| .github | ||
| clash | ||
| docs | ||
| openwrt | ||
| scripts | ||
| src | ||
| .gitignore | ||
| Dockerfile | ||
| LICENSE | ||
| README_EN.md | ||
| README.md | ||
UA3F
English | 简体中文
UA3F is an HTTP Header rewriting tool that transparently rewrites HTTP request headers (such as User-Agent) as an HTTP, SOCKS5, TPROXY, REDIRECT, or NFQUEUE server.
Features
- Multiple server modes: HTTP, SOCKS5, TPROXY, REDIRECT, NFQUEUE(UA2F)
- Highly flexible rewriting rule system with multiple rule types and rewriting strategies
- Real-time statistics dashboard with traffic modification monitoring and analysis
- Multiple deployment options: opkg installation, compilation, and Docker deployment
- Compatible with Clash Fake-IP & Redir-Host modes for coexistence
- Supports TTL, TCP Timestamp, TCP Window and IP ID obfuscation
- Supports TCP Desync fragment reordering to evade Deep Packet Inspection (DPI)
 |
 |
Deployment
Three deployment methods are available:
-
IPK Package Installation:
Pre-compiled versions for common architectures are available on the Release page. Download the appropriate version for your device architecture and install it on OpenWrt using
opkg install. -
OpenWrt Compilation:
git clone https://github.com/openwrt/openwrt.git && cd openwrt git checkout openwrt-24.10 ./scripts/feeds update -a && ./scripts/feeds install -a git clone https://github.com/SunBK201/UA3F.git package/UA3F make menuconfig # Select Network->Web Servers/Proxies->ua3f make download -j$(nproc) V=s make -j$(nproc) || make -j1 || make -j1 V=sc # make package/UA3F/openwrt/compile -j1 V=sc # Compile single package -
Docker Deployment:
docker run -p 1080:1080 sunbk201/ua3f -f FFF
Usage
UA3F supports LuCI Web interface. Navigate to Services -> UA3F for configuration.
For detailed tutorial, please visit: UA3F User Guide
Device and system information regex reference:
(Apple|iPhone|iPad|Macintosh|Mac OS X|Mac|Darwin|Microsoft|Windows|Linux|Android|OpenHarmony|HUAWEI|OPPO|Vivo|XiaoMi|Mobile|Dalvik)
Manual Command Line Launch
opkg install sudo
sudo -u nobody /usr/bin/ua3f
For shellclash/shellcrash users, use the following command:
sudo -u shellclash /usr/bin/ua3f
# If the above command fails, use this one
sudo -u shellcrash /usr/bin/ua3f
Command line parameters:
-m <mode>: Server mode. Supports HTTP, SOCKS5, TPROXY, REDIRECT. Default: SOCKS5-b <bind addr>: Custom bind address. Default: 127.0.0.1-p <port>: Port number. Default: 1080-l <log level>: Log level. Default: info. Options: debug. Default log location:/var/log/ua3f.log-x: Rewrite mode. Supports GLOBAL, DIRECT, RULES. Default: GLOBAL-f <UA>: Custom User-Agent. Default: FFF-r <regex>: Custom regex to match User-Agent. Default: empty (all User-Agents will be rewritten)-s: Partial replacement, only replace the regex matched portion-z: Rewrite rules in JSON string format. Only effective in RULES rewrite mode-o ttl,tcpts,ipid: Enable TTL, TCP Timestamp, and IP ID obfuscation
Server Mode Description
UA3F supports 5 different server modes, each with unique characteristics:
| Server Mode | Working Principle | Clash Dependency | Compatibility | Performance | Coexist with Clash |
|---|---|---|---|---|---|
| HTTP | HTTP Proxy | Yes | High | Low | Yes |
| SOCKS5 | SOCKS5 Proxy | Yes | High | Low | Yes |
| TPROXY | netfilter TPROXY | No | Medium | Medium | Yes |
| REDIRECT | netfilter REDIRECT | No | Medium | Medium | Yes |
| NFQUEUE | netfilter NFQUEUE | No | Low | High | Yes |
Rewrite Strategy Description
UA3F supports 3 different rewrite strategies:
| Rewrite Strategy | Rewrite Behavior | Rewrite Headers | Applicable Modes |
|---|---|---|---|
| GLOBAL | Rewrite all requests | User-Agent | All server modes |
| DIRECT | No rewriting, pure forwarding | None | All server modes |
| RULES | Rewrite based on rewriting rules | Customizable | HTTP/SOCKS5/TPROXY/REDIRECT |