Brook

🤝 Telegram 💬 Private 🩸 Youtube ❤️ Sponsor

A cross-platform network tool designed for developers.

Install

Install brook command

nami can automatically download the command corresponding to your system. If on Windows, run in Git Bash
or
If your system is not Linux, MacOS, Windows, or don't want nami, you can download it directly on the releases page
or
the script but only some parameters are supported: bash <(curl https://bash.ooo/brook.sh)
or
scripts written by others
or
Archlinux: pacman -S brook (may be outdated)
or
brew: brew install brook (may be outdated)

Install nami

bash <(curl https://bash.ooo/nami.sh)

Install brook

nami install brook

Install Brook GUI client

iOS & M1 Mac Android macOS Windows OpenWrt Linux CLI or tun2brook

Windows: requires that the latest version of Edge(chromium-based) has been installed

Windows Security Virus & threat protection: Settings -> Update & Security -> Windows Security -> Virus & threat protection -> Virus & threat protection settings -> manage settings -> Exclusions -> Add or remove exclusions -> Add an exclusion -> File -> Select Brook.exe

How the Brook GUI works

brook `subcommand` and `command line arguments`

all subcoommand: brook --help
command line arguments of subommand: brook xxx --help

brook rule format

There are three types of rule files

domain list: One domain name per line, the suffix matches mode. Can be a local file or an HTTPS URL
CIDR v4 list: One CIDR per line, which can be a local file or an HTTPS URL
CIDR v6 list: One CIDR per line, which can be a local file or an HTTPS URL

Rules file can be used for

Server-side: blocking domain name and IP
brook dns: bypass, block domain
brook tproxy: bypass, block, domain, ip
OpenWrt: bypass, block, domain, ip
Brook GUI: bypass, block, domain, ip

Examples

List some examples of common scene commands, pay attention to replace the parameters such as IP, port, password, domain name, certificate path, etc. in the example by yourself

Run brook server

SRC --TCP--> brook client/relayoverbrook/dns/tproxy/GUI Client --TCP(Brook Protocol)--> brook server --TCP--> DST
SRC --UDP--> brook client/relayoverbrook/dns/tproxy/GUI Client --UDP/TCP(Brook Protocol)--> brook server --UDP--> DST

brook server --listen :9999 --password hello

Get brook link with --udpovertcp

brook link --server 1.2.3.4:9999 --password hello --udpovertcp --name 'my brook server'

or get brook link with udp over udp

Make sure you have no problem with your local UDP network to your server

brook link --server 1.2.3.4:9999 --password hello --name 'my brook server'

Run brook wsserver

SRC --TCP--> brook wsclient/relayoverbrook/dns/tproxy/GUI Client --TCP(Brook Protocol)--> brook wsserver --TCP--> DST
SRC --UDP--> brook wsclient/relayoverbrook/dns/tproxy/GUI Client --TCP(Brook Protocol)--> brook wsserver --UDP--> DST

brook wsserver --listen :9999 --password hello

Get brook link

brook link --server ws://1.2.3.4:9999 --password hello --name 'my brook wsserver'

or get brook link with domain, even if that's not your domain

brook link --server ws://hello.com:9999 --password hello --address 1.2.3.4:9999 --name 'my brook wsserver'

Run brook wssserver: automatically certificate

Make sure your domain has been resolved to your server IP successfully. Automatic certificate issuance requires the use of port 80

brook wssserver --domainaddress domain.com:443 --password hello

Get brook link

brook link --server wss://domain.com:443 --password hello --name 'my brook wssserver'

Run brook wssserver Use a certificate issued by an existing trust authority

Make sure your domain has been resolved to your server IP successfully

brook wssserver --domainaddress domain.com:443 --password hello --cert /root/cert.pem --certkey /root/certkey.pem

Get brook link

brook link --server wss://domain.com:443 --password hello --name 'my brook wssserver'

Run brook wssserver issue untrusted certificates yourself, any domain

Install mad

nami install mad

Generate root ca

mad ca --ca /root/ca.pem --key /root/cakey.pem

Generate domain cert by root ca

mad cert --ca /root/ca.pem --ca_key /root/cakey.pem --cert /root/cert.pem --key /root/certkey.pem --domain domain.com

Run brook

brook wssserver --domainaddress domain.com:443 --password hello --cert /root/cert.pem --certkey /root/certkey.pem

Get brook link with --insecure

brook link --server wss://domain.com:443 --password hello --name 'my brook wssserver' --address 1.2.3.4:443 --insecure

or get brook link with --ca

brook link --server wss://domain.com:443 --password hello --name 'my brook wssserver' --address 1.2.3.4:443 --ca /root/ca.pem

withoutBrookProtocol

Better performance, but data is not strongly encrypted using Brook protocol. So please use certificate encryption, and it is not recommended to use --withoutBrookProtocol and --insecure together

withoutBrookProtocol automatically certificate

Make sure your domain has been resolved to your server IP successfully. Automatic certificate issuance requires the use of port 80

brook wssserver --domainaddress domain.com:443 --password hello --withoutBrookProtocol

Get brook link

brook link --server wss://domain.com:443 --password hello --withoutBrookProtocol

withoutBrookProtocol Use a certificate issued by an existing trust authority

Make sure your domain has been resolved to your server IP successfully

brook wssserver --domainaddress domain.com:443 --password hello --cert /root/cert.pem --certkey /root/certkey.pem --withoutBrookProtocol

Name		Name	Last commit message	Last commit date
Latest commit History 671 Commits
.github		.github
cli/brook		cli/brook
docs		docs
ipk		ipk
limits		limits
ping		ping
protocol		protocol
tproxy		tproxy
.travis.yml		.travis.yml
LICENSE		LICENSE
OPENSOURCELICENSES		OPENSOURCELICENSES
README.md		README.md
README_ZH.md		README_ZH.md
client.go		client.go
dns.go		dns.go
exchanger.go		exchanger.go
go.mod		go.mod
go.sum		go.sum
hijackhttps.go		hijackhttps.go
init.go		init.go
link.go		link.go
list.go		list.go
map.go		map.go
nonce.go		nonce.go
pac.go		pac.go
packetclient.go		packetclient.go
packetserver.go		packetserver.go
packetstream.go		packetstream.go
relay.go		relay.go
resolve.go		resolve.go
server.go		server.go
simplestreamclient.go		simplestreamclient.go
simplestreamserver.go		simplestreamserver.go
socks5.go		socks5.go
socks5tohttp.go		socks5tohttp.go
streamclient.go		streamclient.go
streamserver.go		streamserver.go
test_test.go		test_test.go
tproxy_linux.go		tproxy_linux.go
tproxy_notlinux.go		tproxy_notlinux.go
util.go		util.go
waitreaderr.go		waitreaderr.go
wsclient.go		wsclient.go
wsserver.go		wsserver.go

Command/Client	Remark	Support IPv4	Support IPv6
brook server	CLI	Yes	Yes
brook client	CLI	Yes	Yes
brook wsserver	CLI	Yes	Yes
brook wsclient	CLI	Yes	Yes
brook wssserver	CLI	Yes	Yes
brook wssclient	CLI	Yes	Yes
brook relayoverbrook	CLI	Yes	Yes
brook dns	CLI	Yes	Yes
brook tproxy	CLI	Yes	Yes
brook connect	CLI	Yes	Yes
brook relay	CLI	Yes	Yes
brook socks5	CLI	Yes	Yes
brook socks5tohttp	CLI	Yes	Yes
brook hijackhttps	CLI	Yes	Yes
macOS Client	GUI	Yes	Yes
Windows Client	GUI	Yes	Yes/?
iOS Client	GUI	Yes	Yes
Android Client	GUI	Yes	Yes
OpenWrt Client	GUI	Yes	Yes

License

sunlx688/brook

Folders and files

Latest commit

History

Repository files navigation

Brook

Install

Install brook command

Install Brook GUI client

brook subcommand and command line arguments

brook rule format

Examples

Run brook server

Run brook wsserver

Run brook wssserver: automatically certificate

Run brook wssserver Use a certificate issued by an existing trust authority

Run brook wssserver issue untrusted certificates yourself, any domain

withoutBrookProtocol

withoutBrookProtocol automatically certificate

withoutBrookProtocol Use a certificate issued by an existing trust authority

withoutBrookProtocol issue untrusted certificates yourself, any domain

brook server wsserver wssserver forward to another socks5 server on server-side

brook server wsserver wssserver block domain and ip on server-side

Run brook socks5, A stand-alone standard socks5 server

Run brook socks5 with username and password. A stand-alone standard socks5 server

brook relayoverbrook can relay a local address to a remote address over brook, both TCP and UDP, it works with brook server wsserver wssserver.

brook dns can create a encrypted DNS server, both TCP and UDP, it works with brook server wsserver wssserver.

brook tproxy Transparent Proxy Gateway on official OpenWrt

brook tproxy Transparent Proxy Gateway on Ubuntu

brook tproxy Transparent Proxy Gateway on M1 macOS

brook tproxy Transparent Proxy Gateway on Intel macOS

brook tproxy Transparent Proxy Gateway on Windows

GUI for official OpenWrt

brook relay can relay a address to a remote address. It can relay any tcp and udp server

brook socks5tohttp can convert a socks5 to a http proxy

brook pac creates pac server

brook pac creates pac file

IPv6

NAT Type

Run command as daemon via joker

Auto start at boot via jinbe

Protocol

brook server protocol

brook wsserver protocol

brook wssserver protocol

withoutBrookProtocol protocol

brook link protocol

Resources

About

Resources

License

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Languages

brook `subcommand` and `command line arguments`

Packages