{"id":20492285,"url":"https://github.com/m1chtv/michns","last_synced_at":"2026-06-01T08:31:38.092Z","repository":{"id":245850432,"uuid":"819370644","full_name":"m1chtv/michns","owner":"m1chtv","description":"One-click Install and Configure Sniproxy + Dnsmasq for Sanctions Bypass in iran","archived":false,"fork":false,"pushed_at":"2026-02-08T00:19:53.000Z","size":353,"stargazers_count":1,"open_issues_count":0,"forks_count":1,"subscribers_count":1,"default_branch":"main","last_synced_at":"2026-02-08T09:08:30.899Z","etag":null,"topics":["dns","dns-over-http","dns-over-tls","dns-proxy","dns-server","dnsmasq","dnssec","shell","sniproxy"],"latest_commit_sha":null,"homepage":"https://m1ch.ir/","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/m1chtv.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2024-06-24T11:20:36.000Z","updated_at":"2026-02-08T00:19:56.000Z","dependencies_parsed_at":"2024-06-24T13:16:20.664Z","dependency_job_id":"d171c43f-2dce-48c9-bda0-d2720ea44b18","html_url":"https://github.com/m1chtv/michns","commit_stats":null,"previous_names":["m1chtv/michns"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/m1chtv/michns","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/m1chtv%2Fmichns","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/m1chtv%2Fmichns/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/m1chtv%2Fmichns/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/m1chtv%2Fmichns/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/m1chtv","download_url":"https://codeload.github.com/m1chtv/michns/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/m1chtv%2Fmichns/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":33767435,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-01T02:00:06.963Z","response_time":115,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["dns","dns-over-http","dns-over-tls","dns-proxy","dns-server","dnsmasq","dnssec","shell","sniproxy"],"created_at":"2024-11-15T17:28:29.404Z","updated_at":"2026-06-01T08:31:38.087Z","avatar_url":"https://github.com/m1chtv.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# michns\n\n### Script Description:\n\nThis combined Dnsmasq + SNIproxy solution is designed to circumvent regional censorship and geo-blocking restrictions effectively:\n\n- [Dnsmasq](http://thekelleys.org.uk/dnsmasq/doc.html) acts as a DNS hijacker, redirecting selected domain queries to the proxy. This allows intercepting and controlling domain resolution transparently.\n\n- [SNIproxy](https://github.com/dlundquist/sniproxy) then acts as a lightweight reverse proxy for HTTP and TLS traffic, forwarding requests to the actual streaming or blocked services without revealing the final destination to intermediate networks.\n\n- Together, they enable users behind strict firewalls or geo-filters (like government-imposed sanctions) to access otherwise blocked streaming media or web services.\n\n- The system works by selectively routing specific domains (configured via `/etc/dnsmasq.d/custom_mich.conf` and `/etc/sniproxy.conf`) through the proxy, leaving other traffic unaffected, which optimizes performance and reduces overhead.\n\n- This approach avoids the heavy resource use of VPNs or full HTTP proxies while maintaining high compatibility with streaming protocols.\n\n- It’s suitable for VPS environments where direct streaming is restricted, leveraging at least one VPS with unrestricted internet access to proxy traffic securely.\n\n- Security recommendations include restricting access via firewall rules and avoiding exposing the proxy IP publicly to prevent abuse.\n\n### Script usage:\n\n```Bash\nbash dnsmasq_sniproxy.sh [-h] [-i] [-f] [-id] [-fd] [-is] [-fs] [-u] [-ud] [-us]\n\n-h , --help Show help information\n-i , --install Install Dnsmasq + SNI Proxy\n-f , --fastinstall Fast install Dnsmasq + SNI Proxy\n-id, --installdnsmasq Install only Dnsmasq\n-fd, --installdnsmasq Fast install Dnsmasq\n-is, --installsniproxy Install only SNI Proxy\n-fs, --fastinstallsniproxy Fast install SNI Proxy\n-u , --uninstall Uninstall Dnsmasq + SNI Proxy\n-ud, --undnsmasq Uninstall Dnsmasq\n-us, --unsniproxy Uninstall SNI Proxy\n```\n\n### Fast installation (recommended):\n\n```Bash\nwget --no-check-certificate -O dnsmasq_sniproxy.sh https://raw.githubusercontent.com/m1chtv/michns/master/dnsmasq_sniproxy.sh \u0026\u0026 bash dnsmasq_sniproxy.sh -f\n```\n\n### Normal installation:\n\n```Bash\nwget --no-check-certificate -O dnsmasq_sniproxy.sh https://raw.githubusercontent.com/m1chtv/michns/master/dnsmasq_sniproxy.sh \u0026\u0026 bash dnsmasq_sniproxy.sh -i\n```\n\n### Uninstallation method:\n\n```Bash\nwget --no-check-certificate -O dnsmasq_sniproxy.sh https://raw.githubusercontent.com/m1chtv/michns/master/dnsmasq_sniproxy.sh \u0026\u0026 bash dnsmasq_sniproxy.sh -u\n```\n\n### How to use:\n\nChange the DNS address of the proxy host to the host IP where dnsmasq is installed. If it is not available, try to keep only one DNS address in the configuration file.\n\nTo prevent abuse, it is recommended not to disclose the IP address. You can use a firewall to restrict it.\n\n### Debugging and troubleshooting:\n\n- Confirm that sniproxy is running effectively\n\nCheck the status of sniproxy: `systemctl status sniproxy`\n\nIf sniproxy is not running, check whether there are other services occupying port 80,443, causing port conflicts, and check the port listening command: `netstat -tlunp | grep 443`\n\n- Confirm that the firewall allows 53,80,443\n\nYou can directly turn off the firewall for debugging `systemctl stop firewalld.service`\n\nThe security group ports of operators such as Alibaba Cloud/Google Cloud/AWS also need to be allowed\nYou can test it through other servers `telnet 1.2.3.4 53`\n\n- Domain name resolution test\n\nAfter trying to configure dns with other servers, resolve the domain name: nslookup xbox.com to determine whether the IP is the xbox proxy machine IP\nIf the nslookup command does not exist, centos installation: `yum install -y bind-utils` ubuntu \u0026 debian installation: `apt-get -y install dnsutils`\n\n- Solution to systemd-resolve service occupying port 53\n  Use `netstat -tlunp|grep 53` to find that port 53 is occupied by systemd-resolved\n  Modify `sudo nano /etc/systemd/resolved.conf`\n\n```\n[Resolve]\nDNS=8.8.8.8 1.1.1.1 #Uncomment and add dns\n#FallbackDNS=\n#Domains=\n#LLMNR=no\n#MulticastDNS=no\n#DNSSEC=no\n#Cache=yes\nDNSStubListener=no #Uncomment and change yes to no\n```\n\nThen execute the following command and restart systemd-resolved\n\n```\nln -sf /run/systemd/resolve/resolv.conf /etc/resolv.conf\nsystemctl restart systemd-resolved.service\n```\n\n# Small Security tip for public DNS\n\n```\ngit clone https://github.com/m1chtv/michns.git\ncd michns\nchmod +x setup-nftables.sh\nsudo ./setup-nftables.sh\n\nsudo apt install nftables -y\nsudo systemctl enable nftables\nsudo nft list ruleset \u003e /etc/nftables.conf\n```\n\n\n---\n\n**_This script is only for Sanctions Bypass_**\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fm1chtv%2Fmichns","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fm1chtv%2Fmichns","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fm1chtv%2Fmichns/lists"}