Open-source alternatives to Hiddify App

FlClash is a cross-platform proxy client designed to manage network traffic through configurable rules and system-level tunnel integration. It functions as a native system orchestrator, coordinating application lifecycle events and background services across desktop and mobile environments. The application utilizes a modular architecture that enables extensibility through local plugins and foreign function interfaces, allowing for direct interaction with native system libraries. It maintains security by isolating restricted administrative tasks within a privileged helper process, which valida

ShadowsocksX-NG is a macOS application that functions as a Shadowsocks VPN client, SOCKS5 proxy manager, and PAC routing client. It is designed to bypass network restrictions by managing connections to Shadowsocks proxy servers through a graphical user interface. The project provides mechanisms for importing server profiles via QR codes and URLs, and it supports the integration of third-party plugins to modify network traffic. It also includes a local HTTP proxy server that translates SOCKS5 traffic into HTTP proxy format for application compatibility. The utility covers network traffic rout

Algo is a cloud VPN deployment tool and WireGuard orchestrator designed to automate the provisioning and configuration of personal VPN servers across multiple cloud infrastructure providers. It functions as a multi-cloud infrastructure provisioner and a VPN client configuration generator, creating the necessary tunnels and connection profiles for secure device connectivity. The project distinguishes itself by integrating a network ad-blocking DNS server directly into the deployment, filtering advertisements and malicious domains for all connected clients. It further simplifies the onboarding

A rule-based proxy for macOS

Lantern is a network utility designed to provide access to restricted internet content by tunneling traffic through encrypted connections. It functions as a censorship circumvention tool that enables private web browsing and ensures reliable connectivity in environments where standard network access is blocked or monitored. The application employs a decentralized infrastructure that routes data through a network of distributed proxy nodes. To maintain connectivity in the face of interference, it utilizes dynamic proxy discovery and adaptive fallback mechanisms that automatically switch betwee

This project provides a set of curated configuration rules and domain lists for the Shadowrocket app. It consists of network traffic routing rules, ad-blocking domain lists, DNS configuration profiles, and proxy bypass lists used to filter and direct network traffic. The rules establish policy-based routing logic to determine whether specific traffic is proxied, connected directly, or rejected. This includes specialized lists for proxy bypass management and the blocking of known advertising and tracking domains at the network level. The project covers a broad range of traffic management capa

BPB-Worker-Panel is a control panel designed for deploying and managing VLESS and Trojan proxies hosted on Cloudflare Workers. It functions as a proxy subscription generator and a manager for secure DNS over HTTPS servers and WireGuard configuration provisioning. The project distinguishes itself through network traffic obfuscation capabilities, utilizing packet fragmentation and SNI spoofing to evade detection. It provides specialized administration for Cloudflare Warp and Warp Pro connections, including the ability to optimize endpoints and export WireGuard configurations. The system covers

NekoBoxForAndroid is a network utility for Android that functions as a system-wide VPN tunneling client. It leverages the Sing-Box engine to capture and redirect device traffic through a virtual network interface, providing a centralized platform for managing proxy connections and network routing. The application distinguishes itself through its advanced configuration management, allowing users to define granular traffic rules based on domains, IP addresses, or specific applications. It supports complex network requirements by enabling multi-hop proxy chaining, custom DNS resolution strategie

dae is a high-performance Linux network tool that functions as an eBPF transparent proxy. It intercepts and redirects packets at the kernel level to route internet traffic based on domains, IP addresses, and process names. The project distinguishes itself by modifying TLS handshakes to simulate browser signatures, which prevents server-side detection of proxy traffic. It also implements a full-cone network address translation gateway to maintain stable bidirectional connections and utilizes a latency-based node selector to automatically route traffic through the fastest available proxy nodes.

This project is a comprehensive resource directory for web data extraction, providing a curated collection of tools and libraries for parsing data, automating browsers, and managing network operations. It serves as a guide for extracting structured information from HTML, XML, JSON, and PDF formats. The toolkit focuses on advanced data collection strategies, including headless browser automation to interact with JavaScript and a suite of network utilities for DNS resolution and WebSocket connections. It specifically covers methods for bypassing bot protections through proxy pool management, us

Pangolin is a zero-trust remote access platform designed to provide secure, identity-aware connectivity to private network resources. It functions as a cloud-native network controller that orchestrates encrypted tunnels, traffic routing, and access policies across distributed environments. By leveraging WireGuard for secure data transport, the platform enables authenticated access to internal web applications, terminal sessions, and remote desktops without exposing services to the public internet. The platform distinguishes itself through a declarative infrastructure model that synchronizes n

This project provides a collection of structured, binary-encoded routing datasets designed for proxy software to automate network traffic management. By mapping domain names and IP addresses to specific functional categories, it enables proxy clients to make granular, policy-based connection decisions. The repository serves as a centralized source for routing metadata, ensuring that traffic steering logic remains consistent across various networking implementations. The project distinguishes itself through an automated aggregation pipeline that processes community-maintained datasets into a u

This project is a proxy server designed to intercept and modify HTTP and HTTPS traffic for Netease Cloud Music. It functions as network middleware to restore playback for songs and albums restricted by geographic regions and to unlock premium account features, such as high-fidelity audio. The server utilizes header-based privilege injection to spoof premium status and employs conditional content redirection to route requests for unavailable media to alternative source providers. It also incorporates upstream proxy routing and IP parameters to bypass regional access restrictions. Additional c

v2rayNG is an Android proxy client designed to route device network traffic through encrypted tunnels. It functions as a network routing engine that intercepts outgoing requests and applies custom traffic rules to manage connectivity and enhance user privacy. The application distinguishes itself by integrating a high-performance network proxy core, which enables complex protocol translation and traffic management directly on mobile devices. It utilizes local loopback and Unix-socket tunneling to redirect device-wide requests, maintaining persistent connectivity through native background servi

Throne is a cross-platform proxy client that provides a unified graphical interface for managing and routing network traffic through secure proxy protocols. It combines subscription-based node management, multi-protocol routing, TUN-based global traffic interception, and DNS leak prevention into a single application that runs on Windows, Linux, and macOS. The application supports a wide range of proxy protocols including SOCKS, HTTP, Shadowsocks, Trojan, and VMess, and can route traffic through chains of multiple proxy servers for layered routing. It creates a virtual network interface to int

Sing-box is a universal proxy engine and traffic router designed to manage complex network connectivity across multiple operating systems. It functions as a configuration-driven core that intercepts system-level traffic, allowing for transparent proxying through encrypted tunnels. By normalizing diverse network protocols into a unified interface, the engine enables consistent traffic forwarding and protocol translation regardless of the underlying environment. The project distinguishes itself through a declarative configuration pipeline that validates and merges modular settings into a unifie

This project is a service mesh platform designed to manage, secure, and observe service-to-service communication within Kubernetes clusters. It functions as a control plane that orchestrates transparent sidecar proxies, which intercept and manage network traffic to provide reliable connectivity for microservices. By automating the injection of these proxies, the platform ensures that infrastructure-level policies are applied consistently across all workloads without requiring manual configuration changes. The platform distinguishes itself through its focus on zero-trust security and cross-clu

gost is a multi-protocol proxy tunnel and secure tunneling server designed to route network traffic through encrypted connections. It functions as a traffic obfuscation gateway and a transparent proxy server capable of intercepting TCP and UDP traffic at the IP level. The project also includes a virtual network interface manager for creating TUN and TAP devices to intercept operating system packets. The system distinguishes itself through a chain-based request routing model, allowing traffic to pass through an ordered sequence of proxy nodes. It provides extensive transport-layer encapsulatio

Toxiproxy is a framework designed for chaos engineering and network resilience testing. It functions as a programmable TCP proxy that intercepts and routes data streams between clients and servers, allowing developers to simulate unstable network conditions such as latency, bandwidth throttling, and connection failures. The tool provides a control plane that enables the dynamic manipulation of network conditions on active connections in real time. By integrating into automated test suites, it allows for the programmatic injection of faults to validate how distributed systems and microservices

基于 SwiftUI AppKit 构建、由 mihomo 驱动的原生 macOS 菜单栏代理客户端，专注轻量、稳定与可观测。

macOS menu bar app to bypass VPN for specific domains and services

The AWS Cloud Development Kit is an infrastructure-as-code framework that enables developers to define and provision cloud resources using familiar programming languages. By utilizing construct-based synthesis, it translates high-level, object-oriented code into declarative templates, allowing for the automated management of complex cloud environments through a centralized, code-driven control plane. The framework distinguishes itself through its ability to model infrastructure as a dependency-aware resource graph, ensuring that components are provisioned and updated in the correct order. It

cfnew is a V2Ray subscription management system and network proxy orchestrator designed to route traffic across multiple protocols, including VLESS, Trojan, and xhttp. It functions as a latency testing tool and a web-based proxy controller for managing node configurations and preferred IP addresses. The project features a subscription format converter that uses user-agent detection to deliver network configurations in formats compatible with specific client applications. It also provides a web-based configuration interface backed by a key-value store for updating system settings and routing r

Yarp is a .NET HTTP reverse proxy toolkit and framework used to build applications that route network traffic to backend servers. It provides a customizable routing engine for directing incoming requests to specific destination targets based on defined matching patterns. The project enables the implementation of API gateways and reverse proxies by providing tools for dynamic request routing and custom load balancing across pools of backend servers. The toolkit covers traffic management capabilities including cluster-based load balancing, configuration-driven route matching, and support for H

Fabio is a network gateway that provides reverse proxying, layer 7 traffic management, and automated service discovery mapping. It functions as an HTTP reverse proxy, a gRPC and TCP proxy, and a service discovery gateway to route incoming traffic to healthy backend instances. The project distinguishes itself through deep integration with service registries, specifically acting as a Consul load balancer to automatically synchronize routing tables and update destination targets. It manages diverse traffic types using SNI-based routing for raw TCP streams and maintains full protocol compatibilit

Pingora is a Rust-based framework for building high-performance network services, including HTTP reverse proxies, layer seven load balancers, and TLS termination proxies. It serves as an asynchronous network library designed to intercept and route HTTP, gRPC, and WebSocket traffic between clients and upstream backend servers. The project enables zero-downtime service updates by handing over listening sockets between processes during binary or configuration upgrades. It utilizes a programmable multi-phase pipeline to modify request and response bodies and headers, and it provides a pluggable T

Surge is a network traffic routing and configuration system designed to categorize and steer network requests using curated rule sets, domain lists, and IP databases. It provides the data structures and filtering logic necessary to manage how application traffic is directed across proxies, direct connections, or regional gateways. The project distinguishes itself through granular traffic identification and steering. It identifies network requests by matching them against system process names, user-agent strings, and geographic IP ranges to apply specific routing policies. This allows for the