Sing-box tun + charles 抓包

流程

app → sing-box → charles → sing-box → internet

flowchart TB
    subgraph Local ["Local System"]
        style Local fill:#e6f7ff,stroke:#1890ff
        App["App/Client"]
        style App fill:#d9f7be,stroke:#52c41a
    end

    subgraph SingBox ["sing-box"]
        style SingBox fill:#f9f0ff,stroke:#722ed1
        TunIn["tun-in</br>(172.19.0.1/28)"]
        style TunIn fill:#ffd6e7,stroke:#eb2f96
        MixedIn["mixed-in</br>(127.0.0.1:2334)"]
        style MixedIn fill:#ffd6e7,stroke:#eb2f96
        CharlesOut["charles</br>(socks5 outbound)"]
        style CharlesOut fill:#fff2e8,stroke:#fa8c16
        DirectOut["direct-out"]
        style DirectOut fill:#fff2e8,stroke:#fa8c16
    end

    subgraph Charles ["Charles"]
        style Charles fill:#f6ffed,stroke:#52c41a
        CharliesIn["Internal Proxy</br>(socks5://127.0.0.1:8889)"]
        style CharliesIn fill:#fffbe6,stroke:#faad14
        ExternalOut["External Proxy</br>(socks5://127.0.0.1:2334)"]
        style ExternalOut fill:#fffbe6,stroke:#faad14
    end

    subgraph Internet ["Internet"]
        style Internet fill:#e6f4ff,stroke:#1890ff
        RemoteServer["Remote Servers"]
        style RemoteServer fill:#f0f5ff,stroke:#2f54eb
    end

    App -->|Network Traffic| TunIn
    TunIn -->|Route Rule| CharlesOut
    CharlesOut -->|SOCKS5| CharliesIn
    CharliesIn -->|Inspection| ExternalOut
    ExternalOut -->|SOCKS5| MixedIn
    MixedIn -->|Route Rule| DirectOut
    DirectOut --> RemoteServer
    RemoteServer -->|Response| DirectOut
    DirectOut -->|Response| MixedIn
    MixedIn -->|Response| ExternalOut
    ExternalOut -->|Response| CharliesIn
    CharliesIn -->|Response| CharlesOut
    CharlesOut -->|Response| TunIn
    TunIn -->|Response| App

charles 设置

github1298×1920 216 KB

external proxy settings socks5://127.0.0.1:2334

proxy settings socks5://127.0.0.1:8889

sing-box 设置

{
  "log": {
    "level": "warn"
  },
  "dns": {
    "servers": [
      {
        "tag": "ali",
        "address": "223.5.5.5",
        "detour": "direct-out"
      }
    ],
    "rules": [
      {
        "outbound": "any",
        "server": "ali"
      },
      {
        "clash_mode": "direct",
        "server": "ali"
      }
    ],
    "disable_cache": false,
    "disable_expire": false,
    "independent_cache": true,
    "strategy": "ipv4_only",
    "final": "ali"
  },
  "inbounds": [
    {
      "type": "tun",
      "tag": "tun-in",
      "mtu": 9000,
      "stack": "system",
      "auto_route": true,
      "strict_route": true,
      "sniff": true,
      "sniff_override_destination": false,
      "address": ["172.19.0.1/28"]
    },
    {
      "type": "mixed",
      "tag": "mixed-in",
      "listen": "127.0.0.1",
      "listen_port": 2334,
      "sniff": true,
      "sniff_override_destination": false
    }
  ],
  "outbounds": [
    {
      "type": "direct",
      "tag": "direct-out"
    },
    {
      "type": "socks",
      "tag": "charles",
      "server": "127.0.0.1",
      "server_port": 8889
    }
  ],
  "route": {
    "rules": [
      {
        "protocol": "dns",
        "action": "hijack-dns"
      },
      {
        "inbound": "tun-in",
        "outbound": "charles"
      },
      {
        "inbound": "mixed-in",
        "outbound": "direct-out"
      },
      {
        "clash_mode": "direct",
        "outbound": "direct-out"
      }
    ],
    "auto_detect_interface": true,
    "final": "charles"
  },
  "experimental": {
    "cache_file": {
      "enabled": true
    },
    "clash_api": {
      "external_controller": "127.0.0.1:9090"
    }
  }
}

坑

使用 charles http 代理会卡在 DNS 解析，因为不支持 UDP，所以用socks5

Ref

没看太懂，app → sing-box → charles →不是应该到 internet吗？
怎么又app → sing-box → charles → 回到sing-box了呢？

多此一举啊 直接fd解决

你想，要实现 charles → sing-box ，就需要在 sing-box → charles的基础上，新找一个端口，将两者身份对调
上面的例子中就是用的 2334 端口

fd 在某些场景可能有局限性，比如下面的场景 或 同时科学上网和抓包的场景。所以最好还是根据你的需求选择方案

此话题已在最后回复的 30 天后被自动关闭。不再允许新回复。