What Is MHR-CFW-Go?
MHR-CFW-Go is a Go rewrite of denuitt1's mhr-cfw by ThisIsDara, and it is one of the best Network Proxy Tools for developers who need a local MITM relay with SOCKS5 and TUI control. It runs requests through Google infrastructure and adds YouTube support fixes, HTTP/2 transport, and 11 command-line options, so it is built for people who want a small proxy they can inspect, compile, and run on Windows, Linux, macOS, or Termux.
Quick Overview
| Attribute | Details |
|---|---|
| Type | Network Proxy Tools |
| Best For | Developers who need a local MITM relay with SOCKS5 and TUI control |
| Language/Stack | Go 1.22+, HTTP/2, SOCKS5, TUI, MITM certificate handling, Google Apps Script relay |
| License | MIT |
| GitHub Stars | N/A as of Feb 2026 |
| Pricing | Open-Source |
| Last Release | N/A |
Who Should Use MHR-CFW-Go?
- Developers behind restrictive network filters who need a local proxy that can route traffic through a Google Apps Script backend without carrying a Python runtime.
- Indie hackers shipping internal tooling who want a single Go binary, minimal dependencies, and command-line switches instead of a heavyweight proxy stack.
- Support engineers debugging web traffic who need HTTPS interception, request logging, and a SOCKS5 endpoint they can start and stop from a terminal session.
- Termux and mobile power users who need an Android-friendly build path and a tool that can be compiled with Go 1.22+.
Not ideal for:
- Teams that need enterprise policy controls, audited secrets management, or formal vendor support.
- Environments where installing a local CA certificate is not allowed.
- Users who want a general-purpose intercepting proxy with scriptable flow editing and advanced replay features.
Key Features of MHR-CFW-Go
- YouTube traffic fixes — The Go rewrite handles preflight
OPTIONSrequests, injects the right CORS headers, and decodes brotli or gzip responses correctly. It also adds properRangesupport, which matters for video streaming and resumable media fetches. - HTTP/2 transport — The proxy uses HTTP/2 instead of HTTP/1.1, so multiple requests can share a single connection with lower overhead. That reduces head-of-line blocking and keeps the relay responsive under bursty traffic.
- Connection pooling and request coalescing — TLS sessions are reused instead of recreated for every request, which cuts handshake cost. Identical
GETrequests can share one relay call, which avoids duplicated work when the browser or app retries the same asset. - LRU caching with TTL — Static assets can be cached with a bounded least-recently-used store and time-to-live semantics. That keeps repeated fetches fast without turning the proxy into an unbounded memory sink.
- RSA-4096 CA certificates — The local certificate authority was upgraded from 2048-bit keys to 4096-bit keys for HTTPS interception. That does not remove the need to trust the CA locally, but it does raise the key size used for MITM certificates.
- Clean shutdown and error handling — The app traps signals and exits cleanly on
Ctrl+C, which matters when you are running it in a terminal, a container, or Termux. Error paths return clearer messages instead of dumping stack traces. - Standard-library-first Go code — The rewrite aims for static typing and low dependency count, so the binary is easier to audit and package. That is a practical gain over Python scripts that depend on a larger runtime and more transitive packages.
MHR-CFW-Go vs Alternatives
| Tool | Best For | Key Differentiator | Pricing |
|---|---|---|---|
| MHR-CFW-Go | Local proxying through Google Apps Script with Go performance | HTTP/2, connection pooling, CORS fixes, and a lighter binary | Open-Source |
| mhr-cfw | Original Python implementation users | Baseline project that MHR-CFW-Go rewrites and optimizes | Open-Source |
| mitmproxy | Interactive traffic inspection and flow editing | Mature proxy UI, scripting, and deep request manipulation | Open-Source |
| gost | Multi-protocol tunneling and transport relays | Broader tunnel/proxy protocol support than this focused relay | Open-Source |
Pick mhr-cfw if you want the upstream Python codebase and do not care about the Go rewrite. Pick mitmproxy if you need full flow editing, scripting, and a larger intercepting-proxy ecosystem rather than a purpose-built relay.
Pick gost if your goal is generic tunneling across many protocols instead of a Google Apps Script-backed proxy. If you are evaluating adjacent observability tools, pair MHR-CFW-Go with OpenTrace for request-level tracing, or browse CLI Tools and DevOps Automation tools for nearby terminal-first utilities.
How MHR-CFW-Go Works
MHR-CFW-Go works by running a local proxy on your machine, accepting browser or application traffic, and forwarding the request through Google infrastructure before the Apps Script layer fetches the target site. The local process presents itself as a standard proxy endpoint, while the remote fetch path makes the upstream request and returns the response back through the relay.
The architecture is intentionally simple: a Go process handles local sockets, certificate interception, request normalization, and response rewriting, while config.json provides the authentication key and deployment ID needed to reach the script backend. That separation keeps the local binary focused on transport concerns and leaves the remote script responsible for the actual outbound fetch.
The rewrite adds practical transport decisions that matter under load. HTTP/2 reduces connection churn, pooling reuses TLS sessions, request coalescing prevents duplicated relay work, and LRU caching protects static assets from repeated fetches. The result is not a general-purpose proxy framework; it is a targeted relay optimized for a narrow, repeatable workflow.
./mhr-cfw-go --setup
./mhr-cfw-go --port 8080 --host 127.0.0.1 --log-level INFO
curl -x http://127.0.0.1:8080 https://example.com
The first command launches the setup flow so you can provide the deployment details and local settings. The second command starts the proxy on 127.0.0.1:8080, and the curl line shows the shape of the traffic path once the proxy is live.
Pros and Cons of MHR-CFW-Go
Pros:
- Single Go binary reduces runtime baggage and makes local distribution easier than a Python stack.
- HTTP/2 and pooling reduce connection overhead, which helps when the same origin is hit repeatedly.
- Better YouTube handling fixes CORS, encoding, and
Rangebehavior that matter for media delivery. - TLS interception support is built in, so HTTPS traffic can be observed after the local CA is installed.
- Cross-platform build path works on Windows, Linux, macOS, and Termux with the same source tree.
- Low dependency surface makes audits and reproducible builds simpler than a deeply nested package graph.
Cons:
- Requires Google Apps Script setup, so it is not a zero-config local proxy.
- Needs CA installation for HTTPS interception, which is a non-starter in locked-down environments.
- Not a full mitmproxy replacement, so advanced flow editing and replay workflows are limited.
- Relies on external Google services, which introduces quota, policy, and availability constraints.
- Documentation is still thin, so some operational details must be inferred from the README and command-line flags.
Getting Started with MHR-CFW-Go
A practical quickstart is to clone the repository, build the binary with Go 1.22+, and then run the setup wizard before starting the proxy. The project is designed so the first-run path is the same basic flow on desktop systems and Termux, with platform-specific build scripts available if you prefer them.
git clone https://github.com/ThisIsDara/mhr-cfw-go.git
cd mhr-cfw-go
go mod download
go build -ldflags "-s -w" -o mhr-cfw-go ./cmd/mhr-cfw
./mhr-cfw-go --setup
After the setup wizard completes, start the proxy and install the CA certificate from the menu or with --install-cert if you are automating the run. Once the local certificate is trusted, your browser or client can point at the local host and port without manual per-request configuration.
Verdict
MHR-CFW-Go is the strongest option for a lightweight Apps Script-backed proxy when you want a Go binary, HTTP/2 transport, and local HTTPS interception without dragging in a Python runtime. Its main strength is the transport cleanup and request handling fixes; its main caveat is the Google Apps Script dependency and CA install step. Use it if that trade-off fits your environment.
