | Yes | Yes |
macOS Client | GUI | Yes | Yes |
Windows Client | GUI | Yes | Yes/? |
iOS Client | GUI | Yes | Yes |
Android Client | GUI | Yes | Yes |
OpenWrt Client | GUI | Yes | Yes |
NAT Type
Symmetric
Run command as daemon via joker
Install joker
nami install joker
To run the brook daemon with joker, just prefix the original command with joker
joker brook ...
Get the last command ID
joker last
View output and error of a command run via joker
joker log <ID>
View running commmands via joker
joker list
Stop a running command via joker
joker stop <ID>
Auto start at boot via jinbe
Install jinbe
nami install jinbe
To use jinbe to add a self-starting command at boot, just add jinbe in front of the original command
jinbe joker brook ...
View added commmands via jinbe
jinbe list
Remove a added command via jinbe
jinbe remove <ID>
Protocol
brook server protocol
brook wsserver protocol
brook wssserver protocol
withoutBrookProtocol protocol
withoutbrookprotocol-protocol.md
brook link protocol
Resources
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK