Usage: naive --listen=... --proxy=...
       naive [/path/to/config.json]

Description:

  naive is a proxy that transports traffic in Chromium's pattern.
  It works as both a proxy client and a proxy server or together.

  Options in the form of `naive --listen=... --proxy=...` can also be
  specified using a JSON file:

    {
      "listen": "...",
      "proxy": "..."
    }

  Specifying a flag multiple times on the command line is equivalent to
  having an array of multiple strings in the JSON file.

  Uses "config.json" by default if run without arguments.

Options:

  -h, --help

    Shows help message.

  --version

    Prints version.

  --listen=LISTEN-URI

    LISTEN-URI = <LISTEN-PROTO>"://"[<USER>":"<PASS>"@"][<ADDR>][":"<PORT>]
    LISTEN-PROTO = "socks" | "http" | "redir"

    Listens at addr:port with protocol <LISTEN-PROTO>.
    Can be specified multiple times to listen on multiple ports.
    Default proto, addr, port: socks, 0.0.0.0, 1080.

    Note: redir requires specific iptables rules and uses no authentication.

      (Redirecting locally originated traffic)
      iptables -t nat -A OUTPUT -d $proxy_server_ip -j RETURN
      iptables -t nat -A OUTPUT -p tcp -j REDIRECT --to-ports 1080

      (Redirecting forwarded traffic on a router)
      iptables -t nat -A PREROUTING -p tcp -j REDIRECT --to-ports 1080

      Also activates a DNS resolver on the same UDP port. Similar iptables
      rules can redirect DNS queries to this resolver. The resolver returns
      artificial addresses that are translated back to the original domain
      names in proxy requests and then resolved remotely.

      The artificial results are not saved for privacy, so restarting the
      resolver may cause downstream to cache stale results.

  --proxy=PROXY

    PROXY = PROXY-CHAIN | SOCKS-PROXY
    PROXY-CHAIN = <PROXY-URI>[","<PROXY-CHAIN>] 
    PROXY-URI = <PROXY-PROTO>"://"[<USER>":"<PASS>"@"]<HOSTNAME>[":"<PORT>]
    PROXY-PROTO = "http" | "https" | "quic"
    SOCKS-PROXY = "socks://"<HOSTNAME>[":"<PORT>]

    Routes traffic via the proxy chain.
    The default proxy is directly connection without proxying.
    The last PROXY-URI is negotiated automatically for Naive padding.
    Limitations:
      * QUIC proxies cannot follow TCP-based proxies in a proxy chain.
      * The user needs to ensure there is no loop in the proxy chain.
      * SOCKS proxies do not support chaining, authentication, or Naive padding.

  --insecure-concurrency=<N>

    Use N concurrent tunnel connections to be more robust under bad network
    conditions. More connections make the tunneling easier to detect and less
    secure. This project strives for the strongest security against traffic
    analysis. Using it in an insecure way defeats its purpose.

    If you must use this, try N=2 first to see if it solves your issues.
    Strongly recommend against using more than 4 connections here.

  --extra-headers=...

    Appends extra headers in requests to the proxy server.
    Multiple headers are separated by CRLF.

  --host-resolver-rules="MAP proxy.example.com 1.2.3.4"

    Statically resolves a domain name to an IP address.

  --resolver-range=CIDR

    Uses this range in the builtin resolver. Default: 100.64.0.0/10.

  --log=[<path>]

    Saves log to the file at <path>. If path is empty, prints to
    console. No log is saved or printed by default for privacy.

  --log-net-log=<path>

    Saves NetLog. View at https://netlog-viewer.appspot.com/.

  --ssl-key-log-file=<path>

    Saves SSL keys for Wireshark inspection.

  --no-post-quantum

    Overrides the default and disables post-quantum key agreement.