请注意,本文编写于 1248 天前,最后修改于 975 天前,其中某些信息可能已经过时。
适合真·懒得折腾用户,直接覆盖配置文件即可,覆盖后需要重新添加节点
描述
- 需自行添加节点,配置MITM
- 国内IP直连,海外IP全部走当前节点
- 神机去广告:重写+分流
- 一个很全的去广告分流规则,可能误杀导致某些软件不正常?
- js脚本:仅有京东淘宝历史价格,由于需要去github取得脚本查询,抢购时建议关闭
# Sample Quantumult Configuration
#
# Line started with ";" or "#" or "//" shall be comments.
# 以 ";" 或 "#" 或 "//" 开头的行为注释行。
#
# SS-URI scheme can be found at https://shadowsocks.org/en/spec/SIP002-URI-Scheme.html
#
# Quantumult uses HEAD method send HTTP request to the server_check_url to test the proxy's status, the results should be two latencies, the first one is TCP handshake to the proxy server, the second one is the total time that Quantumult successfully received the HTTP response from the server_check_url. The lightning icon means that the TCP fast open is successful. If the server in section [server_local] or section [server_remote] has its own server_check_url, its own server_check_url will be used instead of the server_check_url in section [general].
#
# Quantumult 使用 HTTP HEAD 方法对测试网址 server_check_url 进行网页响应性测试(测试结果为通过该节点访问此网页获得 HTTP 响应所需要的时间),来确认节点的可用性。
# Quantumult 界面中的延迟测试方式均为网页响应性测试,显示的最终延迟均为通过对应节点访问测试网页获得 HTTP 响应所需要时间。
# 由于 Trojan 协议为无响应校验协议,使得 HTTP 检测方式即使获得了 HTTP 响应,也不代表节点一定可用。
#
# The dns_exclusion_list contains the domains that disabled the placeholder IP(240.*), domains that are not in the dns_exclusion_list all have placeholder IP enabled and have turned on the resolve-on-remote setting.
#
# The udp_whitelist contains the destination UDP port, empty means all the ports are in udp_whitelist. UDP packtes(through Quantumult tunnel interface) with destination ports that are not in the udp_whitelist will be dropped. This setting has nothing to do with the policy and has nothing to do with the proxy(server) port either.
#
# The traffic to excluded_routes will not be handled by Quantumult. It is better to reboot your device after modification.
#
# The resource_parser_url sample can be found at https://raw.githubusercontent.com/crossutility/Quantumult-X/master/resource-parser.js
[general]
;profile_img_url=http://www.example.com/example.png
;resource_parser_url=http://www.example.com/parser.js
;server_check_url=http://www.google.com/generate_204
;geo_location_checker=http://www.example.com/json/, https://www.example.com/script.js
;running_mode_trigger=filter, filter, LINK_22E171:all_proxy, LINK_22E172:all_direct
dns_exclusion_list=*.cmpassport.com, *.jegotrip.com.cn, *.icitymobile.mobi, id6.me
;ssid_suspended_list=LINK_22E174, LINK_22E175
;udp_whitelist=53, 123, 1900, 80-443
;excluded_routes= 192.168.0.0/16, 172.16.0.0/12, 100.64.0.0/10, 10.0.0.0/8
;icmp_auto_reply=true
#
# The DNS servers fetched from current network(system) will always be used for better performance(you can disable this feature by using "no-system", but you should at least add one customized DNS server like "server=223.5.5.5").
# When no-ipv6 is set, the DNS module of Quanumult X Tunnel will directly let the AAAA query fail but still allow the A query from IPv6 DNS servers.
# The result of query will only be used for evaluating filter or connecting through direct policy, when connecting through server the result will not be used and Quantumult will never know the destination IP of related domain.
# Specially directly set 127.0.0.1 for a domain is not allowed in here. if you want some domain(eg: example.com) to be 127.0.0.1, just add "host, example.com, reject" to the "filter_local" section. The reject action will return DNS response with 127.0.0.1 to the query.
#
[dns]
;no-system
no-ipv6
server=223.5.5.5
server=114.114.114.114
server=119.29.29.29
server=8.8.8.8
;server=8.8.4.4:53
;server=/example0.com/system
;server=/example1.com/8.8.4.4
;server=/*.example2.com/223.5.5.5
;server=/example4.com/[2001:4860:4860::8888]:53
;address=/example5.com/192.168.16.18
;address=/example6.com/[2001:8d3:8d3:8d3:8d3:8d3:8d3:8d3]
#
# static policy points to the server in candidates you manually selected.
# available policy points to the first available server in candidates based on server_check_url(concurrent url latency test will be immediately launched when the policy has been triggered and the policy result is unavailable. If no network request is taking the policy at that time, that means the policy is in the idle state and the test won't be launched even if the server is down. At that time you can update the server status by manually launching the test, but it doesn't make any sense).
# round-robin policy points to the next server in candidates for next connection.
# ssid policy points to the server depending on the network environment.
# Param resource-tag-regex and server-tag-regex only work for static, available and round-robin type of polices.
#
[policy]
;static=policy-name-1, Sample-A, Sample-B, Sample-C, img-url=http://example.com/icon.png
;available=policy-name-2, Sample-A, Sample-B, Sample-C
;round-robin=policy-name-3, Sample-A, Sample-B, Sample-C
;ssid=policy-name-4, Sample-A, Sample-B, LINK_22E171:Sample-B, LINK_22E172:Sample-C
;static=policy-name-5, resource-tag-regex=^sample, server-tag-regex=^example, img-url=http://example.com/icon.png
;available=policy-name-6, resource-tag-regex=^sample, server-tag-regex=^example
;round-robin=policy-name-7, resource-tag-regex=^sample, server-tag-regex=^example
#
# Params "tag" and "enabled" are optional.
# The default sync interval for all kinds of remote resources is 86400 seconds.
# You can set update-interval=172800 to customize your auto sync interval(seconds), negative number means disable auto sync.
#
[server_remote]
;https://raw.githubusercontent.com/crossutility/Quantumult-X/master/server.txt, tag=Sample-01
;https://raw.githubusercontent.com/crossutility/Quantumult-X/master/server.txt, opt-parser=true, tag=Sample-01
;https://raw.githubusercontent.com/crossutility/Quantumult-X/master/server.txt, update-interval=-1, tag=Sample-01
;https://raw.githubusercontent.com/crossutility/Quantumult-X/master/server-complete.txt, tag=Sample-02, as-policy=static, img-url=http://example.com/icon.png, enabled=false
#
# Params "tag", "force-policy" and "enabled" are optional.
# When there is a force-policy, then the policy in filter of remote resource will be ignored and the force-policy will be used.
#
[filter_remote]
# 神机,去广告和劫持,源地址https://github.com/DivineEngine/Profiles/tree/master/Quantumult
https://raw.githubusercontent.com/DivineEngine/Profiles/master/Quantumult/Filter/Guard/Advertising.list, tag=广告, update-interval=86400, enabled=true
https://raw.githubusercontent.com/DivineEngine/Profiles/master/Quantumult/Filter/Guard/Hijacking.list, tag=运营商劫持, update-interval=86400, enabled=true
# 很多的一个去广告,源地址https://github.com/NobyDa/ND-AD
https://raw.githubusercontent.com/NobyDa/ND-AD/master/QuantumultX/AD_Block.txt, tag=超级多的去广告, update-interval=86400, opt-parser=false, enabled=true
;https://raw.githubusercontent.com/crossutility/Quantumult-X/master/filter.txt, tag=Sample, force-policy=your-policy-name, enabled=true
#
# Params "tag" and "enabled" are optional.
#
[rewrite_remote]
https://raw.githubusercontent.com/DivineEngine/Profiles/master/Quantumult/Rewrite/Block/Advertising.conf, tag=神机复写(去广告), update-interval=86400, opt-parser=false, enabled=true
https://raw.githubusercontent.com/DivineEngine/Profiles/master/Quantumult/Rewrite/Block/AdvertisingPlus.conf, tag=神机去广告+, update-interval=86400, opt-parser=false, enabled=true
https://raw.githubusercontent.com/DivineEngine/Profiles/master/Quantumult/Rewrite/Block/YouTubeAds.conf, tag=神机复写(油管广告,会员勿开), update-interval=86400, opt-parser=false, enabled=true
#https://raw.githubusercontent.com/ConnersHua/Profiles/master/Quantumult/X/Rewrite.conf, tag=去广告重写, update-interval=86400, opt-parser=false, enabled=true
;https://raw.githubusercontent.com/crossutility/Quantumult-X/master/sample-import-rewrite.txt, tag=Sample, enabled=true
#
# Only obfs=http, obfs=ws, obfs=wss can have optional "obfs-uri" field.
# The obfs-host param in wss will be used for TLS handshake and for HTTP header host field, if obfs-host is not set for wss the server address will be used.
# The UDP relay for VMess and Trojan is not currently supported.
# When using obfs=ws and obfs=wss the server side can be deployed by v2ray-plugin with mux = 0 or by v2ray-core.
# The obfs plugin tls1.2_ticket_auth has one more RTT than tls1.2_ticket_fastauth and obfs tls, you'd better use tls1.2_ticket_fastauth instead.
# The method chacha20-ietf-poly1305 and chacha20-poly1305 have the same effect in VMess configuration.
#
[server_local]
# 请自行导入节点
# Optional field tls13 is only for shadowsocks obfs=wss
;shadowsocks=example.com:80, method=chacha20, password=pwd, obfs=http, obfs-host=bing.com, obfs-uri=/resource/file, fast-open=false, udp-relay=false, server_check_url=http://www.apple.com/generate_204, tag=ss-01
;shadowsocks=example.com:80, method=chacha20, password=pwd, obfs=http, obfs-host=bing.com, obfs-uri=/resource/file, fast-open=false, udp-relay=false, tag=ss-02
;shadowsocks=example.com:443, method=chacha20, password=pwd, obfs=tls, obfs-host=bing.com, fast-open=false, udp-relay=false, tag=ss-03
;shadowsocks=example.com:443, method=chacha20, password=pwd, ssr-protocol=auth_chain_b, ssr-protocol-param=def, obfs=tls1.2_ticket_fastauth, obfs-host=bing.com, tag=ssr
;shadowsocks=example.com:80, method=aes-128-gcm, password=pwd, obfs=ws, fast-open=false, udp-relay=false, tag=ss-ws-01
;shadowsocks=example.com:80, method=aes-128-gcm, password=pwd, obfs=ws, obfs-uri=/ws, fast-open=false, udp-relay=false, tag=ss-ws-02
;shadowsocks=example.com:443, method=aes-128-gcm, password=pwd, obfs=wss, obfs-uri=/ws, fast-open=false, udp-relay=false, tag=ss-ws-tls-01
;shadowsocks=example.com:443, method=aes-128-gcm, password=pwd, obfs=wss, obfs-uri=/ws, tls13=true, fast-open=false, udp-relay=false, tag=ss-ws-tls-02
#
# Optional field tls13 is only for vmess obfs=over-tls and obfs=wss
;vmess=example.com:80, method=none, password=23ad6b10-8d1a-40f7-8ad0-e3e35cd32291, fast-open=false, udp-relay=false, tag=vmess-01
;vmess=example.com:80, method=aes-128-gcm, password=23ad6b10-8d1a-40f7-8ad0-e3e35cd32291, fast-open=false, udp-relay=false, tag=vmess-02
;vmess=example.com:443, method=none, password=23ad6b10-8d1a-40f7-8ad0-e3e35cd32291, obfs=over-tls, fast-open=false, udp-relay=false, tag=vmess-tls-01
;vmess=192.168.1.1:443, method=none, password=23ad6b10-8d1a-40f7-8ad0-e3e35cd32291, obfs=over-tls, obfs-host=example.com, fast-open=false, udp-relay=false, tag=vmess-tls-02
;vmess=192.168.1.1:443, method=none, password=23ad6b10-8d1a-40f7-8ad0-e3e35cd32291, obfs=over-tls, obfs-host=example.com, tls13=true, fast-open=false, udp-relay=false, tag=vmess-tls-03
;vmess=example.com:80, method=chacha20-poly1305, password=23ad6b10-8d1a-40f7-8ad0-e3e35cd32291, obfs=ws, obfs-uri=/ws, fast-open=false, udp-relay=false, tag=vmess-ws-01
;vmess=192.168.1.1:80, method=chacha20-poly1305, password=23ad6b10-8d1a-40f7-8ad0-e3e35cd32291, obfs=ws, obfs-host=example.com, obfs-uri=/ws, fast-open=false, udp-relay=false, tag=vmess-ws-02
;vmess=example.com:443, method=chacha20-poly1305, password=23ad6b10-8d1a-40f7-8ad0-e3e35cd32291, obfs=wss, obfs-uri=/ws, fast-open=false, udp-relay=false, tag=vmess-ws-tls-01
;vmess=192.168.1.1:443, method=chacha20-poly1305, password=23ad6b10-8d1a-40f7-8ad0-e3e35cd32291, obfs=wss, obfs-host=example.com, obfs-uri=/ws, fast-open=false, udp-relay=false, tag=vmess-ws-tls-02
;vmess=192.168.1.1:443, method=chacha20-poly1305, password=23ad6b10-8d1a-40f7-8ad0-e3e35cd32291, obfs=wss, obfs-host=example.com, obfs-uri=/ws, tls13=true, fast-open=false, udp-relay=false, tag=vmess-ws-tls-03
#
# Optional field tls13 is only for http over-tls=true
;http=example.com:80,fast-open=false, udp-relay=false, tag=http-01
;http=example.com:80, username=name, password=pwd, fast-open=false, udp-relay=false, tag=http-02
;http=example.com:443, username=name, password=pwd, over-tls=true, tls-host=example.com, tls-verification=true, fast-open=false, udp-relay=false, tag=http-tls-01
;http=example.com:443, username=name, password=pwd, over-tls=true, tls-host=example.com, tls-verification=true, tls13=true, fast-open=false, udp-relay=false, tag=http-tls-02
#
# Optional field tls13 is only for trojan over-tls=true
;trojan=example.com:443, password=pwd, over-tls=true, tls-verification=true, fast-open=false, udp-relay=false, tag=trojan-tls-01
;trojan=example.com:443, password=pwd, over-tls=true, tls-verification=true, tls13=true, fast-open=false, udp-relay=false, tag=trojan-tls-02
;trojan=192.168.1.1:443, password=pwd, over-tls=true, tls-host=example.com, tls-verification=true, fast-open=false, udp-relay=false, tag=trojan-tls-03
;trojan=192.168.1.1:443, password=pwd, over-tls=true, tls-host=example.com, tls-verification=true, tls13=true, fast-open=false, udp-relay=false, tag=trojan-tls-04
[filter_local]
;user-agent, ?abc*, proxy
;host, www.google.com, proxy
;host-keyword, adsite, reject
;host-suffix, googleapis.com, proxy
;ip6-cidr, 2001:4860:4860::8888/32, direct
ip-cidr, 10.0.0.0/8, direct
ip-cidr, 127.0.0.0/8, direct
ip-cidr, 172.16.0.0/12, direct
ip-cidr, 192.168.0.0/16, direct
ip-cidr, 224.0.0.0/24, direct
geoip, cn, direct
final, proxy
#
# The "reject" returns HTTP status code 404 with no content.
# The "reject-200" returns HTTP status code 200 with no content.
# The "reject-img" returns HTTP status code 200 with content of 1px gif.
# The "reject-dict" returns HTTP status code 200 with content of empty json object.
# The "reject-array" returns HTTP status code 200 with content of empty json array.
# The "request-header" works for all the http headers not just one single header, so you can match two or more headers including CRLF in one regular expression.
# The "echo-response" just reply back the body of the content type response for matched URL, the body file should be saved at "On My iPhone - Quantumult X - Data".
# The length and encoding related HTTP header fields will be automatically processed by Quantumult if the "rewrite" is body related, so you should not handle them by yourself. The max supported response size is 1024kB(decompressed) for response-body and script-response-body.
# The body related rewrite will not be executed if the body is empty.
# When using javascript in rewrite, you can use those objects: $request, $response, $notify(title, subtitle, message), console.log(message) and Quantumult's built-in objects all have prefix "$".
# Supports: $request.scheme, $request.method, $request.url, $request.path, $request.headers, $response.statusCode, $response.headers, $response.body
# The $notify(title, subtitle, message) will post iOS notifications if Quantumult notification has been enabled.
# The $prefs is for persistent store: $prefs.valueForKey(key), $prefs.setValueForKey(value, key), $prefs.removeValueForKey(key), $prefs.removeAllValues().
# The console.log(message) will output logs to Quantumult log file.
# The setTimeout(function() { }, interval) will run function after interval(ms).
# The scripts for script-request-header, script-request-body, script-response-header, script-response-body, script-echo-response and script-analyze-echo-response should be saved in local "On My iPhone - Quantumult X - Scripts" or "iCloud Drive - Quantumult X - Scripts". Samples can be found at https://github.com/crossutility/Quantumult-X
# The difference between script-analyze-echo-response and script-echo-response is that the former will wait for the request body.
#
[rewrite_local]
^https?://trade-acs\.m\.taobao\.com/gw/mtop\.taobao\.detail\.getdetail url script-response-body https://raw.githubusercontent.com/yichahucha/surge/master/tb_price.js
^http://.+/amdc/mobileDispatch url script-response-body https://raw.githubusercontent.com/yichahucha/surge/master/tb_price.js
^https?://api\.m\.jd\.com/client\.action\?functionId=(wareBusiness|serverConfig|basicConfig) url script-response-body https://raw.githubusercontent.com/yichahucha/surge/master/jd_price.js
;^http://example\.com/resource1/1/ url reject
;^http://example\.com/resource1/2/ url reject-img
;^http://example\.com/resource1/3/ url reject-200
;^http://example\.com/resource1/4/ url reject-dict
;^http://example\.com/resource1/5/ url reject-array
;^http://example\.com/resource2/ url 302 http://example.com/new-resource2/
;^http://example\.com/resource3/ url 307 http://example.com/new-resource3/
;^http://example\.com/resource4/ url request-header ^GET /resource4/ HTTP/1\.1(\r\n) request-header GET /api/ HTTP/1.1$1
;^http://example\.com/resource4/ url request-header (\r\n)User-Agent:.+(\r\n) request-header $1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36$2
;^http://example\.com/resource5/ url request-body "info":\[.+\],"others" request-body "info":[],"others"
;^http://example\.com/resource5/ url response-body "info":\[.+\],"others" response-body "info":[],"others"
;^http://example\.com/resource5/ url echo-response text/html echo-response index.html
;^http://example\.com/resource6/ url script-response-body response-body.js
;^http://example\.com/resource7/ url script-echo-response script-echo.js
;^http://example\.com/resource8/ url script-response-header response-header.js
;^http://example\.com/resource9/ url script-request-header request-header.js
;^http://example\.com/resource10/ url script-request-body request-body.js
#
# The $task.fetch() compose a HTTP request and deal with the response, only text body is supported. A $task.fetch() can be embeded in the completion handler of another $task.fetch(), if you want serial requests not current requests.
# The scripts should be saved in local "On My iPhone - Quantumult X - Scripts" or "iCloud Drive - Quantumult X - Scripts". Samples can be found at https://github.com/crossutility/Quantumult-X/blob/master/sample-task.js
# The default HTTP request timeout is 10 seconds.
#
# Supports 5 or 6 fields of cron excluding the command field.
#
[task_local]
;* * * * * sample-task.js
;* * * * * sample-task2.js, img-url=https://raw.githubusercontent.com/crossutility/Quantumult-X/master/quantumult-x.png, tag=Sample, enabled=true
#
# Deploy a local HTTP server and use JavaScript for data processing.
# The input variables are $reqeust.url, $reqeust.path, $reqeust.headers, $reqeust.body
# The output using $done like $done({status:"HTTP/1.1 200 OK"}, headers:{}, body:"here is a string") to sendback the response.
# Further more you can use a signature or any other validation method to verify if the request is legitimate.
# After the deployment you should visit it through http://127.0.0.1:9999/your-path/your-api/.
#
[http_backend]
;https://raw.githubusercontent.com/crossutility/Quantumult-X/master/sample-backend.js, tag=fileConverter, path=^/example/v1/
;preference.js, tag=userPreference, path=^/preference/v1/, img-url=https://example.com, enabled=true
;convert.js, tag=fileConverter, path=^/convert/v1/
#
# Only the TLS SNI or destination address in "hostname" will be handled by MitM.
#
# By default when MitM enabled for the HTTPS request, Quantumult X fetches the certificate(the certificate will be cached) from the original site, keeps most of the needed original certificate informations and re-signs it using the MitM root CA, this is the recommended(and more compatible) way of creating MitM certificate.
# Occasionally some users like to debug the HTTPS request that its domain does not exist, so the original certificate doesn't even exist. This is when the param simple_cert_hostname comes up. The HTTPS request with TLS SNI names that are in the simple_cert_hostname(and hostname) will using the pure local generated MitM certificate.
#
# Important !!! You should always keep your CA passphrase and p12 private.
#
[mitm]
# 请手动配置mitm,具体教程请翻阅quantumult X教程
# 地址:https://www.notion.so/Quantumult-X-1d32ddc6e61c4892ad2ec5ea47f00917
;passphrase =
;p12 =
;skip_validating_cert = false
;force_sni_domain_name = false
;hostname = *.example.com, *.sample.com, non-existed-domain.com, *.non-connected-domain.com
;simple_cert_hostname = non-existed-domain.com, *.non-connected-domain.com
吐槽两句:iOS的去广告还是比不上Android,即使使用了去广告也只能去除部分,常常有漏网之鱼,还是得修改程序才能做到最彻底的去广告