The
Service Code prevents unauthorized access to the Kraker commands.
Example:
$shadow_secret=secret+code$
Power tip: you can use an initial question mark (?) to run an arbitrary command.
Example: ?vpn=1.2.3.4:1080
In the following command examples, you can use "shadow" instead of "localhost:8080" (requires Socks5 proxy).
http://localhost:8080/?dnslookup=X where "X" is either a domain name (a full URL is permitted) or an IP address
(for a reverse DNS lookup). The DoH (DNS-over-HTTPS) configuration is not used. To switch the DNS Service, prepend "X"
with the name of the Service and the equal sign.
http://localhost:8080/?servers=X where "X" is the name of a DNS Service (or blank). The special name "reset" is
used to restore the DNS Service as it was on startup. Use this command to view the list of active Resolvers without
effecting changes. DNS and DoH can exist together. To remove an active DoH Service, use an initial exclamation mark (!)
in "X". Add the equal sign and your shadow secret to display the list of shadow ports.
http://localhost:8080/?activate=X where "X" is the name of a Resolver Group to be activated. More than one group
may be specified, separated by comma or plus sign (+). If "X" is blank then the nameless group will be activated. Use an
initial minus sign (-) in a group name to deactivate the group. A group may include shadow ports. Add the equal sign and
your shadow secret to display the list of shadow ports.
http://localhost:8080/?reload=X where "X" is the name of a settings file (default is _settings.txt). This
is not exactly the same as loading the settings file on startup. The "default" DNS Service will not be invoked and
Option Flags do not apply unless $fmodify=1$ is specified. The file must be located in the home directory. Add the
equal sign and your shadow secret to display the list of shadow ports.
http://localhost:8080/?flags=X where "X" is a number in the range 0 to 31: console = 1, altport = 2, tor4all = 4,
showdns = 16. Add up the numbers to combine the flags. The new flag settings will be shown. If "X" is blank then no flags
will be changed.
Anatomy of the Kraker settings file
There are four data types: Option Flag, DNS Service, Resolver Group and IP Address List.
Option Flag has the format $name=0$ (change '0' to '1' to enable). There are five flags:
| fmodify | If enabled then the other flags may be modified when the settings file is reloaded.
The flags are initialized on startup. |
| console | If enabled then each connection opened in the Socks5 proxy will be reported in the
console (name, port, resolver code if any). |
| showdns | If enabled then DNS/DoH activity will be displayed in the console. Socket activity
will be shown if console output is enabled. |
| altport | If enabled then the proxy will invoke the Tor server at port 9150 (Tor Browser)
or else 9050 (stand-alone). |
| tor4all | If enabled then all connections will be passed through the Tor server
(exceptions apply). |
| $end$ | Special flag that marks the end of your settings (required). |
DNS Service has the format [#name ipaddr1 ipaddr2] where "name" is any name you wish to use
to select the service, "ipaddr1" is the primary server and "ipaddr2" is the backup server. The service named "default"
will be selected automatically on startup. For DoH (DNS-over-HTTPS), "ipaddr2" must be a string containing the domain
name and the service name (for example, "dns.google/resolve"). The DoH server must support the JSON format. DoH may
be mixed with normal DNS with the DoH appearing first. The "dnslookup" command uses the normal DNS.
Resolver Group has the format [?name domain1 | domain2 ipaddr ...] where "name" is any name you
wish to use to group one or more entries. If the name is omitted then the entry will be assimilated by default on startup
or a reload. Multiple domains must be separated with a vertical bar (you can use a list format with spaces or tabs or
newlines). A domain name beginning with a dot may be used as a wildcard. For example, .youtube.com includes
youtube.com and www.youtube.com. If more than one IP address is specified then one will be selected
randomly. The special form +name may be used to include an IP Address List. Mixing is allowed. That is,
IP addresses and one or more Lists may be included.
IP Address List has the format [+name ipaddr ...] where "name" is any name you wish to use to
include the list in a Resolver Group. Any number of IP addresses may appear. They may be separated with spaces or tabs or
new lines. Invalid IP addresses will be ignored.
The special IP address 0.0.0.0 may be used to block a domain. The special value FETCH will invoke a DNS
pre-fetch. The special value LOCAL forces the DNS lookup to go to the system DNS. The special values TOR
and VPN are used to route the connection through another proxy server. For VPN, you need the "vpn" command
to specify the server address. The special value SHD is used to create or remove a shadow port.
You can force local DNS, specify an IP address or use an IP address list with the TOR or VPN options:
[? anysite.com VPN:] or [? anysite.com VPN:1.2.3.4] or [? anysite.com TOR+iplist]