NaiveProxy for iOS and macOS: Free Client and One-Command Server
Developer ZonD80 has released an open-source NaiveProxy client for Apple devices, solving the issue of stable access to the global internet. The solution includes a cross-platform client with intuitive setup and a server script that deploys with a single command. The architecture mimics standard HTTPS traffic, minimizing the risk of blocking by DPI systems.
Why NaiveProxy Beats Traditional Solutions
Classic VPN protocols (WireGuard, OpenVPN) are easily detected by filtering systems due to their distinctive traffic patterns. NaiveProxy takes a different approach: the tunnel fully mimics the behavior of the Chromium browser during HTTPS connections. This is achieved through:
- Integration with a network stack close to a real browser
- Use of standard TLS handshakes without anomalies
- Masking as legitimate web traffic via Caddy with forwardproxy
Unlike VLESS, which has become a target for mass blocks due to its popularity, NaiveProxy remains less noticeable. Shadowsocks often suffers from DPI analysis due to its specific traffic profile. The key advantage of NaiveProxy is the balance between effective circumvention of filtering and minimal load on the user's device.
Tunnel Architecture: How HTTPS Mimicry Works
The technical foundation of the solution is the sing-box Libbox library, implementing Packet Tunnel for iOS/macOS. The server side is built on Caddy with the forwardproxy plugin in naive mode. Upon connection, the client generates traffic identical to Chrome's requests to an HTTPS resource:
- Establishing a TLS connection with parameters typical for current Chromium versions
- Data transfer via HTTP CONNECT without non-standard headers
- Dynamic adaptation to the target site's behavior
This method creates a fundamental difference from classic proxies: the traffic doesn't stand out against legitimate web surfing. Even with deep packet inspection (DPI), the filtering system can't reliably distinguish the tunnel from a regular site visit. Importantly, the solution is not a layer-2 VPN—it's a proxy tunnel that intercepts all system traffic via the Packet Tunnel mechanism.
Server Deployment: Step-by-Step Guide
The server side is automated with the start_server.sh script, compatible with Ubuntu, Debian, and Alpine. The installation process takes 2 minutes and includes:
- Generating an SSL certificate via Let’s Encrypt
- Setting up Caddy with forwardproxy
- Creating a share link and QR code for importing into the client
To deploy, run in the terminal:
mkdir -p ~/naive-server && cd ~/naive-server
wget -O start_server.sh "https://raw.githubusercontent.com/ZonD80/naivetools/main/server/start\_server.sh"
chmod +x start_server.sh
screen -S naive-caddy
sudo ./start_server.sh
The script will prompt for the domain, email for Let’s Encrypt, and proxy credentials. After completion, you'll have a ready-to-use infrastructure with automatic certificate renewal. Tested on cheap VPS hosts—minimal resource requirements.
Apple Client: Implementation Features
The iOS/macOS client uses a native Packet Tunnel implementation based on sing-box Libbox. Key features:
- Support for importing configuration via QR code or link
- Full compatibility with Shadowrocket and Exclave (Android)
- Always-on mode with automatic reconnection
- Minimal power consumption due to optimized traffic
The app is undergoing App Store moderation; the current version is available via TestFlight and AppDB. The source code is open under the MIT license on GitHub (naivetools). For Android, Exclave with the Naïve plugin is recommended—the configuration is fully identical.
Key Points
- Zero setup complexity: end users just need to scan a QR code
- DPI resistance: traffic indistinguishable from regular HTTPS browsing
- Minimal dependencies: server requires only a basic Linux system
- Cross-platform: configuration works on iOS, macOS, Android
- Openness: full code transparency without proprietary components
The solution is ideal for those who value the balance between security and simplicity. Unlike 'boxed' solutions, there are no hidden dependencies or unnecessary abstractions here—just the essential functionality.
Call to the Community
The project is in its early stages but already in production use. The author calls on the community to participate:
- Testing on networks of different operators and in various regions
- Pull requests to improve UX and stability
- Feedback on critical usage scenarios
Data on performance under aggressive filtering is of particular interest. Anyone interested can support the project via GitHub or donations. Important: comply with the laws of your country when setting up tunnels.
— Editorial Team
No comments yet.