v0.3.0: SOCKS5 listener + smart TLS/HTTP/plain-TCP dispatch

Ports the SOCKS5 + fallback-chain design from @masterking32's
MasterHTTP-WithSOCKS branch so xray / Telegram / app-level TCP
clients work through this proxy.

Changes:
- New SOCKS5 listener on listen_port+1 (configurable via socks5_port)
  - RFC 1928 CONNECT handshake (v5, no-auth, ATYP IPv4/domain/IPv6)
  - Shared smart dispatch with the HTTP-CONNECT path
- Unified dispatch_tunnel() used by both CONNECT entry points:
  1. If host matches SNI-rewrite suffix or hosts override: go direct
     to google_ip via the MITM+TLS tunnel (fast path for google.com,
     youtube, etc.)
  2. Peek the first byte (300ms timeout for server-first protocols):
     - 0x16: TLS client hello -> MITM + relay via Apps Script (scheme=https)
     - HTTP method signature: HTTP relay via Apps Script (scheme=http)
     - Anything else or timeout: plain TCP passthrough to the target
- handle_mitm_request() now takes a scheme arg (http/https) so the
  same code path handles both MITM'd HTTPS and port-80 plain HTTP
- New plain_tcp_passthrough helper: bidirectional TCP bridge used as
  the final fallback (covers MTProto / raw TCP / server-first protos)

Config:
- Added optional socks5_port field; defaults to listen_port+1

README:
- Added browser vs xray/Telegram instructions under 'Step 6'

Live-tested: HTTP proxy, HTTP proxy -> HTTPS, SOCKS5 -> HTTP,
SOCKS5 -> HTTPS, Google search via SNI-tunnel (now returns full
JS page) all pass.

Author: therealaleph

.DS_Store

@@ -1,6 +1,6 @@
 [package]
 name = "mhrv-rs"
-version = "0.2.2"
+version = "0.3.0"
 edition = "2021"
 description = "Rust port of MasterHttpRelayVPN -- DPI bypass via Google Apps Script relay with domain fronting"
 license = "MIT"

Cargo.lock

@@ -98,14 +98,21 @@ mhrv-rs.exe --config config.json    # Windows
 - **`mhrv-rs test`** — send one request through the relay and report success/timing. Useful when setting up or debugging. Does not need the proxy to be running.
 - **`mhrv-rs scan-ips`** — parallel TLS probe of known Google frontend IPs, sorted by latency. Swap the winning IP into your `google_ip` config field for best performance.
 
-### Step 6: Point your browser at the proxy
+### Step 6: Point your client at the proxy
 
-Configure your browser to use HTTP proxy `127.0.0.1:8085`.
+The tool listens on **two** ports:
+- **HTTP proxy** on `listen_port` (default `8085`) — for browsers / any HTTP-aware client
+- **SOCKS5 proxy** on `socks5_port` (default `listen_port + 1`, i.e. `8086`) — for xray / Telegram / app-level clients
 
-- **Firefox**: Settings → Network Settings → Manual proxy → enter for HTTP, check "Also use this proxy for HTTPS"
-- **Chrome/Edge**: System proxy settings, or use SwitchyOmega extension
+**Browser (HTTP proxy):**
+- **Firefox**: Settings → Network Settings → Manual proxy → HTTP `127.0.0.1:8085`, check "Also use this proxy for HTTPS"
+- **Chrome/Edge**: System proxy settings, or SwitchyOmega
 - **macOS system-wide**: System Settings → Network → Wi-Fi → Details → Proxies → Web + Secure Web Proxy
 
+**xray / Telegram (SOCKS5):**
+- Point the SOCKS5 setting at `127.0.0.1:8086`, no auth.
+- Non-HTTP protocols (MTProto, raw TCP) fall back to plain-TCP passthrough automatically.
+
 ## What's implemented vs not
 
 This port focuses on the **`apps_script` mode** which is the only one that reliably works in 2026. Implemented:

Cargo.toml

@@ -6,6 +6,7 @@
   "auth_key": "CHANGE_ME_TO_A_STRONG_SECRET",
   "listen_host": "127.0.0.1",
   "listen_port": 8085,
+  "socks5_port": 8086,
   "log_level": "info",
   "verify_ssl": true,
   "hosts": {}

README.md

@@ -44,6 +44,8 @@ pub struct Config {
     pub listen_host: String,
     #[serde(default = "default_listen_port")]
     pub listen_port: u16,
+    #[serde(default)]
+    pub socks5_port: Option<u16>,
     #[serde(default = "default_log_level")]
     pub log_level: String,
     #[serde(default = "default_verify_ssl")]

config.example.json

@@ -176,7 +176,10 @@ async fn main() -> ExitCode {
         Command::Serve => {}
     }
 
+    let socks5_port = config.socks5_port.unwrap_or(config.listen_port + 1);
     tracing::warn!("mhrv-rs {} starting (mode: apps_script)", VERSION);
+    tracing::info!("HTTP proxy   : {}:{}", config.listen_host, config.listen_port);
+    tracing::info!("SOCKS5 proxy : {}:{}", config.listen_host, socks5_port);
     tracing::info!(
         "Apps Script relay: SNI={} -> script.google.com (via {})",
         config.front_domain,