quantumult_20230206.conf

# Sample Quantumult Configuration
#
# Line started with ";" or "#" or "//" shall be comments.
# 以 ";" 或 "#" 或 "//" 开头的行为注释行。
#
# SS-URI scheme can be found at https://shadowsocks.org/en/spec/SIP002-URI-Scheme.html
#
# Quantumult uses HEAD method send HTTP request to the server_check_url to test the proxy's status, the results should be two latencies, the first one is TCP handshake to the proxy server, the second one is the HTTP latency(The duration between Quantumult successfully received the HTTP response from the server_check_url and Quantumult start sending the HTTP request to the server_check_url). The lightning icon means that the TCP fast open is successful. If the server in section [server_local] or section [server_remote] has its own server_check_url, its own server_check_url will be used instead of the server_check_url in section [general].
#
# Quantumult 使用 HTTP HEAD 方法对测试网址 server_check_url 进行网页响应性测试（测试结果为通过该节点访问此网页的 HTTP 延迟, 即 HTTP 响应时间与 HTTP 请求发起时间的差值），来确认节点的可用性。
# Quantumult 界面中的延迟测试方式均为网页响应性测试，显示的最终延迟均为通过对应节点访问测试网页的 HTTP 延迟。
# 由于 Trojan 协议为无响应校验协议，使得 HTTP 检测方式即使获得了 HTTP 响应，也不代表节点一定可用。
#
# The dns_exclusion_list contains the domains that disabled the placeholder IP(198.18.0.0/15) mapping mechanism. Domains that are not in the dns_exclusion_list have the placeholder IP mapping mechanism enabled and have the so called "resolve-on-remote" effect. The DNS query for domains in the dns_exclusion_list may or may not follow the settings in [dns] section.
#
# The udp_whitelist contains the destination UDP port, empty means all the ports are in udp_whitelist. UDP packets(through Quantumult tunnel interface) with destination ports that are not in the udp_whitelist will be dropped and the ICMP(port unreachable) messages will be sent back. This setting has nothing to do with the filter rules or policies and has nothing to do with the proxy(server) port either.

# The udp_drop_list contains the destination UDP port, the mechanism is similar to the udp_whitelist dropping the UDP packets, but will not send back the ICMP messages. Only UDP packets allowed by udp_whitelist can be caught by the udp_drop_list.
#
# The traffic to excluded_routes will not be handled by Quantumult. It is better to reboot your device after modification.
#
# By default("loopback") when a domain rejected at DNS level the loopback IP response will be returned, you can change this behavior by setting dns_reject_domain_behavior to "no-error-no-answer" or "nxdomain" or "none". This will change the behavior to responding with NOERROR NOANSWER response or responding with NXDOMAIN response or none to disable the DNS level rejection feature. If you change the rejected domain to non-rejected(by changing configuration, filter or policy), it may take at most 10 seconds to take effect(TTL 10).
#
# The resource_parser_url sample can be found at https://raw.githubusercontent.com/crossutility/Quantumult-X/master/resource-parser.js

# The server_check_timeout value will only be considered if it less than or equal to 5000 (milliseconds). This value is compared with the total duration of the checking process including the DNS query, TCP handshake, TLS handshake and the application layer HTTP session duration, so the total duration may significantly longer than the "TCP handshake" and the "HTTP session duration".

[general]
resource_parser_url=https://raw.githubusercontent.com/KOP-XIAO/QuantumultX/master/Scripts/resource-parser.js
;profile_img_url =http://www.example.com/example.png
;resource_parser_url =http://www.example.com/parser.js
;network_check_url =http://bing.com
;server_check_url =http://www.google.com/generate_204
;server_check_user_agent = Agent/1.0
;server_check_timeout = 5000
;doh_user_agent = Agent/1.0
;geo_location_checker = http://www.example.com/json/, https://www.example.com/script.js
;running_mode_trigger = filter, filter, LINK_22E171:all_proxy, LINK_22E172:all_direct
dns_exclusion_list = *.cmpassport.com, *.jegotrip.com.cn, *.icitymobile.mobi, id6.me
;dns_reject_domain_behavior = loopback
;ssid_suspended_list = LINK_22E174, LINK_22E175
;udp_whitelist = 53, 123, 1900, 80-443
;udp_drop_list = 1900, 80
;excluded_routes = 192.168.0.0/16, 172.16.0.0/12, 100.64.0.0/10, 10.0.0.0/8
;icmp_auto_reply = true

#
# The DNS servers fetched from current network(system) will always be used for better performance(you can disable this feature by using "no-system", but you should at least add one customized DNS server like "server=223.5.5.5").
# When no-ipv6 is set, the DNS module of Quantumult X Tunnel will directly let the AAAA query fail but still allow the A query from IPv6 DNS servers.
# The result of query will only be used for evaluating filter or connecting through direct policy, when connecting through server the result will not be used and Quantumult will never know the destination IP of related domain.
# When prefer-doh3 is set, the DoH query will try DNS over HTTP3, if it fails then the query connection will fallback to the HTTP2. Since the multiplexing are supported by HTTP/2 and HTTP/3 connections, when you change this setting, it might not take effect immediately but you can reconnect the Quantumult X Tunnel or manually change your network environment to let it take effect immediately.
# When doh-server (DNS over HTTPS) or doq-server (DNS over QUIC) is set, system and all other non-encrypted regular(no specific domains are bond to it) servers will be ignored. The default port for DoQ is 853, if there is a mutual agreement to use another port like 456 for your DoQ, you can set it as quic://dns.example.com:456
# Multiple(concurrent query) doq-server(s) or doh-server(s) should be configured in one line and the URLs should be separated by comma. When both doq-server(s) and doh-server(s) are set, the query will be sent to all of the servers simultaneously.
# If the iOS version is < iOS 13.0, the max number of doh-servers will be limited to 1. If the iOS version is < iOS 15.0, the max number of doh-servers will be limited to 2.
# Specially directly set 127.0.0.1 for a domain is not allowed in here. if you want some domain(eg: example.com) to be 127.0.0.1, just add "host, example.com, reject" to the "filter_local" section. The reject action will return DNS response with 127.0.0.1 to the query.
#
# The circumvent-ipv4-answer and circumvent-ipv6-answer are related to upstream DNS. If the A or AAAA result(IP) from upstream is matched by this field, the result will be ignored and marked as failed. If multiple queries sent to different upstream DNS servers, and the first responded upstream result is matched by this field, Quantumult X Tunnel DNS module will wait for other upstream servers' results.
# The ? and * can be used in circumvent-ipv4-answer and circumvent-ipv6-answer.
# If you are using ads related upstream DNS, please leave circumvent-ipv4-answer and circumvent-ipv6-answer empty.
#
[dns]
;circumvent-ipv4-answer = 127.0.0.1, 0.0.0.0
;circumvent-ipv6-answer = ::
;prefer-doh3
;no-system
no-ipv6
server = 223.5.5.5
server = 114.114.114.114
server = 119.29.29.29
server = 8.8.8.8
;doq-server = quic://dns.adguard.com
;doq-server = quic://dns1.example.com, quic://dns2.example.com
;doq-server = quic://dns.adguard.com, excluded_ssids=SSID1
;doq-server = quic://dns.adguard.com, included_ssids=SSID2
;doh-server = https://dns.alidns.com/dns-query
;doh-server = https://exmaple1.com/dns-query, https://exmaple2.com/dns-query
;doh-server = https://223.6.6.6/dns-query, excluded_ssids=SSID1
;doh-server = https://223.5.5.5/dns-query, included_ssids=SSID2
;server = 8.8.8.8:53, excluded_ssids=SSID1
;server = 8.8.4.4:53, included_ssids=SSID2
;server = /example0.com/system
;server = /example1.com/8.8.4.4
;server = /*.example2.com/223.5.5.5
;doh-server = /*.example3.com/https://doh.pub/dns-query, excluded_ssids=SSID2
;doq-server = /*.example4.com/quic://dns.adguard.com, excluded_ssids=SSID3
;server = /example4.com/[2001:4860:4860::8888]:53
;address = /example5.com/192.168.16.18
;address = /example6.com/[2001:8d3:8d3:8d3:8d3:8d3:8d3:8d3]
;alias = /example7.com/another-example.com

#
# static policy points to the server in candidates you manually selected.
# available policy points to the first available server in candidates based on server_check_url(concurrent url latency test will be immediately launched when the policy has been triggered and the policy result is unavailable. If no network request is taking the policy at that time, that means the policy is in the idle state and the test won't be launched even if the server is down. At that time you can update the server status by manually launching the test, but it doesn't make any sense).
# round-robin policy points to the next server in candidates for next connection.
# dest-hash policy points to the server according to hash function that uses the destination address (domain or IP) as input. This policy is particularly useful for use cases that require session persistence. Adding or removing servers from the policy may change the results.
# url-latency-benchmark policy points to the server with the best (the param tolerance ms will be considered) url latency result. When the user starts the url test in Quantumult X container app manually, the policy result will also be updated. This type policy has a param called check-interval (seconds), if this policy has been activated by any request then the interval will be considered. If the alive-checking is true, then even the policy is in the idle state the interval will still be considered and the benchmark will be launched.
# ssid policy points to the server depending on the network environment.
# Param resource-tag-regex and server-tag-regex only work for static, available and round-robin type of polices.
#
[policy]
static=自选节点, 优选节点, 香港负载组, 海外节点, img-url=https://raw.githubusercontent.com/Koolson/Qure/master/IconSet/Color/Available.png
static=海外节点, server-tag-regex=^(.*), img-url=https://raw.githubusercontent.com/crossutility/Quantumult-X/master/icon-samples/us.PNG
round-robin=香港负载组, server-tag-regex=^(.*香港), img-url=https://raw.githubusercontent.com/Koolson/Qure/master/IconSet/Color/HK.png
url-latency-benchmark=优选节点, server-tag-regex=^(?!.*iGG), check-interval=600, tolerance=0, alive-checking=false, img-url=https://raw.githubusercontent.com/Koolson/Qure/master/IconSet/Color/Available.png
# 其中港台番剧策略组对应的分流规则默认处于关闭状态，如需使用请在 分流-引用 中开启。
static=海外服务, proxy, img-url=https://qxnav.com/rules/QuantumultX/img/Global.png
static=地理位置, 大陆服务, 自选节点, img-url=https://qxnav.com/rules/QuantumultX/img/localtion.png
url-latency-benchmark=香港节点, server-tag-regex=^(.*香港), check-interval=600, tolerance=0, alive-checking=false, img-url=https://raw.githubusercontent.com/crossutility/Quantumult-X/master/icon-samples/cn.PNG
static=TikTok, proxy, 自选节点, 香港节点, img-url=https://raw.githubusercontent.com/Koolson/Qure/master/IconSet/Color/TikTok_2.png
static=大陆服务, direct, 自选节点, img-url=https://raw.githubusercontent.com/Koolson/Qure/master/IconSet/Color/CN.png
static=广告屏蔽, reject, img-url=https://qxnav.com/rules/QuantumultX/img/Adblock.png
static=港台番剧, 大陆服务, 自选节点, img-url=https://qxnav.com/rules/QuantumultX/img/StreamingSE.png

#如果需要分地区节点使用，去掉下面相关地区前面的 # 即可
url-latency-benchmark=Google, server-tag-regex=.*, check-interval=600, tolerance=0, alive-checking=false, img-url=https://raw.githubusercontent.com/Koolson/Qure/master/IconSet/Color/Google.png
#url-latency-benchmark=台湾, server-tag-regex=(?=.*(台|TW|(?i)Taiwan))^((?!(港|日|韩|新|美)).)*$, check-interval=600, tolerance=0, img-url=https://qxnav.com/rules/QuantumultX/img/TW.png
#url-latency-benchmark=日本, server-tag-regex=(?=.*(日|JP|(?i)Japan))^((?!(港|台|韩|新|美)).)*$, check-interval=600, tolerance=0, img-url=https://qxnav.com/rules/QuantumultX/img/JP.png
#url-latency-benchmark=美国, server-tag-regex=(?=.*(美|US|(?i)States|American))^((?!(港|台|日|韩|新)).)*$, check-interval=600, tolerance=0, img-url=https://qxnav.com/rules/QuantumultX/img/US.png


;static = policy-name-1, Sample-A, Sample-B, Sample-C, img-url=http://example.com/icon.png
;available = policy-name-2, Sample-A, Sample-B, Sample-C
;round-robin = policy-name-3, Sample-A, Sample-B, Sample-C
;ssid = policy-name-4, Sample-A, Sample-B, LINK_22E171:Sample-B, LINK_22E172:Sample-C
;static = policy-name-5, resource-tag-regex=^sample, server-tag-regex=^example, img-url=http://example.com/icon.png
;available = policy-name-6, resource-tag-regex=^sample, server-tag-regex=^example
;round-robin = policy-name-7, resource-tag-regex=^sample, server-tag-regex=^example
;dest-hash = policy-name-8, resource-tag-regex=^sample, server-tag-regex=^example
;url-latency-benchmark = policy-name-9, resource-tag-regex=^sample, server-tag-regex=^example, check-interval=600, alive-checking=false, tolerance=0

#
# Params "tag" and "enabled" are optional.
# The default sync interval for all kinds of remote resources is 86400 seconds.
# You can set update-interval=172800 to customize your auto sync interval(seconds), negative number means disable auto sync.
# If the require-devices is set, this line of configuration will only be loaded when current Quantumult device ID belongs to the require-devices. The Quantumult device ID can be found in "Settings - Misc Settings - About".
#
[server_remote]
https://apiv2.pptiok2020.com/apiv2/tncjkuleessgxjm2?sub=2&extend=1, tag=闪电猫, update-interval=172800, opt-parser=false, enabled=true
https://feed.iggapis.net/c/b945843d-7481-4c4c-aebc-eea30caa94ca, tag=IGG, update-interval=172800, opt-parser=true, enabled=true
https://dy.zou666.xyz/api/v1/client/subscribe?token=a810a2347a2d91c8dc7954db77bf5214, tag=zou, update-interval=172800, opt-parser=true, enabled=true
;https://raw.githubusercontent.com/crossutility/Quantumult-X/master/server.snippet, tag=Sample-01
;https://raw.githubusercontent.com/crossutility/Quantumult-X/master/server.snippet, opt-parser=true, tag=Sample-01
;https://raw.githubusercontent.com/crossutility/Quantumult-X/master/server.snippet, update-interval=-1, tag=Sample-01
;https://raw.githubusercontent.com/crossutility/Quantumult-X/master/server-complete.snippet, tag=Sample-02, as-policy=static, img-url=http://example.com/icon.png, enabled=false
;https://example.com/server.snippet, tag=Sample-03, img-url=http://example.com/icon.png, require-devices=ID1, ID2, enabled=false

#
# Params "tag", "force-policy" and "enabled" are optional.
# When there is a force-policy, then the policy in filter of remote resource will be ignored and the force-policy will be used.
#
[filter_remote]
https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/QuantumultX/YouTube/YouTube.list, tag=YouTube, force-policy=自选节点, update-interval=604800, opt-parser=false, enabled=true
https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/QuantumultX/Twitter/Twitter.list, tag=Twitter, force-policy=自选节点, update-interval=604800, opt-parser=false, enabled=true
https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/QuantumultX/Telegram/Telegram.list, tag=Telegram, force-policy=自选节点, update-interval=604800, opt-parser=false, enabled=true
https://limbopro.com/Adblock4limbo.list, tag=去广告, update-interval=172800, opt-parser=false, enabled=true
https://github.com/sve1r/Rules-For-Quantumult-X/blob/develop/Rules/Region/ChinaASN.list, tag=ChinaASN, force-policy=direct, update-interval=172800, opt-parser=true, enabled=true
https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/QuantumultX/Global/Global.list, tag=Global, force-policy=自选节点, update-interval=172800, opt-parser=true, enabled=true
https://github.com/sve1r/Rules-For-Quantumult-X/blob/develop/Rules/Region/China.list, tag=China, force-policy=direct, update-interval=172800, opt-parser=true, enabled=true
FILTER_LAN, tag=LAN, force-policy=direct, enabled=true
FILTER_REGION, tag=CN, force-policy=direct, enabled=true
https://raw.githubusercontent.com/Semporia/TikTok-Unlock/master/Quantumult-X/TikTok.list, tag=TikTok, force-policy=TikTok, update-interval=86400, opt-parser=false, enabled=true
;https://raw.githubusercontent.com/crossutility/Quantumult-X/master/filter.snippet, tag=Sample, force-policy=your-policy-name, enabled=true
;https://example.com/filter.snippet, tag=Sample, force-policy=your-policy-name, require-devices=ID1, ID2, enabled=true

#
# Params "tag" and "enabled" are optional.
#
[rewrite_remote]
https://raw.githubusercontent.com/app2smile/rules/master/module/youtube-qx.conf, tag=瀑布流广告Youtube, update-interval=172800, opt-parser=false, enabled=true
https://limbopro.com/Adblock4limbo.conf, tag=去广告, update-interval=172800, opt-parser=false, enabled=true
https://raw.githubusercontent.com/Peng-YM/Sub-Store/master/config/QX.snippet, tag=Sub-Store, update-interval=172800, opt-parser=false, enabled=true
https://raw.githubusercontent.com/DivineEngine/Profiles/master/Quantumult/Rewrite/Block/YouTubeAds.conf, tag=Youtube去广告, update-interval=172800, opt-parser=false, enabled=true
;https://raw.githubusercontent.com/Semporia/TikTok-Unlock/master/Quantumult-X/TikTok-KR.conf, tag=TikTok, update-interval=86400, opt-parser=false, enabled=true
;https://raw.githubusercontent.com/crossutility/Quantumult-X/master/sample-import-rewrite.snippet, tag=Sample, enabled=true
;https://example.com/rewrite.snippet, tag=Sample, require-devices=ID1, ID2, enabled=true

#
# Only obfs=http, obfs=ws, obfs=wss can have optional "obfs-uri" field.
# The obfs-host param in wss will be used for TLS handshake and for HTTP header host field, if obfs-host is not set for wss the server address will be used.
# When using obfs=ws and obfs=wss the server side can be deployed by v2ray-plugin with mux = 0 or by v2ray-core or the trojan-go.
# It is worth noting that the udp-over-tcp for shadowsocks is only supported by the server deployed with shadowsocksr python version, other versions only support the UDP relay itself. If you are combing udp-relay and udp-over-tcp for shadowsocks you must be sure your server is deployed with shadowsocksr python version.
# It is worth noting that the obfs=tls is different from the obfs=over-tls. The obfs=tls is the obfuscation plugin related to shadowsocks project, it is just an obfuscation of the TLS protocol. The obfs=over-tls is the TLS protocol. Quantumult X supports both of them for shadowsocks.
# The obfs plugin tls1.2_ticket_auth has one more RTT than tls1.2_ticket_fastauth and obfs tls, you'd better use tls1.2_ticket_fastauth instead.
# The method chacha20-ietf-poly1305 and chacha20-poly1305 have the same effect in VMess configuration.
# The tls-cert-sha256 or tls-pubkey-sha256 used for SSL pinning can be generated by openssl using below commands:
# openssl x509 -noout -fingerprint -sha256 -inform pem -in your-cert.pem
# openssl x509 -inform pem -pubkey -noout < your-cert.pem | openssl pkey -pubin -outform der | openssl dgst -sha256
# If the tls-verification is false then the tls-cert-sha256 and tls-pubkey-sha256 will be ignored.
# If the tls-pubkey-sha256 is set then the tls-cert-sha256 will be ignored.
# The optional tls-alpn for TLS is hex format of the ALPN extension content, eg: "02:68:32:08:68:74:74:70:2f:31:2e:31" or "02683208687474702f312e31" represents ALPN "h2" and "http/1.1" ({2, 'h', '2', 8, 'h', 't', 't', 'p', '/', '1', '.', '1'})
# The tls-no-session-ticket param for TLS is optional, this is only for special use cases. By default session ticket is enabled (tls-no-session-ticket=false). If you want to disable sessioin ticket just set tls-no-session-ticket=true, keep in mind that the session may still be reused from session ID for new connection if server supports it.
# The tls-no-session-reuse param for TLS is optional, this is only for special use cases. By default session reuse is enabled (tls-no-session-reuse=false). If you want to disable sessioin reuse just set tls-no-session-reuse=true, this will force Quantumult X perform a full TLS handshake for every new connection.
# The tls13 param has been deprecated (deprecated since v1.0.26), and TLS version 1.3 is always supported no matter what you set.
# The obfs=http for shadowsocks protocol follows the shadowsocks project's simple-obfs plugin. The obfs=http for VMess protocol follows V2Ray's implementation. These 2 obfuscations are totally different. Sometimes to comply with your special server settings (「shadowsocks」 + 「http obfuscation of VMess」 or 「VMess」 + 「http obfuscation of shadowsocks」. The latter rarely happens, and the former happens when the server side deployed by V2Ray (or similar programs) with shadowsocks protocol and V2Ray built-in http obfuscation), you may set obfs=vemss-http for shadowsocks protocol, or obfs=shadowsocks-http for vmess protocol.
#
[server_local]
shadowsocks=103.193.150.124:39376, method=aes-256-gcm, password=nook1314520, fast-open=false, udp-relay=false, tag=ip_ss_103.193.150.124

;shadowsocks=example.com:80, method=chacha20, password=pwd, obfs=http, obfs-host=bing.com, obfs-uri=/resource/file, fast-open=false, udp-relay=false, server_check_url=http://www.apple.com/generate_204, tag=ss-obfs-http-01
;shadowsocks=example.com:80, method=chacha20, password=pwd, obfs=http, obfs-host=bing.com, obfs-uri=/resource/file, fast-open=false, udp-relay=false, tag=ss-obfs-http-02
;shadowsocks=example.com:443, method=chacha20, password=pwd, obfs=tls, obfs-host=bing.com, fast-open=false, udp-relay=false, tag=ss-obfs-tls-01
;shadowsocks=example.com:443, method=chacha20, password=pwd, obfs=over-tls, obfs-host=bing.com, tls-verification=true, tls-cert-sha256=b0088370d6c8e02d6e38c443abf81be2aaf1e18f00435aaf0b39852c338f7aaa, fast-open=false, udp-relay=false, tag=ss-tls-01
;shadowsocks=example.com:443, method=chacha20, password=pwd, obfs=over-tls, obfs-host=bing.com, tls-verification=true, tls-pubkey-sha256=eb5ec6684564fd0d04975903ed75342d1b9fdc2096ea54b4cf8caf4740f4ae25, fast-open=false, udp-relay=false, tag=ss-tls-02
;shadowsocks=example.com:443, method=chacha20, password=pwd, obfs=over-tls, obfs-host=bing.com, tls-verification=true, tls-pubkey-sha256=eb5ec6684564fd0d04975903ed75342d1b9fdc2096ea54b4cf8caf4740f4ae25, tls-alpn=02683208687474702f312e31, fast-open=false, udp-relay=false, tag=ss-tls-03
;shadowsocks=example.com:443, method=chacha20, password=pwd, ssr-protocol=auth_chain_b, ssr-protocol-param=def, obfs=tls1.2_ticket_fastauth, obfs-host=bing.com, tag=ssr
;shadowsocks=example.com:80, method=aes-128-gcm, password=pwd, obfs=ws, fast-open=false, udp-relay=false, tag=ss-ws-01
;shadowsocks=example.com:80, method=aes-128-gcm, password=pwd, obfs=ws, obfs-uri=/ws, fast-open=false, udp-relay=false, tag=ss-ws-02
;shadowsocks=example.com:443, method=aes-128-gcm, password=pwd, obfs=wss, obfs-uri=/ws, fast-open=false, udp-relay=false, tag=ss-ws-tls-01
;shadowsocks=example.com:443, method=aes-128-gcm, password=pwd, obfs=wss, obfs-uri=/ws, tls13=true, fast-open=false, udp-relay=false, tag=ss-ws-tls-02
;shadowsocks=example.com:80, method=chacha20, password=pwd, fast-open=false, udp-relay=true, udp-over-tcp=true, tag=ss-udp-over-tcp
#
# To disable aead header for vmess, just set aead=false, the default value is true. If your server(V2Ray) version is less than v4.28 please set aead=false
;vmess=example.com:80, method=none, password=23ad6b10-8d1a-40f7-8ad0-e3e35cd32291, fast-open=false, udp-relay=false, tag=vmess-01
;vmess=example.com:80, method=aes-128-gcm, password=23ad6b10-8d1a-40f7-8ad0-e3e35cd32291, fast-open=false, udp-relay=false, aead=false, tag=vmess-02
;vmess=example.com:443, method=none, password=23ad6b10-8d1a-40f7-8ad0-e3e35cd32291, obfs=over-tls, fast-open=false, udp-relay=false, tag=vmess-tls-01
;vmess=example.com:80, method=chacha20-poly1305, password=23ad6b10-8d1a-40f7-8ad0-e3e35cd32291, obfs=http, obfs-host=bing.com, obfs-uri=/resource/file, fast-open=false, udp-relay=false, server_check_url=http://www.apple.com/generate_204, tag=vmess-http
;vmess=192.168.1.1:443, method=none, password=23ad6b10-8d1a-40f7-8ad0-e3e35cd32291, obfs=over-tls, obfs-host=example.com, fast-open=false, udp-relay=false, tag=vmess-tls-02
;vmess=192.168.1.1:443, method=none, password=23ad6b10-8d1a-40f7-8ad0-e3e35cd32291, obfs=over-tls, obfs-host=example.com, tls13=true, fast-open=false, udp-relay=false, tag=vmess-tls-03
;vmess=example.com:80, method=chacha20-poly1305, password=23ad6b10-8d1a-40f7-8ad0-e3e35cd32291, obfs=ws, obfs-uri=/ws, fast-open=false, udp-relay=false, tag=vmess-ws-01
;vmess=192.168.1.1:80, method=chacha20-poly1305, password=23ad6b10-8d1a-40f7-8ad0-e3e35cd32291, obfs=ws, obfs-host=example.com, obfs-uri=/ws, fast-open=false, udp-relay=false, tag=vmess-ws-02
;vmess=example.com:443, method=chacha20-poly1305, password=23ad6b10-8d1a-40f7-8ad0-e3e35cd32291, obfs=wss, obfs-uri=/ws, fast-open=false, udp-relay=false, tag=vmess-ws-tls-01
;vmess=192.168.1.1:443, method=chacha20-poly1305, password=23ad6b10-8d1a-40f7-8ad0-e3e35cd32291, obfs=wss, obfs-host=example.com, obfs-uri=/ws, fast-open=false, udp-relay=false, tag=vmess-ws-tls-02
;vmess=192.168.1.1:443, method=chacha20-poly1305, password=23ad6b10-8d1a-40f7-8ad0-e3e35cd32291, obfs=wss, obfs-host=example.com, obfs-uri=/ws, tls13=true, fast-open=false, udp-relay=false, tag=vmess-ws-tls-03
#
# The obfs field is not supported for http
;http=example.com:80,fast-open=false, udp-relay=false, tag=http-01
;http=example.com:80, username=name, password=pwd, fast-open=false, udp-relay=false, tag=http-02
;http=example.com:443, username=name, password=pwd, over-tls=true, tls-host=example.com, tls-verification=true, fast-open=false, udp-relay=false, tag=http-tls-01
;http=example.com:443, username=name, password=pwd, over-tls=true, tls-host=example.com, tls-verification=true, tls-pubkey-sha256=eb5ec6684564fd0d04975903ed75342d1b9fdc2096ea54b4cf8caf4740f4ae25, fast-open=false, udp-relay=false, tag=http-tls-02
;http=example.com:443, username=name, password=pwd, over-tls=true, tls-host=example.com, tls-verification=true, tls-pubkey-sha256=eb5ec6684564fd0d04975903ed75342d1b9fdc2096ea54b4cf8caf4740f4ae25, tls-alpn=02683208687474702f312e31, fast-open=false, udp-relay=false, tag=http-tls-03
#
;socks5=example.com:80,fast-open=false, udp-relay=false, tag=socks5-01
;socks5=example.com:80, username=name, password=pwd, fast-open=false, udp-relay=false, tag=socks5-02
;socks5=example.com:443, username=name, password=pwd, over-tls=true, tls-host=example.com, tls-verification=true, fast-open=false, udp-relay=false, tag=socks5-tls-01
;socks5=example.com:443, username=name, password=pwd, over-tls=true, tls-host=example.com, tls-verification=true, tls-pubkey-sha256=eb5ec6684564fd0d04975903ed75342d1b9fdc2096ea54b4cf8caf4740f4ae25, fast-open=false, udp-relay=false, tag=socks5-tls-02
;socks5=example.com:443, username=name, password=pwd, over-tls=true, tls-host=example.com, tls-verification=true, tls-pubkey-sha256=eb5ec6684564fd0d04975903ed75342d1b9fdc2096ea54b4cf8caf4740f4ae25, tls-alpn=02683208687474702f312e31, fast-open=false, udp-relay=false, tag=socks5-tls-03
#
# The obfs field is only supported with websocket over tls for trojan. When using websocket over tls you should not set over-tls and tls-host options anymore, instead set obfs=wss and obfs-host options.
;trojan=example.com:443, password=pwd, over-tls=true, tls-verification=true, fast-open=false, udp-relay=false, tag=trojan-tls-01
;trojan=example.com:443, password=pwd, over-tls=true, tls-verification=true, tls13=true, fast-open=false, udp-relay=false, tag=trojan-tls-02
;trojan=192.168.1.1:443, password=pwd, over-tls=true, tls-host=example.com, tls-verification=true, fast-open=false, udp-relay=false, tag=trojan-tls-03
;trojan=192.168.1.1:443, password=pwd, over-tls=true, tls-host=example.com, tls-verification=true, tls13=true, fast-open=false, udp-relay=false, tag=trojan-tls-04
;trojan=192.168.1.1:443, password=pwd, over-tls=true, tls-host=example.com, tls-verification=true, tls-cert-sha256=b0088370d6c8e02d6e38c443abf81be2aaf1e18f00435aaf0b39852c338f7aaa, tls13=true, fast-open=false, udp-relay=false, tag=trojan-tls-05
;trojan=192.168.1.1:443, password=pwd, over-tls=true, tls-host=example.com, tls-verification=true, tls-pubkey-sha256=eb5ec6684564fd0d04975903ed75342d1b9fdc2096ea54b4cf8caf4740f4ae25, tls13=true, fast-open=false, udp-relay=false, tag=trojan-tls-06
;trojan=192.168.1.1:443, password=pwd, over-tls=true, tls-host=example.com, tls-verification=true, tls-pubkey-sha256=eb5ec6684564fd0d04975903ed75342d1b9fdc2096ea54b4cf8caf4740f4ae25, tls-alpn=02683208687474702f312e31, tls13=true, fast-open=false, udp-relay=false, tag=trojan-tls-07
;trojan=192.168.1.1:443, password=pwd, obfs=wss, obfs-host=example.com, obfs-uri=/path, udp-relay=true, tag=trojan-wss-05

[filter_local]
;user-agent, ?abc*, proxy
;host, www.google.com, proxy
;host-keyword, adsite, reject
;host-wildcard, *.goo?le.com, proxy
;host-suffix, googleapis.com, proxy
;host-suffix, googleapis.com, proxy, force-cellular
;host-suffix, googleapis.com, proxy, multi-interface
;host-suffix, googleapis.com, proxy, multi-interface-balance
;host-suffix, googleapis.com, proxy, via-interface=pdp_ip0
;ip6-cidr, 2001:4860:4860::8888/32, direct
;ip-cidr, 10.0.0.0/8, direct
;ip-cidr, 127.0.0.0/8, direct
;ip-cidr, 172.16.0.0/12, direct
;ip-cidr, 192.168.0.0/16, direct
;ip-cidr, 224.0.0.0/24, direct
;geoip, cn, direct
;geoip, cn, direct, force-cellular
;ip-asn, 6185, proxy
# You can add below host-keyword rule to skip the DNS query for all the non-matched hosts. Pure IP requests won't be matched by the host related rules.
;host-keyword, ., proxy
final, proxy


#
# The "reject" returns HTTP status code 404 with no content. This type of rewrite has some kind of dynamic delay (0~5 seconds) mechanism of response for repeated requests in a short period of time. The less the repetition, the shorter the delay (0). The more the repetition, the greater the delay (5).
# The "reject-200" returns HTTP status code 200 with no content.
# The "reject-img" returns HTTP status code 200 with content of 1px gif.
# The "reject-dict" returns HTTP status code 200 with content of empty json object.
# The "reject-array" returns HTTP status code 200 with content of empty json array.
# The "request-header" works for all the http headers not just one single header, so you can match two or more headers including CRLF in one regular expression.
# The "echo-response" just reply back the body of the content type response for matched URL, the body file should be saved at "On My iPhone - Quantumult X - Data".
# The length and encoding related HTTP header fields will be automatically processed by Quantumult if the "rewrite" is body related, so you should not handle them by yourself. The max supported original response body size is 4 MB(iOS 13+) for script-response-body.
# The body related rewrite will not be executed if the body is empty.
# When using javascript in rewrite, you can use those objects: $request, $response, $notify(title, subtitle, message), console.log(message) and Quantumult's built-in objects all have prefix "$".
# Supports: $request.sessionIndex, $request.scheme, $request.method, $request.url, $request.path, $request.headers,$response.sessionIndex, $response.statusCode, $response.headers, $response.body
# The $request.sessionIndex is equal to $response.sessionIndex when the response is related to the request. The sessionIndex has nothing to do with the index of TCP records in the orange "Activity" panel.
# The $notify(title, subtitle, message) will post iOS notifications if Quantumult notification has been enabled.
# The $prefs is for persistent store: $prefs.valueForKey(key), $prefs.setValueForKey(value, key), $prefs.removeValueForKey(key), $prefs.removeAllValues().
# The console.log(message)  will output logs to Quantumult log file.
# The setTimeout(function() { }, interval) will run function after interval(ms).
# The scripts for script-request-header, script-request-body, script-response-header, script-response-body, script-echo-response and script-analyze-echo-response should be saved in local "On My iPhone - Quantumult X - Scripts" or "iCloud Drive - Quantumult X - Scripts". Samples can be found at https://github.com/crossutility/Quantumult-X
# The difference between script-analyze-echo-response and script-echo-response is that the former will wait for the request body.
#
# The HTTP(HTTPS) request will be matched if the URL and the headers are both matched for the url-and-header rewrite (The URL will be evaluated first, and if it is not matched then the headers will not be evaluated at all). The string of the headers to compare contains the method, path and key-value headers.
#
[rewrite_local]
(?<=_region=)CN(?=&) url 307 KR
(?<=&mcc_mnc=)4 url 307 2
^(https?:\/\/(tnc|dm)[\w-]+\.\w+\.com\/.+)(\?)(.+) url 302  $1$3
(?<=\d\/\?\w{7}_\w{4}=)1[6-9]..(?=.?.?&) url 307 17
;^http://example\.com/resource1/1/ url reject
;^http://example\.com/resource1/2/ url reject-img
;^http://example\.com/resource1/3/ url reject-200
;^http://example\.com/resource1/4/ url reject-dict
;^http://example\.com/resource1/5/ url reject-array
;^http://example\.com/resource2/ url 302 http://example.com/new-resource2/
;^http://example\.com/resource3/ url 307 http://example.com/new-resource3/
;^http://example\.com/resource4/ url request-header ^GET /resource4/ HTTP/1\.1(\r\n) request-header GET /api/ HTTP/1.1$1
;^http://example\.com/resource4/ url request-header (\r\n)User-Agent:.+(\r\n) request-header $1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36$2
;^http://example\.com/resource5/ url request-body "info":\[.+\],"others" request-body "info":[],"others"
;^http://example\.com/resource5/ url response-body "info":\[.+\],"others" response-body "info":[],"others"
;^http://example\.com/resource5/ url echo-response text/html echo-response index.html
;^http://example\.com/resource6/ url script-response-body response-body.js
;^http://example\.com/resource7/ url script-echo-response script-echo.js
;^http://example\.com/resource8/ url script-response-header response-header.js
;^http://example\.com/resource9/ url script-request-header request-header.js
;^http://example\.com/resource10/ url script-request-body request-body.js
;^http://example\.com/resource1/1/ \r\nUser-Agent: example-agent url-and-header reject
;^http://example\.com/resource1/1/ ^POST url-and-header reject


#
# If the require-devices is set, this line of configuration will only be loaded when current Quantumult device ID belongs to the require-devices. The Quantumult device ID can be found in "Settings - Misc Settings - About".
# The $task.fetch() compose a HTTP request and deal with the response, only text body is supported. A $task.fetch() can be embeded in the completion handler of another $task.fetch(), if you want serial requests not current requests.
# The scripts should be saved in local "On My iPhone - Quantumult X - Scripts" or "iCloud Drive - Quantumult X - Scripts". Samples can be found at https://github.com/crossutility/Quantumult-X/blob/master/sample-task.js
# The default HTTP request timeout is 10 seconds.
#
# Supports 5 or 6 fields of cron excluding the command field. The event-network will be triggered when network changed. The event-interaction will be triggered when user tapped a UIAction. The event related task only can be triggered when the Quantumult X Tunnel is running.
#
[task_local]
;* * * * * sample-task.js
;* * * * * sample-task2.js, img-url=https://raw.githubusercontent.com/crossutility/Quantumult-X/master/quantumult-x.png, tag=Sample, enabled=true
;* * * * * sample-task3.js, img-url=https://raw.githubusercontent.com/crossutility/Quantumult-X/master/quantumult-x.png, tag=Sample, require-devices=ID1, ID2, enabled=true
;event-network sample-task3.js
;event-interaction sample-task4.js
#
# Just like any web browser, http(s) url string after # is never sent to the server. You can add # to the script http(s) url to append customized params, and using API $environment.sourcePath to get the whole path (https://example.com/sample.js#this-is-not-sent-to-server&key1=value1&key2=value2) and extract the customized params in the script by yourself.
#
;* * * * * https://example.com/sample.js#this-is-not-sent-to-server&key1=value1&key2=value2, tag=Sample, enabled=true


#
# Deploy a local HTTP server and use JavaScript for data processing.
# If the require-devices is set, this line of configuration will only be loaded when current Quantumult device ID belongs to the require-devices. The Quantumult device ID can be found in "Settings - Misc Settings - About".
# The input variables are $reqeust.url, $reqeust.path, $reqeust.headers, $reqeust.body
# The output using $done like $done({status:"HTTP/1.1 200 OK"}, headers:{}, body:"here is a string") to sendback the response.
# Further more you can use a signature or any other validation method to verify if the request is legitimate.
# After the deployment you should visit it through http://127.0.0.1:9999/your-path/your-api/.
#
[http_backend]
;https://raw.githubusercontent.com/crossutility/Quantumult-X/master/sample-backend.js, tag=fileConverter, path=^/example/v1/
;preference.js, tag=userPreference, path=^/preference/v1/, img-url=https://example.com, enabled=true
;sample.js, tag=sample, path=^/sample/v1/, require-devices=ID1, ID2, enabled=true
;convert.js, tag=fileConverter, path=^/convert/v1/


#
# If the source IP of the TCP connection is matched by the skip_src_ip, the hostname will not be evaluated. The wildcard * and ? are supported.
# If the destination IP of the TCP connection is matched by the skip_dst_ip, the hostname will not be evaluated. The wildcard * and ? are supported.
# Only the TLS SNI or destination address in "hostname" will be handled by MitM. The wildcard * and ? are supported.
#
# Important !!! You should always keep your CA passphrase and p12 private.
#
[mitm]
hostname = *.tiktokv.com, *.byteoversea.com, *.tik-tokapi.com
passphrase = 6FEC72F4
p12 = MIILuQIBAzCCC4MGCSqGSIb3DQEHAaCCC3QEggtwMIILbDCCBccGCSqGSIb3DQEHBqCCBbgwggW0AgEAMIIFrQYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQYwDgQIrlZN5q/+VbQCAggAgIIFgHS8rpbSq95Xc1euilH6vil6KvWi7w6AW+J6UCfYFsKfcD5fVXQ7pGqMTmlMRrlR1yyJIMUKAv4cngKQB2xvZr9AK8/Wf7Zf0QIinhFgB72lwWoJBZEfFT+KZkLVkBLJ1ZJwy4Upu/Uv2uCCb5BIG0LE1OBibWaH+6hZpKoFUYMcOjdAN1KtdvsuW8HuQnl98LG36oFd8kOUOKQveFl9piquk6To6WmhKKpAe1MPyHOn7Wa99vyLw/O0GXrpQ926C/xSMlwPZBxuvHiCVVk1aDqFZAnRMkFPL8YTZkwFyEU4wDUxwUJmWfKfDgIl/Jhlir+rRjw5lWGS6LRWQiQZDCtuOw2KcdiXZMTQsa6O1tS6/9YA9IuABQQCxRnmnZ4lJcl34OOCLvRnCr+gf0Ftqy0KgcigxSv04e6VtGQ0M4rKTHvFGDmCgU9DUWTkhYDg9Df4ZoIyh2JVCgxiK8VVznqg1UgG6sxeZWFNarapN5ymQg/yICFB+PKzzrVuKCaxbzwMo1vgif9nffHUWLjw2ayfg4C7gO+C2ZSTKHLZkDzUQ0WgTIdGyPHa2A8rP3sUEM/o3DUMN6gTGNOpAUM4V7zKMbNaVdXPmtaapHaKsrr1BVw+u/npAcF7e757csGbkYTnnyhIedZWdy+SNBDWeNKtgl4axlZV5f+YiWjknVjIRla/b14tjB8AN4ldqHzPLeOTwu8SIae8FdFSSK3wu0DmzSi440N8dnYEZAsgLgXpLGdZmoQ1Yx0ZHgJ7SjMnfFw/3TbzhdZ/a8kYEho3G72fV6QOLEhFQz16Tg+1B4Mx8K5YSsrcHmUm2Mmcs1tzL/1PA/hBLs5Q4mksrEts9ETgpF0iU6PzlURhO3AF9Zb8m4fO3WV/5RqpE0KKHa4z1AT8lT7VMrS45N5dACF3KCXO7S2ohPR/zmFhqi4K+PmsyaX5y89PGQMmGbC4gzIe+GMbOZ3Xes8pB1gk1mrvMHE9nLeeyFL0ZBS/c9wgffQQefGyW0dosP27e3GtgGVrPSa6DIrDIqW15h4Gk3EbUIKbOU6XzdhwmZ27QG5IKmHnBEMdDDHUY78CLJZ53BENMN16VgmOOL1BydilFRHx3MODIeWE6+EtE3HpqKweVku5lWlYcYxqW2rLa4zrCpdgwooYsU+PeGS/2fa01ZuL4YttTfv3jZiZXLETOykwPlt+tau9gs676QehDl+qgWfrypJaHsQRwrCPkE66dgUY7WmU19jJ+mc+ATrsxKlrOlzFXIacMD2049lIh+8cC57PSuNelUiElEmoxeo5j3PCAmW+DDQVq7erng6yH7aWx+PKRBxvOhBKEIlkmww6Bvpqhcriptsbh1ZtpMa8aOZDijU7NzaEV2sYZs5ny08O6XPCLqVH/GlNU/xIbsyDmwltJxzOPtYzcA5zuXN47L2uRM1tO2mo9I2+suTK6Ufz9uEifW7PcgjW0p0SQXUhrSBsBr60w4iiV940QRdRiLdgVENwG/1o4i5N1A681xHikct5m2xg4UhTatPCGuB4AKE9CSoP9UNF+/NRr0WLzK8UGJnf+idTwMSG5zufocx1EgqkHL/H9gmsrJxdj7rDi5bSS/JQ1EK1AKLgej53Pwwp/GB6R8AbfrKwYsNJxmIgZMfWHHOWfb+aMqgslJqSz6+UNJ5U1j/G9F9xoyjfSziBcXJLuP+jCZb92CFqf/eTlGMmsfOEMof5aczFO01FUcacnPGedT8XXToQqWw5EeWO7GqgyieXinexopOcQm7RT9RpT5la14+M4Qmm/vJhD4vBVgTfZQ4HGgHJQhEwS+GaZnrfb6RjXfyBGTQ0tsD+61HmCF5cNOrGQzwrCGH49bAkn5ud4889lMqC2HfdxR3zHcswggWdBgkqhkiG9w0BBwGgggWOBIIFijCCBYYwggWCBgsqhkiG9w0BDAoBAqCCBO4wggTqMBwGCiqGSIb3DQEMAQMwDgQI+2FMSAeo2cUCAggABIIEyGo5xh3yxBVifnV2Xpr0IH8jRaP7ceaRCKikPQdQpn4LH8yYyUlpB+5UIFSk+XDVx9J4AxRuY8m3MmC/jPvdeiXFMK/n3bzB/hkcote2OHCPzsUQsww4cq5vMsRN9SE/0cJLM30+YHxUIKvPx8gwZchGr7Hbnt3qO4BYwJvyQu7+7lfid2Ls/KqyUY8BJpLWqxIS1+iKE107SMN2Y6RT2bQqm+u8veyT8Ac1l6WeIAJi15Dp498NzCHKbtch1UxiYtj4dDQBLtNawFAt/U+MlW04O1M5O67L4+6lCDPIqtx1NRVL+CqMxcTOeouYa5llWfIbSg2NLjOiIckTfGXTrETkCLeeFM2A4RLJPdlXtiQVjvrKcLzrec2J7Ano97dhP4/EO1kwRMolJKig2TtkMnhaIidB+AUJguxb44GDiRIl7/HfKhg5KPJNDpsvaml+BNhUY11yXhjq1UbifmLTuihbwYw8har5uKcO73Kxz4C4PcPZ6i/M8e+xBocrGVQgwUgpIlWIdYYmd3AAl8sLCZ/G8KPuMndQBLHji4EPhu8Va1F6ggqdbjmVCZwP2w62aTI89ZLgde5AyQbcjwKln3cv72GGnfuk3nbFa+NSXv8luAet2ZhU11FBuNSL3YBb816BODA2qfZHUYyyb8oKNq/tfzgLdpUDdDbdas+0Oc3tVSYfl0vBlk51WN8UxM/HZNngxw/tYLFaSux2q5ET+Tr07KzmmXnAo6DqDrpMOcFGPhp+egJU/EDrHQVexyuAxxXG4OyULaCtKaAQNkLR79W0A1wHIzCyrIYzt2NZv+noKsNz1bPBy9nlQVz4NG6UKefcI/l4BPnj30HDJNTWBlcwtlcnnm/Dr2Y8HXbuTTwGe2iA21vjMMgXv6E4yorGARci8LyCOvc11F8PWYPF2zzhONJbPdlKGnzfhi9e4PUxTczBtUF/RlJ5Z87r851uOCbn1WTpkgaTNEhflfZjWBYr3RHlG6dT/QIeeSXeyolz4TnW2Sbx153YaZFFeudw5491QoNOB7N7lMNjdwm0z3yZzsZWHjHldga/5hMdHxWZbEAWWV9tecauvGsmyIfOXzToetaO+vb51M+iGJzqutcLnwL++fPvYO70GGyIUv6z4Mcmp1mBx2RzD4bkXlrA+cPyeSxwyqbXv5fmyUfs6csg07SBftXvAW5H9kP3xSTm3g8Q+BZj15o5l7PUGT+FUnSBBsgTzuUZKEGJxrM/ARUiG6QLp/weNnHt6y/2/5OE7EK6L0Z/oNt5krERuYhRlhNdGO1dygC5UtCkW+tp6Qqhi7+pNw9EoD8F8GAheZd9ByP9LqGllvqnmIKEV4hWuD78s+1eMzbDx6+j/O4qRloy/9WP/D/1sO9g/bvHjZLySEBI/eDuGp0Z8OFt4k6OMAkkT2+ZE+1NIvsZRVwjKZdja60W10wUYdA4Wk5KwmQTxsgWXZPgPNq58qrRNAMYOXOtQ+lsjGzYo55tkCsDzN9N5EPKbd533FPst3AhYnruY+KzV3plKqWkYgNornl9k2jrerBSK0zBbZRxeU0W4dBmTHVIOnfJj50S+du9iPSFocyyXet2/oo014RJ3buFy6tLFmAfSw3/kOGeW3vA35pw+aY7D5vlGDGBgDAjBgkqhkiG9w0BCRUxFgQUIypIl78g/6gSYsyvu8THFt3zh1IwWQYJKoZIhvcNAQkUMUweSgBRAHUAYQBuAHQAdQBtAHUAbAB0ACAAWAAgAEMAQQAgADQAMwBDAEQANABFADUAMQAgACgAMwAgAEYAZQBiACAAMgAwADIAMwApMC0wITAJBgUrDgMCGgUABBSnEBKlBYQlH2hDs3u21EDnulB54gQILTTCcpPKA6s=
;passphrase =
;p12 =
;skip_validating_cert = false
;skip_src_ip = 192.168.1.5, 192.168.1.6
;skip_dst_ip = 17.0.0.1
;hostname = *.example.com, *.sample.com, non-existed-domain.com, *.non-connected-domain.com