sni-spoofing-scanner

This tool scans a list of proxy configurations to find which ones work with a censorship-circumvention technique called SNI spoofing. SNI stands for Server Name Indication, a piece of information sent at the start of a TLS connection that identifies which website a client wants to reach. Some network filtering systems use SNI to block or monitor connections, and SNI spoofing is a method of substituting a different, allowed domain name in that field so the connection is not blocked.

The scanner takes a text file containing proxy configs in two formats, trojan and vless, and tests each one to see whether it functions when routed through an SNI spoofing layer. It works alongside a separate companion program called SNI-Spoofing, which must be running first. For each config in the input file, the scanner rewrites the connection target to use the spoofed address, tests it a configurable number of times using the Xray network proxy core, and records the configs that pass into a separate output file.

Setup involves downloading the companion SNI-Spoofing tool, copying a sample configuration file, adding your proxy configs to a text file (one per line), and then running the scanner. The configuration file lets you adjust the address and port to match what the companion tool is using, and the number of test pings per config.

The project is written in Go, can be built from source using standard Go commands, and is released under the MIT License. A Persian-language version of the README is also included.