Usage: naive --listen=... --proxy=...
       naive [/path/to/config.json]

Description:

  naive is a proxy that transports traffic in Chromium's pattern.
  It works as both a proxy client and a proxy server or together.

  Options in the form of `naive --listen=... --proxy=...` can also be
  specified using a JSON file:

    {
      "listen": "...",
      "proxy": "..."
    }

  `--listen` can be specified multiple times on the command line,
  and can be either a string or an array of strings in the JSON file.

  Uses "config.json" by default if run without arguments.

Options:

  -h, --help

    Shows help message.

  --version

    Prints version.

  --listen=<proto>://[addr][:port]
  --listen=socks://[[user]:[pass]@][addr][:port]

    Listens at addr:port with protocol <proto>.
    Can be specified multiple times to listen on multiple ports.

    Available proto: socks, http, redir.
    Default proto, addr, port: socks, 0.0.0.0, 1080.

    * http: Supports only proxying https:// URLs, no http://.

    * redir: Works with certain iptables setup.

      (Redirecting locally originated traffic)
      iptables -t nat -A OUTPUT -d $proxy_server_ip -j RETURN
      iptables -t nat -A OUTPUT -p tcp -j REDIRECT --to-ports 1080

      (Redirecting forwarded traffic on a router)
      iptables -t nat -A PREROUTING -p tcp -j REDIRECT --to-ports 1080

      Also activates a DNS resolver on the same UDP port. Similar iptables
      rules can redirect DNS queries to this resolver. The resolver returns
      artificial addresses that are translated back to the original domain
      names in proxy requests and then resolved remotely.

      The artificial results are not saved for privacy, so restarting the
      resolver may cause downstream to cache stale results.

  --proxy=<proto>://<user>:<pass>@<hostname>[:<port>]

    Routes traffic via the proxy server. Connects directly by default.
    Available proto: https, quic. Infers port by default.

  --insecure-concurrency=<N>

    Use N concurrent tunnel connections to be more robust under bad network
    conditions. More connections make the tunneling easier to detect and less
    secure. This project strives for the strongest security against traffic
    analysis. Using it in an insecure way defeats its purpose.

    If you must use this, try N=2 first to see if it solves your issues.
    Strongly recommend against using more than 4 connections here.

  --extra-headers=...

    Appends extra headers in requests to the proxy server.
    Multiple headers are separated by CRLF.

  --host-resolver-rules="MAP proxy.example.com 1.2.3.4"

    Statically resolves a domain name to an IP address.

  --resolver-range=CIDR

    Uses this range in the builtin resolver. Default: 100.64.0.0/10.

  --log=[<path>]

    Saves log to the file at <path>. If path is empty, prints to
    console. No log is saved or printed by default for privacy.

  --log-net-log=<path>

    Saves NetLog. View at https://netlog-viewer.appspot.com/.

  --ssl-key-log-file=<path>

    Saves SSL keys for Wireshark inspection.

  --no-post-quantum

    Overrides the default and disables post-quantum key agreement.