# 5ď¸âŁ Misc VPN_MODE = true ; Use Android VPN (no root required) CONNECT_TIMEOUT = 30 ; Seconds before giving up RETRY_COUNT = 3 ; How many reconnection attempts
| Parameter | Why it matters | Recommended value | |-----------|----------------|-------------------| | Host | Must resolve to a reachable site (often www.google.com works) | www.google.com | | UserâAgent | Some carriers block âunknownâ agents | Use a recent Chrome/Firefox UA string | | Connection | keep-alive forces the carrier to keep the tunnel open | keep-alive | | | Must be CRLF ( \r\n ). The app inserts them automatically, but if you edit manually be careful. | â | Pro tip: If you experience âtunnel broken after 30 sâ, try adding X-Online-Host: <yourâvpsâhostname> or a Referer header. Different carriers react to different header combos. 4.4 Assemble the .conf File The HTTP Injector config format is simple key/value pairs (INIâstyle). Below is a minimal, fullyâfunctional example you can copy into a plainâtext editor (e.g., Jota Text Editor on Android) and save as myproxy.conf .
# ============================== # HTTP Injector â myproxy.conf # ============================== # 1ď¸âŁ Server (your VPS) HOST = your.vps.ip ; IP or hostname of your remote SSH server PORT = 22 ; SSH port (default 22 â change if you use 2222) http proxy injector config file download
GET http://www.google.com HTTP/1.1 Host: www.google.com User-Agent: Mozilla/5.0 (Linux; Android 10) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0 Mobile Safari/537.36 Connection: keep-alive
# 4ď¸âŁ Payload (HTTP request) PAYLOAD = GET http://www.google.com HTTP/1.1\r\nHost: www.google.com\r\nUser-Agent: Mozilla/5.0 (Linux; Android 10) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0 Mobile Safari/537.36\r\nConnection: keep-alive\r\n\r\n # 5ď¸âŁ Misc VPN_MODE = true ; Use
only needs dynamic forwarding, because the payload creates the tunnel and then hands traffic to the local SOCKS5 port. 4.3 Build the Payload The payload is an HTTP request that exploits carrierâside proxy behavior. The most common â HTTP GET â payload looks like:
# 3ď¸âŁ Proxy (SOCKS5) Settings SOCKS5 = 127.0.0.1 SOCKS5_PORT = 1080 Different carriers react to different header combos
A ( *.conf ) simply bundles all the above settings into one text file that the app can import with a single tap. 2ď¸âŁ Where Do Config Files Come From? | Source | Reliability | How to Verify | |--------|-------------|---------------| | Official Provider (your own VPS, a trusted friend, or a reputable paid service) | â â â â â | Check SSH key fingerprint, test connection manually ( ssh user@host -p PORT ). | | Free Public Lists (Telegram channels, GitHub repos) | â â âââ | Many are outdated, may contain malicious payloads, or expose your IP. Always inspect before use. | | SelfâGenerated (recommended) | â â â â â | You control every parameter; you can generate the payload with the appâs builtâin editor. | Bottom line: Never download a config file from an unknown source and run it blindly. Treat it like any other executable script. 3ď¸âŁ Prerequisites | Item | Minimum Requirement | |------|----------------------| | Android device | 5.0+ (Lollipop) â newer Android versions work better with the builtâin VPN service. | | HTTP Injector app | Latest version from Google Play ( com.proxy.httpinjector ) or FâDroid. | | Remote server | Linux VPS (Ubuntu/Debian/CentOS) with OpenSSH (⼠7.x) and a static IP or dynamicâDNS hostname. | | SSH credentials | Username + password or publicâkey authentication (highly recommended). | | Root (optional) | Not required for the appâs VPN mode; root is only needed if you want systemâwide proxy redirection via iptables. | | Internet connection | Mobile data or WiâFi (the one you intend to tunnel). | 4ď¸âŁ Generating a Config File from Scratch Below is a stepâbyâstep workflow that ends with a readyâtoâimport myproxy.conf file. 4.1 Set Up the Remote Server # 1ď¸âŁ Create a nonâroot user for the tunnel (e.g., tunneluser) adduser tunneluser # 2ď¸âŁ Add the user to /etc/ssh/sshd_config if you want to disable password logins mkdir -p /home/tunneluser/.ssh chmod 700 /home/tunneluser/.ssh # 3ď¸âŁ Paste your public key (recommended) echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAA..." > /home/tunneluser/.ssh/authorized_keys chmod 600 /home/tunneluser/.ssh/authorized_keys # 4ď¸âŁ Restrict the user to port forwarding only (optional but safer) echo "Match User tunneluser" >> /etc/ssh/sshd_config echo " AllowTcpForwarding yes" >> /etc/ssh/sshd_config echo " X11Forwarding no" >> /etc/ssh/sshd_config echo " PermitTunnel yes" >> /etc/ssh/sshd_config echo " ForceCommand echo 'This account may only be used for port forwarding.'" >> /etc/ssh/sshd_config systemctl restart sshd Result: A clean SSH endpoint that only allows port forwarding. 4.2 Choose a PortâForward Scheme | Scheme | Typical Use | Example | |--------|-------------|---------| | Dynamic (SOCKS5) | Apps that support SOCKS proxy (e.g., browsers) | ssh -D 1080 tunneluser@your.vps.ip -p 22 | | LocalâPort Forward | Forward a specific port (e.g., 8080 â 80) | ssh -L 8080:google.com:80 tunneluser@your.vps.ip | | RemoteâPort Forward | Expose a service on the phone to the Internet (rare for mobile) | ssh -R 9000:127.0.0.1:80 tunneluser@your.vps.ip |