[Guide] Quickstart with Docker & Whistle|Surge on Windows/Linux/iOS/Android*

[LynMoe]

⚠️This is not using a built image but an ubuntu image to run the server

Update 4/28: Whistle#issuecomment-1109968713

Whistle is a cross-platform web debugging tool based on Node.js. So theoretically you could use whistle to proxy the traffic on all platforms except Android 7.0+ without root.

Whistle is quite easy to install, just follow the steps below.

1. Install Node.js on your PC
2. Type npm install -g whistle and then w2 start to start the daemon
3. Open http://127.0.0.1:8899, switch to Rules tab and paste the following block
   • To be mentioned, the port 444 could be choosen on your own. If you use 443, the last line could be ignored.

     api-os-takumi.mihoyo.com https://12.34.56.78:444 
     hk4e-api-os-static.mihoyo.com https://12.34.56.78:444 
     hk4e-sdk-os.mihoyo.com https://12.34.56.78:444 
     dispatchosglobal.yuanshen.com https://12.34.56.78:444 
     osusadispatch.yuanshen.com https://12.34.56.78:444 
     account.mihoyo.com https://12.34.56.78:444 
     log-upload-os.mihoyo.com https://12.34.56.78:444 
     dispatchcntest.yuanshen.com https://12.34.56.78:444 
     devlog-upload.mihoyo.com https://12.34.56.78:444 
     webstatic.mihoyo.com https://12.34.56.78:444 
     log-upload.mihoyo.com https://12.34.56.78:444 
     hk4e-sdk.mihoyo.com https://12.34.56.78:444 
     api-beta-sdk.mihoyo.com https://12.34.56.78:444 
     api-beta-sdk-os.mihoyo.com https://12.34.56.78:444 
     cnbeta01dispatch.yuanshen.com https://12.34.56.78:444 
     dispatchcnglobal.yuanshen.com https://12.34.56.78:444 
     cnbeta02dispatch.yuanshen.com https://12.34.56.78:444 
     sdk-os-static.mihoyo.com https://12.34.56.78:444 
     webstatic-sea.mihoyo.com https://12.34.56.78:444 
     hk4e-sdk-os-static.hoyoverse.com https://12.34.56.78:444 
     webstatic-sea.hoyoverse.com https://12.34.56.78:444 
     sdk-os-static.hoyoverse.com https://12.34.56.78:444 
     api-account-os.hoyoverse.com https://12.34.56.78:444 
     hk4e-sdk-os.hoyoverse.com https://12.34.56.78:444 
     uspider.yuanshen.com https://12.34.56.78:444 
     dispatchosglobal.yuanshen.com https://12.34.56.78:444 
     dispatchcnglobal.yuanshen.com https://12.34.56.78:444 
     minor-api-os.hoyoverse.com https://12.34.56.78:444 
     log-upload-os.mihoyo.com https://12.34.56.78:444
     overseauspider.yuanshen.com https://12.34.56.78:444
     https://12.34.56.78 https://12.34.56.78:444

4. Install root certification on your system by clicking the HTTPS botton on the top
5. Set your the proxy setting of your system to 127.0.0.1:8899 or your.lan.ip.addr:8899
   • If you don't know how, search "your system name" set proxy on Google
6. Enjoy

---

Server

First you need to follow the guide to get the needed data

First copy the config to docker-compose.yaml

version: "3"

services:
  app:
    image: ubuntu:20.04
    stdin_open: true
    tty: true
    volumes:
      - ./app:/root
    working_dir: /root
    ports:
      - "22102:22102/udp"
      - "444:443"
    links:
      - "mongodb:db"

  mongodb:
    image: mongo
    command: ["mongod", "--dbpath", "/data/db"]
    volumes:
      - ./db:/data
    ports:
      - "27017:27017"

Then type sudo docker-compose up -d, docker-compose would up the 2 containers, then type sudo docker-compose exec app bash, then apt update && apt install -y openjdk-8-jdk vim

After that you could enter the grasscutter folder and start the server by java -jar grasscutter.jar

For me, I use port 444 for HTTPS, you can choose your own port.

Surge

Surge is a proxy client with other cool features like MitM and Script, I would introduce how to use Surge to proxy the connections to your server.

First install the cert on iOS or iPad OS, then merge the follow config into your config.

[MITM]
skip-server-cert-verify = true
tcp-connection = true
hostname = 123.234.235.156:0, api-os-takumi.mihoyo.com, hk4e-api-os-static.mihoyo.com, hk4e-sdk-os.mihoyo.com, dispatchosglobal.yuanshen.com, osusadispatch.yuanshen.com, account.mihoyo.com, log-upload-os.mihoyo.com, dispatchcntest.yuanshen.com, devlog-upload.mihoyo.com, webstatic.mihoyo.com, log-upload.mihoyo.com, hk4e-sdk.mihoyo.com, api-beta-sdk.mihoyo.com, api-beta-sdk-os.mihoyo.com, cnbeta01dispatch.yuanshen.com, dispatchcnglobal.yuanshen.com, cnbeta02dispatch.yuanshen.com, sdk-os-static.mihoyo.com, webstatic-sea.mihoyo.com, hk4e-sdk-os-static.hoyoverse.com, webstatic-sea.hoyoverse.com, sdk-os-static.hoyoverse.com, api-account-os.hoyoverse.com, hk4e-sdk-os.hoyoverse.com, uspider.yuanshen.com, dispatchosglobal.yuanshen.com, dispatchcnglobal.yuanshen.com, minor-api-os.hoyoverse.com, log-upload-os.mihoyo.com

[Script]
Genshin = type=http-request,pattern=.*(hoyo|yuanshen|hoyoverse|123\.234\.235).*,requires-body=1,max-size=0,script-path=145EA60D.js

145EA60D.js

let headers = $request.headers

let oriHost = /\/\/([\d\.a-zA-Z0-9:\-]*\/?)/.exec($request.url)[1]
let host = oriHost
if (oriHost[oriHost.length - 1] == '/') {
  host = oriHost.substring(0, oriHost.length - 1)
}

headers['host'] = host

$done({
  url: $request.url.replace(oriHost, '123.234.235.156:444/').replace('http://', 'https://'),
  headers,
})

123.234.235.156 is your server's ip address, don't forget to change the ip in regex expression

You need the global version of Genshin Impact, with full resource pack downloaded.

Then turn on the MitM as well as the Sciprt and you could enjoy.

[1-lavender-1]

Can I use shadowrocket instead?

[ALyCE233]

Quantumult X PLZ (uau;)

[Secretboy-SMR]

whistle is ok too

[hedw1gP]

Here is a Shadowrocket/Surge Module if anyone wants:

#!name=原神 Redirect
#!desc=Redirect

[URL Rewrite]
"[\w-]*\.hoyoverse\.com" your.genshin.host 307
"[\w-]*\.mihoyo\.com" your.genshin.host 307
"[\w-]*\.yuanshen\.com" your.genshin.host 307

[MITM]
hostname=%APPEND% *.mihoyo.com,*.hoyoverse.com,*.yuanshen.com

Remember to turn on MITM options and install certificate!

You might need to turn off the module after tap to login, then the game will check updates. Once the door appears you can turn it back on. I don’t know the solution by now so this is just my small experience.

Edit: I don’t have Quantumult X, so I don’t know how to write the config. You can just mimic this anyway.

[xiu920411]

307means443？

[hedw1gP]

307means443？

307 means Moved Temporary, it's not a port number.

[xiu920411]

307means443？

307 means Moved Temporary, it's not a port number.

I also realized IOS into the game with Fiddler software. Thank you for your help

[xiu920411]

whistle is ok too

Can Android work? Trust two certificates

[hedw1gP]

Can Android work? Trust two certificates

Android apps without specific debug purpose security policy would not work with User Certificates. You have to root your device, install the MITM certificate into System Certificates trust zone.

Android 应用程序如果没有打开关于调试加密网络相关的选项（通常只能通过修改程序源代码）的话，它是不会信任用户空间内的证书的。你必须 Root 你的设备，然后将中间人攻击证书安装到系统证书空间。

Learn more about Android’s certificate policy from 网络安全配置 - Android 开发者.

我知道你不怎么会英语，所以你也许可以用中文回复我

[xiu920411]

Can Android work? Trust two certificates

Android apps without specific debug purpose security policy would not work with User Certificates. You have to root your device, install the MITM certificate into System Certificates trust zone.

Android 应用程序如果没有打开关于调试加密网络相关的选项（通常只能通过修改程序源代码）的话，它是不会信任用户空间内的证书的。你必须 Root 你的设备，然后将中间人攻击证书安装到系统证书空间。

Learn more about Android’s certificate policy from 网络安全配置 - Android 开发者.

我知道你不怎么会英语，所以你也许可以用中文回复我

所以跟什么抓包软件无关，根源问题在于安卓7.0以后证书的信任如同虚设，不能抓https包咯

[01101sam]

Can Android work? Trust two certificates

Android apps without specific debug purpose security policy would not work with User Certificates. You have to root your device, install the MITM certificate into System Certificates trust zone. Android 应用程序如果没有打开关于调试加密网络相关的选项（通常只能通过修改程序源代码）的话，它是不会信任用户空间内的证书的。你必须 Root 你的设备，然后将中间人攻击证书安装到系统证书空间。 Learn more about Android’s certificate policy from 网络安全配置 - Android 开发者. 我知道你不怎么会英语，所以你也许可以用中文回复我

所以跟什么抓包软件无关，根源问题在于安卓7.0以后证书的信任如同虚设，不能抓https包咯

7.0 后的需要 Root，不然就是虚拟空间（也就是虚拟机） 网上一堆，这里就不列举了，有些还自带 Root （比如 VMOS）

Root is required after Android 7.0 or your only choice is vm And there's lots of it you can Google it by yourself, and some of them also has native root support.

[xiu920411]

Can Android work? Trust two certificates

Android apps without specific debug purpose security policy would not work with User Certificates. You have to root your device, install the MITM certificate into System Certificates trust zone.

Android 应用程序如果没有打开关于调试加密网络相关的选项（通常只能通过修改程序源代码）的话，它是不会信任用户空间内的证书的。你必须 Root 你的设备，然后将中间人攻击证书安装到系统证书空间。

Learn more about Android’s certificate policy from 网络安全配置 - Android 开发者.

我知道你不怎么会英语，所以你也许可以用中文回复我

所以跟什么抓包软件无关，根源问题在于安卓7.0以后证书的信任如同虚设，不能抓https包咯

7.0 后的需要 Root，不然就是虚拟空间（也就是虚拟机）

网上一堆，这里就不列举了，有些还自带 Root （比如 VMOS）

Root is required after Android 7.0 or your only choice is vm

And there's lots of it you can Google it by yourself, and some of them also has native root support.

谢谢大佬，受教了，我去vmos试试

[Sliccic]

hostname = .mihoyo.com, .hoyoverse.com, *.yuanshen.com

\S\hoyoverse.com/ url 307 /123.123.123.123/ \S.mihoyo.com/ url 307 123.123.123.123/ \S*.yuanshen.com/ url 307 123.123.123/ 123.123.123.123是假设的ip 你好这是我写的圈x的重写，访问确实重定向了，但是却连接不上

[HorizenX1]

hostname = .mihoyo.com, .hoyoverse.com, *.yuanshen.com

\S\hoyoverse.com/ url 307 /123.123.123.123/ \S.mihoyo.com/ url 307 123.123.123.123/ \S*.yuanshen.com/ url 307 123.123.123/ 123.123.123.123是假设的ip 你好这是我写的圈x的重写，访问确实重定向了，但是却连接不上

我写的规则也是能重定向，但是游戏连不上 hostname = ...:4435, api-os-takumi.mihoyo.com, hk4e-api-os-static.mihoyo.com, hk4e-sdk-os.mihoyo.com, dispatchosglobal.yuanshen.com, osusadispatch.yuanshen.com, account.mihoyo.com, log-upload-os.mihoyo.com, dispatchcntest.yuanshen.com, devlog-upload.mihoyo.com, webstatic.mihoyo.com, log-upload.mihoyo.com, hk4e-sdk.mihoyo.com, api-beta-sdk.mihoyo.com, api-beta-sdk-os.mihoyo.com, cnbeta01dispatch.yuanshen.com, dispatchcnglobal.yuanshen.com, cnbeta02dispatch.yuanshen.com, sdk-os-static.mihoyo.com, webstatic-sea.mihoyo.com, webstatic-sea.hoyoverse.com, hk4e-sdk-os-static.hoyoverse.com, sdk-os-static.hoyoverse.com, api-account-os.hoyoverse.com, hk4e-sdk-os.hoyoverse.com, overseauspider.yuanshen.com, gameapi-account.mihoyo.com, minor-api.mihoyo.com, public-data-api.mihoyo.com, uspider.yuanshen.com, sdk-static.mihoyo.com, abtest-api-data-sg.hoyoverse.com, log-upload-os.hoyoverse.com ^https?.(mihoyo|hoyoverse|yuanshen).com(:\d+)? url 307 https://...*:4435

[zzeking]

Hello， Could you show me you configurations of config.json file？ 你好，我能看看你的config.json文件配置吗