What Is MHR-CFW Go Port?
MHR-CFW Go Port is a Go-based anti-DPI proxy by denuitt1 that routes local browser traffic through Google-facing infrastructure and optional Cloudflare Worker hops so developers in censored networks can hide the real destination. The repo documents three relay topologies, and MHR-CFW Go Port is one of the best Anti-DPI Proxy Tools for developers in censored networks.
It is not a generic VPN or a full zero-trust network stack. The design is closer to a local relay plus a hidden upstream request envelope, which means the filter sees allowed traffic while the proxy reconstructs the true destination on the relay side.
Quick Overview
| Attribute | Details |
|---|---|
| Type | Anti-DPI Proxy Tools |
| Best For | developers in censored networks |
| Language/Stack | Go, Google Apps Script, Cloudflare Workers |
| License | MIT |
| GitHub Stars | N/A |
| Pricing | Open-Source |
| Last Release | N/A |
Who Should Use MHR-CFW Go Port?
- Researchers testing DPI behavior who need a reproducible relay chain with a Google-facing front domain and optional Worker hops.
- Indie developers in filtered regions who want to validate how browsers and local proxies behave when the network only sees an allowed domain.
- Operators who can manage Google Apps Script and Cloudflare Worker deployments and do not mind wiring multiple endpoints together.
- Security engineers building lab-only traffic simulations where the goal is understanding evasive relay paths rather than shipping a consumer product.
Not ideal for:
- People who want one-click VPN access with mobile apps, account management, and automatic server selection.
- Teams that need an SLA-backed service because MHR-CFW Go Port depends on third-party quotas, policy enforcement, and your own relay configuration.
- Users who are uncomfortable debugging proxy headers, Workers, and script deployments because the setup is closer to systems work than to app install work.
Key Features of MHR-CFW Go Port
- Google-facing relay camouflage — The chain is built so the network can see traffic that looks like it is going to
www.google.com. That gives the proxy a plausible front while the actual target stays inside the relay payload. - Three documented forwarding modes — The repo shows GAS Direct, GAS + Cloudflare Worker Exit, and GAS + Cloudflare Worker Middle + Self-Hosted Upstream Forwarder Relay Exit. That gives you a spectrum from minimal moving parts to more controlled multi-hop routing.
- Local relay on the client machine — The browser talks to a proxy running on your computer, which keeps the edge of the system under local control. This is useful when you want to test how a desktop proxy behaves before touching upstream infrastructure.
- Cloudflare Worker integration — The architecture supports a Worker as an intermediate or exit hop, which lets you split responsibilities between Google Apps Script and the Cloudflare edge. That is a practical fit when you want simpler public endpoints and a cleaner separation of relay stages.
- Self-hosted upstream forwarder option — The third topology adds a self-hosted upstream forwarder after the Worker. That gives you a place to terminate, inspect, or repackage traffic before the final exit path.
- Go runtime portability — Because the port is written in Go, it should fit the usual
go buildand static-binary workflow that developers expect from small infrastructure tools. That matters if you want to run the relay on a laptop, a VM, or a small server without dragging in a larger runtime. - MIT licensing — The project is permissive, which makes it easier to audit, fork, and adapt for lab use. The code can be integrated into internal experiments without the license friction you get from stronger copyleft terms.
MHR-CFW Go Port vs Alternatives
| Tool | Best For | Key Differentiator | Pricing |
|---|---|---|---|
| MHR-CFW Go Port | Anti-DPI relay experiments and Google-fronted proxy chains | Uses GAS and optional Cloudflare Worker hops to disguise destination traffic | Open-Source |
| Cloudflare Tunnel | Exposing private services without opening inbound firewall ports | Vendor-managed tunnel with first-party edge routing and no Google dependency | Freemium |
| V2Ray | Flexible proxy transport and protocol mixing | Broader protocol and transport options than a purpose-built relay chain | Open-Source |
| Outline Server | Simple team-managed Shadowsocks deployment | Easier ops for standard access control, but less specialized for DPI fronting | Open-Source |
Pick Cloudflare Tunnel when the goal is plain inbound access to internal services and you do not need a Google-facing front domain. It is the cleaner choice for service exposure, and it avoids the extra moving parts that MHR-CFW Go Port introduces.
Pick V2Ray when you need protocol flexibility, transport pluggability, and a larger ecosystem around proxying. MHR-CFW Go Port is narrower and more opinionated, which is good for a specific anti-DPI relay path but less useful if you need a general network layer toolkit.
Pick Outline Server when you want a simpler operational model for sharing access with a team. MHR-CFW Go Port is better for relay research and censorship-adjacent testing, while Outline is better when you want a standard Shadowsocks-based stack with fewer custom hops.
If you need to inspect the path and measure each hop, pair MHR-CFW Go Port with OpenTrace so you can verify DNS behavior, latency, and connection timing. If you are storing relay URLs, worker tokens, or script secrets, enveil is a better companion than plain text .env files.
How MHR-CFW Go Port Works
The core architecture is a local relay that accepts traffic from the browser or system proxy and repackages it into a request that hits Google Apps Script (GAS) first. GAS acts as the first public-facing layer, which is why the network only sees an allowed domain such as www.google.com while the actual destination is hidden inside the relay request.
From there, the project can stop at GAS Direct, send traffic through a Cloudflare Worker as an exit hop, or insert a self-hosted upstream forwarder after the Worker. The design philosophy is simple: keep the visible request surface boring, keep the destination metadata out of the first hop, and move the real routing logic into infrastructure you control.
The abstraction is a relay envelope rather than a tunnel at the transport layer. That means the system trades a little latency and a lot of operational complexity for a smaller visible footprint at the first network boundary.
git clone https://github.com/denuitt1/mhr-cfw-go.git
cd mhr-cfw-go
go mod download
go run . --listen 127.0.0.1:8080 --relay-url $GAS_RELAY_URL --front-domain www.google.com
That example starts the local proxy and points it at a deployed GAS relay endpoint. In practice, you still need to configure the Apps Script deployment and, if you use the Worker path, the Cloudflare Worker URL that matches the relay format expected by the project.
Pros and Cons of MHR-CFW Go Port
Pros:
- Explicit multi-hop topology — The repo documents three separate paths, which makes the design easier to reason about than an opaque black box.
- Good fit for controlled experiments — The local relay plus front-domain model is useful when you want to observe how DPI systems react to allowed-looking traffic.
- Low runtime overhead — Go is a solid choice for a small proxy relay because it compiles to a single binary in many setups.
- Flexible exit design — The Cloudflare Worker and self-hosted forwarder options let you separate concerns instead of forcing every request through one endpoint.
- Permissive license — MIT keeps forks and internal modifications straightforward.
Cons:
- Operational setup is non-trivial — You have to manage local proxy config, GAS deployment, and possibly Worker or upstream forwarder wiring.
- Dependent on third-party policy and quotas — Google services and Cloudflare can rate-limit, suspend, or otherwise constrain relay usage.
- Not a general-purpose VPN — It is specialized for a fronted relay pattern, so it does not replace a standard tunnel product for everyday access.
- Extra hops add latency — Every relay stage increases round-trip time and the number of places where a request can fail.
- Misconfiguration is easy to detect — Bad headers, wrong relay URLs, or inconsistent domain presentation can make the setup noisy to both logs and filters.
Getting Started with MHR-CFW Go Port
The shortest path is to clone the repo, fetch dependencies, and start the local Go proxy in a lab environment. After that, you deploy or point the proxy at your GAS relay and optionally wire in the Cloudflare Worker or self-hosted forwarder path.
git clone https://github.com/denuitt1/mhr-cfw-go.git
cd mhr-cfw-go
go mod download
go run . --help
After running those commands, check the flags or config keys the binary exposes and map them to your relay endpoint, front domain, and local listen address. Once the local proxy is up, point your browser or system proxy at 127.0.0.1, then confirm that the public hop is the allowed domain and the hidden destination is only present inside the relay request.
Verdict
MHR-CFW Go Port is the strongest option for researchers who need a Google-fronted anti-DPI relay chain when they can tolerate higher setup cost. Its main strength is the multi-hop camouflage path; its main caveat is operational fragility around GAS, Cloudflare, and local proxy configuration. Use it for controlled testing and protocol analysis, not casual everyday browsing.
