Analysis updated 2026-05-18
Deploy a private VLESS tunnel that disguises itself as normal HTTPS traffic to a real website.
Run a remnawave backed proxy that resists common deep packet inspection blocking.
Use REALITY to borrow a real site's TLS certificate so a tunnel looks legitimate.
Study the handshake sequence to understand how traffic obfuscation techniques like xHTTP work.
| internetkafe/internetkafexhttp | andrewrk/mcserve | angais/fable5-mc | |
|---|---|---|---|
| Stars | 59 | 59 | 59 |
| Language | — | JavaScript | JavaScript |
| Last pushed | — | 2013-04-10 | — |
| Maintenance | — | Dormant | — |
| Setup difficulty | moderate | moderate | easy |
| Complexity | 3/5 | 3/5 | 2/5 |
| Audience | ops devops | ops devops | developer |
Figures from each repo's GitHub metadata at analysis time.
Requires a remnawave panel and a real domain to borrow a certificate from via REALITY.
InternetkafeXHTTP is a ready made server configuration file for Xray, an open source proxy engine, set up to work with a panel system called remnawave. Its purpose is to create a private, encrypted tunnel that is designed to look like normal HTTPS web browsing to anyone inspecting the network traffic, which is a common approach in regions where internet providers try to detect and block VPN or proxy connections. The configuration combines several techniques. It listens on an uncommon high port, 47222, rather than a typical port, so it falls outside where most inspection tools focus their attention. It uses a feature called REALITY, which borrows the real TLS certificate of an existing website, in this case sempre.moscow, so a connection looks like it is genuinely reaching that site. On top of that it wraps the traffic in xHTTP, a transport that reshapes the connection into ordinary looking HTTP requests with browser style headers. A FakeDNS feature keeps the real domain name lookups hidden inside the tunnel itself, and a small amount of decoy UDP traffic is added to make the connection's overall pattern look less distinct. The README, written in Russian, walks through the handshake step by step: a normal TCP connection opens on the chosen port, the client sends a TLS Client Hello naming the cover site, the server answers with that site's real certificate through REALITY, and only after that does the encrypted VLESS traffic begin flowing inside HTTP looking frames. The README also mentions a rule intended to avoid drawing attention through torrent style peer to peer traffic, and a timeout policy that keeps the connection's timing similar to ordinary browsing. The project is released under a permissive style MIT license.
A ready made Xray server configuration for the remnawave panel that disguises an encrypted VLESS tunnel as normal HTTPS browsing to get past network blocking.
Free to use, modify, and share, including commercially, as long as the copyright notice is kept.
Setup difficulty is rated moderate, with roughly 1h+ to a first successful run.
Mainly ops devops.
This repo across BitVibe Labs
Verify against the repo before relying on details.