mirror of https://github.com/zhom/donutbrowser.git synced 2026-06-24 07:29:56 +02:00

T

liasica 02328e59a2 fix(proxy): make SOCKS5 upstream username/password authentication reliable

Two independent root causes were producing auth failures on the upstream
SOCKS5 dial path:

1. `url::Url::username()` / `Url::password()` return percent-encoded
   strings per the WHATWG URL spec, but the producer side already
   percent-encodes the credentials when assembling the upstream URL —
   so the upstream was receiving `%40` instead of `@` and authentication
   silently failed for any credential containing `@ : / + = % ! space`
   or non-ASCII characters. Centralize the decode in a new
   `upstream_userpass` helper and route all four upstream-dial sites
   through it (HTTP CONNECT → SOCKS5, HTTP CONNECT → HTTP Basic-Auth,
   local SOCKS5 → HTTP Basic-Auth, local SOCKS5 → SOCKS5). The
   Shadowsocks path already decoded manually and is unchanged.

2. async_socks5 0.6 issues a `write_u8` for every single-byte field of
   the SOCKS5 method-selection and RFC1929 sub-negotiation. On a raw
   `TcpStream` each call becomes its own TCP segment, and some upstream
   SOCKS5 implementations treat this fragmented submission as a
   misbehaving client and silently FIN instead of returning a status —
   curl with the same credentials succeeds because it buffers each
   sub-message into a single send(). Wrap the upstream socket in
   `tokio::io::BufStream` (the usage pattern the async_socks5 README
   shows) and enable TCP_NODELAY so flushes leave unsegmented.

Includes unit tests covering percent-decode for ASCII / special-char /
non-ASCII / no-credentials / username-only inputs, plus a trace-level
SOCKS5 handshake byte logger that can be enabled with
RUST_LOG=donutbrowser_lib::proxy_server=trace for future debugging.

2026-06-19 20:03:24 +08:00

.github

ci(deps): bump anomalyco/opencode in the github-actions group (#437 )

2026-06-13 09:43:17 +00:00

.husky

chore: exclude nightly tag

2026-03-16 15:55:29 +04:00

.vscode

refactor: vpn refresh and remove openvpn support

2026-04-27 00:26:22 +04:00

assets

docs: update preview

2026-05-25 02:31:06 +04:00

docs

feat: daemon support, general improvement, and preparation for Windows release

2026-02-01 20:55:09 +04:00

donut-sync

refactor: cleanup

2026-06-08 00:06:44 +04:00

public

init

2025-05-29 10:17:16 +04:00

scripts

feat: password protected profiles

2026-05-10 04:32:59 +04:00

src

feat: amek window resizable

2026-06-17 18:33:09 +04:00

src-tauri

fix(proxy): make SOCKS5 upstream username/password authentication reliable

2026-06-19 20:03:24 +08:00

_typos.toml

refactor: cleanup

2026-05-29 06:31:42 +04:00

.env.example

refactor: cleanup

2026-05-05 22:34:56 +04:00

.envrc

refactor: cleanup

2026-05-05 22:34:56 +04:00

.gitignore

chore: ignore .claude

2026-04-22 08:28:12 +04:00

.node-version

feat: linux support preview

2025-06-05 21:15:05 +04:00

.nvmrc

feat: linux support preview

2025-06-05 21:15:05 +04:00

AGENTS.md

feat: amek window resizable

2026-06-17 18:33:09 +04:00

biome.json

chore: linting

2026-01-03 14:28:16 +04:00

CHANGELOG.md

docs: update CHANGELOG.md and README.md for v0.27.0 [skip ci] (#447 )

2026-06-17 23:33:55 +00:00

CLAUDE.md

docs: agents

2026-03-28 01:41:01 +04:00

CODE_OF_CONDUCT.md

docs: copy

2026-03-02 11:37:18 +04:00

components.json

refactor: animate dialog

2025-12-21 13:23:33 +04:00

CONTRIBUTING.md

feat(i18n): add Vietnamese (vi) locale

2026-05-30 23:13:08 +07:00

CONTRIBUTOR_LICENSE_AGREEMENT.md

docs: add cla

2025-12-02 20:32:00 +04:00

donut-browser-daemon

refactor: auto-update in background

2026-01-18 02:12:11 +04:00

flake.lock

chore: bump flake.lock

2026-06-01 01:41:12 +04:00

flake.nix

chore: update flake.nix for v0.27.0 [skip ci] (#448 )

2026-06-17 23:34:14 +00:00

index.html

init

2025-05-29 10:17:16 +04:00

LICENSE

init

2025-05-29 10:17:16 +04:00

next.config.ts

chore: remove console logs in production

2025-08-16 19:26:18 +04:00

package.json

chore: version bump

2026-06-18 02:10:36 +04:00

pnpm-lock.yaml

feat: add onboarding

2026-06-01 01:05:35 +04:00

pnpm-workspace.yaml

chore: linting

2026-05-23 14:35:55 +04:00

postcss.config.mjs

init

2025-05-29 10:17:16 +04:00

README.md

docs: update CHANGELOG.md and README.md for v0.27.0 [skip ci] (#447 )

2026-06-17 23:33:55 +00:00

SECURITY.md

docs: fix wording

2026-03-24 01:21:17 +04:00

tailwind.config.js

feat: synchronizer

2026-03-15 18:00:04 +04:00

tsconfig.json

refactor: don't bundle node backend

2026-01-08 22:25:10 +04:00

README.md

Donut Browser

Open Source Anti-Detect Browser
donutbrowser.com

Features

Unlimited browser profiles — each fully isolated with its own fingerprint, cookies, extensions, and data
Anti-detect Chromium engine — powered by Wayfern, which is privacy-focused Chromium fork that comes with advanced fingerprint spoofing which naturally hides information in a way that is not detected by Cloudflare, reCaptcha v3, and other browser fingerprinting and anti-bot services.
DNS AdBlocker - block ads, trackers, and other unwanted content with per-profile DNS blocking
Proxy support — HTTP, HTTPS, SOCKS4, SOCKS5 per profile, with dynamic proxy URLs
VPN support — WireGuard configs per profile
Local API & MCP — REST API and Model Context Protocol server for integration with Claude, automation tools, and custom workflows
Profile groups — organize profiles and apply bulk settings
Import profiles — migrate from Chrome, Firefox, Edge, Brave, or other Chromium browsers
Cookie & extension management — import/export cookies, manage extensions per profile
Default browser — set Donut as your default browser and choose which profile opens each link
Cloud sync — sync profiles, proxies, and groups across devices (self-hostable)
E2E encryption — optional end-to-end encrypted sync with a password only you know
Zero telemetry — no tracking or device fingerprinting

Install

macOS

	Apple Silicon	Intel
DMG	Download	Download

Or install via Homebrew:

brew install --cask donut

Windows

Download Windows Installer (x64) · Portable (x64)

Linux

Format	x86_64	ARM64
deb	Download	Download
rpm	Download	Download
AppImage	Download	Download

Or install via package manager:

curl -fsSL https://donutbrowser.com/install.sh | sh

Troubleshooting AppImage

If the AppImage segfaults on launch, install libfuse2 (sudo apt install libfuse2 / yay -S libfuse2 / sudo dnf install fuse-libs), or bypass FUSE entirely:

APPIMAGE_EXTRACT_AND_RUN=1 ./Donut.Browser_x.x.x_amd64.AppImage

If that gives an EGL display error, try adding WEBKIT_DISABLE_DMABUF_RENDERER=1 or GDK_BACKEND=x11 to the command above. If issues persist, the .deb / .rpm packages are a more reliable alternative.

Nix

nix run github:zhom/donutbrowser#release-start

Self-Hosting Sync

Donut Browser supports syncing profiles, proxies, and groups across devices via a self-hosted sync server. See the Self-Hosting Guide for Docker-based setup instructions.