'\" t .\" Title: meek-client .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.79.1 .\" Date: 10/20/2022 .\" Manual: \ \& .\" Source: \ \& .\" Language: English .\" .TH "MEEK\-CLIENT" "1" "10/20/2022" "\ \&" "\ \&" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" meek-client \- The meek client transport plugin .SH "SYNOPSIS" .sp \fBmeek\-client\fR [\fIOPTIONS\fR] .SH "DESCRIPTION" .sp meek\-client is a transport plugin for Tor that encodes a stream as a sequence of HTTP requests and responses\&. It has a \fBurl\fR option to control what destination server requests are directed to, and a \fBfront\fR option for domain name camouflage: The domain name in the URL is replaced by the front domain before the request is made, but the Host header inside the HTTP request still points to the original domain\&. The idea is to front through a domain that is not blocked to a domain that is blocked\&. .SH "CONFIGURATION" .sp Configuration for meek\-client usually happens in a torrc file\&. .sp Per\-bridge options are configured with SOCKS args (key=value pairs in a Bridge line)\&. The possible SOCKS args are: .PP \fBurl\fR=\fIURL\fR (required) .RS 4 The URL of a meek\-server instance\&. The domain name component will typically be hidden by the value in the \fBfront\fR arg\&. .RE .PP \fBfront\fR=\fIDOMAIN\fR .RS 4 Front domain name\&. If provided, this domain name will replace the domain name of \fBurl\fR in the DNS request and TLS SNI field\&. The URL\(cqs true domain name will still appear in the Host header of HTTP requests\&. .RE .PP \fButls\fR=\fICLIENTHELLOID\fR .RS 4 Use the uTLS library with the named TLS fingerprint for TLS camouflage\&. This arg is incompatible with the \fB\-\-helper\fR command line option\&. The possible values of \fICLIENTHELLOID\fR are: .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} HelloRandomizedALPN .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} HelloRandomizedNoALPN .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} HelloFirefox_55 .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} HelloFirefox_56 .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} HelloFirefox_63 .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} HelloFirefox_65 .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} HelloFirefox_99 .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} HelloFirefox_102 .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} HelloFirefox_105 .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} HelloFirefox_Auto = HelloFirefox_105 .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} HelloChrome_58 .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} HelloChrome_62 .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} HelloChrome_70 .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} HelloChrome_72 .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} HelloChrome_83 .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} HelloChrome_87 .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} HelloChrome_96 .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} HelloChrome_100 .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} HelloChrome_102 .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} HelloChrome_Auto = HelloChrome_102 .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} HelloIOS_11_1 .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} HelloIOS_12_1 .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} HelloIOS_13 .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} HelloIOS_14 .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} HelloIOS_Auto = HelloIOS_14 .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} HelloEdge_85 .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} HelloEdge_Auto = HelloEdge_85 .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} HelloSafari_16_0 .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} HelloSafari_Auto = HelloSafari_16_0 .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} Hello360_7_5 .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} Hello360_Auto = Hello360_7_5 .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} HelloQQ_11_1 .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} HelloQQ_Auto = HelloQQ_11_1 .RE .sp As a special case, the values "none" and "HelloGolang" are recognized as aliases for omitting the \fButls\fR SOCKS arg; i\&.e\&., use native Go TLS\&. .RE .sp For backward compatibility, each SOCKS arg also has an equivalent command line option\&. For example, this configuration using SOCKS args: .sp .if n \{\ .RS 4 .\} .nf Bridge meek 0\&.0\&.2\&.0:1 url=https://forbidden\&.example/ front=allowed\&.example ClientTransportPlugin meek exec \&./meek\-client .fi .if n \{\ .RE .\} .sp is the same as this one using command line options: .sp .if n \{\ .RS 4 .\} .nf Bridge meek 0\&.0\&.2\&.0:1 ClientTransportPlugin meek exec \&./meek\-client \-\-url=https://forbidden\&.example/ \-\-front=allowed\&.example .fi .if n \{\ .RE .\} .sp SOCKS args are preferred over command line options because they allow you to have multiple Bridge lines with different settings\&. If a SOCKS arg and a command line option are both given for the same setting, the SOCKS arg takes precedence\&. .sp The global \fB\-\-helper\fR option prevents meek\-client from doing any network operations itself\&. Rather, it will send all requests through a browser extension, which must be set up separately\&. .sp A global proxy (applies to all Bridge lines) can be configured using special torrc options: .sp .if n \{\ .RS 4 .\} .nf Socks4Proxy localhost:1080 Socks5Proxy localhost:1080 Socks5ProxyUsername username Socks5ProxyPassword password HTTPSProxy localhost:8080 HTTPSProxyAuthenticator username:password .fi .if n \{\ .RE .\} .sp or, equivalently, using the \fB\-\-proxy\fR command line option\&. The command line option takes precedence\&. .sp When the \fB\-\-helper\fR option is used, you can use proxies of type http, socks4a, or socks5, but you cannot use a username or password with the proxy\&. Without \fB\-\-helper\fR, you can use proxies of type http, https, or socks5, and you can optionally use a username and password\&. .SH "OPTIONS" .PP \fB\-\-front\fR=\fIDOMAIN\fR .RS 4 Front domain name\&. Prefer using the \fBfront\fR SOCKS arg on a bridge line over using this command line option\&. .RE .PP \fB\-\-helper\fR=\fIADDRESS\fR .RS 4 Address of HTTP helper browser extension\&. For example, \fB\-\-helper=127\&.0\&.0\&.1:7000\fR\&. .RE .PP \fB\-\-proxy\fR=\fIURL\fR .RS 4 URL of upstream proxy\&. For example, \fB\-\-proxy=http://localhost:8080/\fR, \fB\-\-proxy=socks4a://localhost:1080\fR, or \fB\-\-proxy=socks5://localhost:1080\fR\&. Can also be configured using the \fBHTTPSProxy\fR, \fBSocks4Proxy\fR, or \fBSocks5Proxy\fR options in a torrc file\&. .RE .PP \fB\-\-log\fR=\fIFILENAME\fR .RS 4 Name of a file to write log messages to (default stderr)\&. .RE .PP \fB\-\-url\fR=\fIURL\fR .RS 4 URL to correspond with\&. Prefer using the \fBurl\fR SOCKS arg on a bridge line over using this command line option\&. .RE .PP \fB\-\-utls\fR=\fICLIENTHELLOID\fR .RS 4 Use uTLS with the given TLS fingerprint for TLS camouflage\&. This option is incompatible with \fB\-\-helper\fR\&. Prefer using the \fButls\fR SOCKS arg over using this command line option\&. .RE .PP \fB\-h\fR, \fB\-\-help\fR .RS 4 Display a help message and exit\&. .RE .SH "SEE ALSO" .sp \fBhttps://trac\&.torproject\&.org/projects/tor/wiki/doc/meek\fR .SH "BUGS" .sp Please report at \fBhttps://trac\&.torproject\&.org/projects/tor\fR\&.