Shadowfetch: Cloudflare Workers Anonymous Proxy Large Model API

🚀 Invitation to Experience: China's First AI IDE Intelligent Programming Software Trae Chinese version downloadThe DeepSeek-R1 and Doubao-pro are available for unlimited use!

General Introduction

Shadowfetch is a lightweight open source tool for Cloudflare Workers, maintained by developer tysak on GitHub and released under the AGPL v3 license. It replaces Cloudflare Workers' default fetch functionality with native TCP socket request forwarding, and is designed to provide users with a higher level of privacy protection. In contrast to the built-in fetch, which leaks sensitive information such as user IP, geolocation, etc., Shadowfetch ensures that only the necessary data is passed during a request by removing unnecessary metadata and headers. It is suitable for developers or applications with high privacy requirements, such as proxy services that require anonymized requests.

The reason that using Cloudflare Workers to invert all kinds of big-factory APIs can lead to blocking is that Cloudflare Workers can compromise your privacy, and this solution is mainly used to securely vigorously all kinds of big-model APIs.

Shadowfetch: Cloudflare Workers Anonymous Proxy Large Model API-1

Function List

Privacy Protection Request Forwarding: Remove sensitive headers (such as user IP and geolocation) that Cloudflare adds by default.
Native TCP Socket Support: Bypass the built-in fetch metadata injection by using a direct TCP connection.
Lightweight design: Reduce resource consumption and ensure fast response, suitable for high-frequency request scenarios.
configurableSupport for user-defined target URLs and authentication tokens for flexible adaptation to different needs.
Open Source Collaboration: Based on the AGPL v3 license, community contributions of code and optimization suggestions are welcome.

Using Help

Shadowfetch is a tool that runs in the Cloudflare Workers environment and requires some technical background to install and use. Below is a detailed installation and operation guide to help users quickly deploy and get started.

Installation process

Shadowfetch requires source code via GitHub and deployment in Cloudflare Workers. Here are the steps:

1. Preparing the environment

pre-conditions::
- You have registered for a Cloudflare account and enabled the Workers feature.
- Install Node.js and npm (for the Wrangler tool).
- Install the Wrangler CLI tool for Cloudflare:
```
npm install -g wrangler
```
- Log in to Wrangler:
```
wrangler login
```

2. Get Shadowfetch source code

Clone or download the Shadowfetch repository:

git clone https://github.com/tysak/shadowfetch.git
cd shadowfetch

- If the project does not provide a separate `wrangler.toml` file, you need to create it manually:
``toml
name = "shadowfetch-worker"
type = "javascript"
account_id = "Your Cloudflare Account ID"
workers_dev = true

3. Configuration code

Open the main script file in the project (usually the index.js), modify the configuration as required. For example:

const CONFIG = {
AUTH_TOKEN: "your-auth-token", // Token to use for authentication requests
DEFAULT_DST_URL: "https://example.com", // default destination address
DEBUG_MODE: false, // Debug mode switch
};

Save the file when the configuration is complete.

4. Deployment to Cloudflare Workers

Run the following command in the project directory to deploy:
```
wrangler publish
```
After a successful deployment, Cloudflare returns a Workers URL (such as the https://shadowfetch.your-account.workers.devThe service can be accessed via this URL.

5. Validation of deployment

utilization curl or browser testing services:

curl https://shadowfetch.your-account.workers.dev/image/https://example.com

If a response is returned to the target server that does not contain sensitive headers (such as the cf-ipcountry), indicating a successful deployment.

How to use

The core functionality of Shadowfetch is to intercept requests through Workers and forward them in a privacy-preserving manner. Here are the details of the operation:

Basic request forwarding

trigger method: Shadowfetch is based on the path pattern (e.g. /image/https/...) to intercept the request. For example:
```
curl https://shadowfetch.your-account.workers.dev/image/https://example.com
```
processing flow::
1. Workers receive the request.
2. Shadowfetch removes all sensitive headers (such as the cf-connecting-ip).
3. Direct connection to the target server via TCP socket (https://example.com).
4. Returns the response from the target server.

Configuring Customized Targets

Setting in the code DEFAULT_DST_URL, all unspecified destination requests are forwarded to this address. For example:
```
const CONFIG = { DEFAULT_DST_URL: "https://api.example.com" };
```
Redeployment:
```
wrangler publish
```

Add Certification

If you need to restrict access, you can set the AUTH_TOKEN. Client requests are required to carry the token in the headers:
```
curl -H "Authorization: your-auth-token" https://shadowfetch.your-account.workers.dev/image/https://example.com
```
Requests that do not carry the correct token will be rejected.

Featured Function Operation

Privacy

View Results: Compare the request headers using Shadowfetch and the default fetch:
- Default fetch:
```
cf-ipcountry: CN
cf-connecting-ip: 1.2.3.4
```
- Shadowfetch:
```
(Only essential headers, such as Content-Type, are retained)
```
Operating Methods: No additional configuration is required and it takes effect automatically after deployment.

debug mode

start using DEBUG_MODE View detailed logs:
```
const CONFIG = { DEBUG_MODE: true };
```
After deployment, access the Workers log:
```
wrangler tail
```
The logs show request processing details, making it easy to troubleshoot problems.

Recommendations for use

test environment: Local use is recommended for initial deployment wrangler dev Testing:
```
wrangler dev
```
Update Code: Periodically pulls the latest version from GitHub:
```
git pull origin main
wrangler publish
```
Community Support: Submit feedback on GitHub Issues or contribute to the code if you encounter problems.

usage example

1. HTTP proxy

You just need to append the destination URL to the address of your deployed worker in the following format:

https://你的_Cloudflare_Worker_域名/密码/https://目标网站/其他路径

An example:

https://bequiet.pages.dev/fonts/https://destination.example.com/dns_query

Visiting that link forwards the request to the https://destination.example.com/dns_queryand no longer expose their real IP!

2. WebSocket proxy

To proxy a WebSocket, simply replace the target protocol with one that begins with wss://.
The format remains:

wss://your_Cloudflare_Worker_domain/password/wss://target site/other paths

Example:

wss://bequiet.pages.dev/fonts/wss://destination.example.com/chatroom

One click to transit to wss://destination.example.com/chatroomThe

Frequently Asked Questions

Why is shadowFetch better for privacy?
Because it won't carry Cloudflare's own assortment of cf- This means that your request is a "clean native TCP connection" in the eyes of the target server. This means that your request is a "clean native TCP connection" in the eyes of the target server.
How do I turn on debugging to view logs?
classifier for objects with a handle DEBUG_MODE environment variable is set to true That's it. You'll be able to see detailed request and response debugging information in the worker log.
Can I not use the default AUTH_TOKEN for the password?
You can change it to your favorite string in the environment variable, such as "mySecret", and then the link will have to follow with the same "mySecret" in order to successfully proxy.