Brook GUI Documentation
Updated at: 2023-04-01

Table of Contents

Software for which this article applies

Intel Mac GUI proxy mode, Windows GUI proxy mode, Linux GUI proxy mode

This mode is very simple, will create:

iOS/M1 Mac GUI, Android GUI, Intel Mac GUI tun mode, Windows GUI tun mode, Linux GUI tun mode

The so-called Internet connection is IP to IP connection, not domain name connection. Therefore, the domain name will be resolved into IP before deciding how to connect.

Configuration Introduction

Configuration Support Systems Conditions Description
Import Servers iOS,Android,Mac,Windows,Linux / brook link list
System DNS iOS,Android,Mac,Windows,Linux / System DNS. Do not bypass this IP
Fake DNS iOS, Android, Mac, Windows, Linux Turn off the security DNS that comes with the system/browser, see below for details The domain name is resolved to Fake IP, which will be converted to a domain name when a connection is initiated, and then the domain name address will be sent to the server, and the server is responsible for domain name resolution
Block iOS,Android,Mac,Windows,Linux / Block switch
Block Domain iOS,Android,Mac,Windows,Linux Fake DNS: On Domain name list, matching domain names will be blocked. Domain name is suffix matching mode
Bypass iOS,Android,Mac,Windows,Linux / Bypass switch
Bypass IP iOS,Android,Mac,Windows,Linux / CIDR list, matched IP will be bypassed
Bypass Geo IP iOS,Android / The matched IP will be bypassed. Note: Global IP changes frequently, so the Geo library is time-sensitive
Bypass Apps Android / These apps will be bypassed
Bypass DNS iOS,Android,Mac,Windows,Linux / Support normal DNS, such as, support DoH, but need to specify the address of DoH through the parameter address, such as https://dns. is used to resolve Bypass Domain. The IP of this DNS will automatically Bypass
Bypass Domain iOS,Android,Mac,Windows,Linux Fake DNS: On List of domain names, matching domain names will use Bypass DNS resolution to get IP, whether the final connection will be bypassed depends on the Bypass IP . The domain name is a suffix matching pattern
Hosts iOS,Android,Mac,Windows,Linux / Hosts switch
Hosts List iOS,Android,Mac,Windows,Linux Fake DNS: On Specify IP, v4, v6 for the domain name, if the value is empty, the effect is the same as Block
Programmable iOS,Android,Mac,Windows,Linux / Programmable switch
Script iOS,Android,Mac,Windows,Linux / Script. All functions above can be controlled. And more and more, The whole process can be controled, see below for details.
Log iOS,Android,Mac,Windows,Linux / Log switch
Log View iOS,Android,Mac,Windows,Linux / Log List
Log View Plus iOS,Android,Mac,Windows,Linux / Log list, easier to read, filter conditions, etc.
MITM Log View iOS,Android,Mac,Windows,Linux / MITM log list, such as https request response, hexadecimal, JSON, image, etc.
TUN Mac,Windows,Linux / Choose proxy mode or tun mode
Capture Me iOS,Android,Mac,Windows,Linux / Test your packet capture or proxy software is working as a system proxy or TUN
Dark Mode iOS,Android,Mac,Windows,Linux / System / Light / Dark
Shortcut iOS,Android,Mac,Windows,Linux / Quickly control the functions in the menu on the home page
System Tray Windows / Open as systray, then open dashboard from the systray


Brook GUI will pass different global variables to the script at different times, and the script only needs to assign the processing result to the global variable out

Take full control of your own network

Introduction to incoming variables

variable type condition timing description out type
in_guiconfig map / before connected to override GUI configuration map
in_dnsquery map FakeDNS: On When a DNS query occurs Script can decide how to handle this request map
in_address map / When connecting to an address script can decide how to connect map
in_httprequest map / When an HTTP(S) request comes in the script can decide how to handle this request map
in_httprequest,in_httpresponse map / when an HTTP(S) response comes in the script can decide how to handle this response map


Key Type Description
_ bool For future compatibility, this key can be ignored

out, if it is error type will be recorded in the log. Ignored if not of type map, if it is map then explicitly specify each configuration item.

Key Type Description
systemdns4 string System DNS v4
systemdns6 string System DNS v6
fakedns bool Fake DNS switch
block bool GUI Block switch
bypass bool GUI Bypass switch
bypassdns4 string Bypass DNS v4
bypassdns6 string Bypass DNS v6
hosts bool GUI Hosts switch


Key Type Description Example
domain string domain name
type string query type A

out, if it is error type will be recorded in the log. Ignored if not of type map

Key Type Description Example
block bool Whether Block, default false. It is an OR relationship with GUI Block Domain false
ip string Specify IP directly, only valid when type is A/AAAA
forcefakedns bool Ignore GUI Bypass Domain, handle with Fake DNS, only valid when type is A/AAAA, default false false
system bool Get IP from system DNS, default false false
bypass bool whether to Bypass, default false, if true then use bypass DNS to resolve. It is an OR relationship with GUI Bypass Domain false


Key Type Description Example
network string Network type, the value tcp/udp tcp
ipaddress string IP type address. There is only of ipaddress and domainaddress. Note that there is no relationship between these two
domainaddress string Domain type address, because of FakeDNS we can get the domain name address here

out, if it is error type will be recorded in the log. Ignored if not of type map

Key Type Description Example
block bool Whether Block, default false false
ipaddress string IP type address, rewrite destination
ipaddressfrombypassdns string Use Bypass DNS to obtain A or AAAA IP and rewrite the destination, only valid when domainaddress exists, the value A/AAAA A
bypass bool Only available on iOS, Android. Bypass, default false. If true and domainaddress, then ipaddress or ipaddressfrombypassdns must be specified. It is an OR relationship with GUI Bypass IP false
mitm bool Whether to perform MITM, default false. Only valid when network is tcp. Need to install CA, see below false
mitmprotocol string MITM protocol needs to be specified explicitly, the value is http/https https
mitmcertdomain string The MITM certificate domain name, which is taken from domainaddress by default. If ipaddress and mitm is true and mitmprotocol is https then must be must be specified explicitly
mitmwithbody bool Whether to manipulate the http body, default false. will read the body of the request and response into the memory and interact with the script. iOS 50M total memory limit may kill process false
mitmautohandlecompress bool Whether to automatically decompress the http body when interacting with the script, default false false
mitmclienttimeout int Timeout for MITM talk to server, second, default 0 0
mitmserverreadtimeout int Timeout for MITM read from client, second, default 0 0
mitmserverwritetimeout int Timeout for MITM write to client, second, default 0 0


Key Type Description Example
URL string URL
Method string HTTP method GET
Body bytes HTTP request body /
... string other fields are HTTP headers /

out, must be set to a request or response


Key Type Description Example
StatusCode int HTTP status code 200
Body bytes HTTP response body /
... string other fields are HTTP headers /

out, must be set to a response

How to write Tengo script

Tengo Language Syntax



How to debug script

Why and How to Turn Off System and Browser Security DNS

Because if Security DNS is turned on, the Fake DNS will not work. So we have to turn it off:

Other systems and software, please find out whether it exists and how to close it

Install CA



Android has user CA and system CA, must be installed in the system CA after ROOT


nami install mad ca.txthinking
sudo mad install --ca ~/.nami/bin/ca.pem


Open GitBash

nami install mad ca.txthinking

Then open GitBash with admin

mad install --ca ~/.nami/bin/ca.pem

Note that software such as GitBash or Firefox may not read the system CA, you can use the system Edge browser to test after installation

Apple Push Problem

To receive push, Apple Server only allows Ethernet, cellular data, Wi-Fi connections. So you need to Bypass the relevant domain name and IP. Reference link

Other resources