toicf/cf-workers-shadowsocks — explained in plain English
Analysis updated 2026-05-18
Test whether old and new Shadowsocks encryption methods work correctly in a single Worker file.
Run an encrypted proxy on Cloudflare's edge network instead of a dedicated server.
Compare method naming between this project, sing-box, NekoBox, and Xray.
| toicf/cf-workers-shadowsocks | asdaw4/forza-horizon-6-download | dabit3/agent-hooks-in-depth | |
|---|---|---|---|
| Stars | 29 | 29 | 29 |
| Language | — | — | Python |
| Setup difficulty | moderate | easy | moderate |
| Complexity | 3/5 | 1/5 | 3/5 |
| Audience | developer | general | developer |
Figures from each repo's GitHub metadata at analysis time.
Requires a Cloudflare Workers account and matching client side proxy settings.
This project is an experimental implementation of the Shadowsocks proxy protocol built to run entirely inside a single Cloudflare Workers script. Shadowsocks is a method for tunneling internet traffic through an encrypted connection so that a third party watching the network cannot easily see what sites you are visiting. This version carries the traffic over WebSocket connections, which lets it run on Cloudflare's edge network instead of needing a dedicated server. The author describes this as research and learning code, built to test whether older Shadowsocks encryption methods, newer authenticated encryption methods, and the newest Shadowsocks 2022 standard can all work correctly together inside a single Cloudflare Worker file. It is not intended as production ready software, and the readme is upfront that it makes no promises about performance or stability under real traffic. The code supports 18 different encryption methods in total, covering the original unauthenticated ciphers, several AEAD authenticated ciphers such as AES-GCM and ChaCha20-Poly1305 variants, and the three methods defined by the newer Shadowsocks 2022 standard which use the BLAKE3 hashing algorithm. Because Shadowsocks encrypts its own data before it ever reaches the WebSocket layer, the project works whether or not the connection also uses TLS, since the encryption is happening at the Shadowsocks layer regardless. Configuration is done by editing a small object in the source file with a password, a pre shared key for the 2022 style methods, and a chosen encryption method name. The readme includes worked examples of how passwords and keys turn into the actual encryption keys the code uses. It also documents how the method names in this project map onto the naming used by other popular proxy tools like NekoBox, sing-box, and Xray, so users switching between tools can match settings correctly. The project is licensed under GPL-3.0 and the current implementation only handles TCP traffic over WebSocket, not the full Shadowsocks UDP protocol.
An experimental Shadowsocks proxy that runs entirely inside a single Cloudflare Workers script, supporting 18 encryption methods.
You can use and modify this freely, but any distributed version, including modified copies, must also be released as open source under the same license.
Setup difficulty is rated moderate, with roughly 30min to a first successful run.
Mainly developer.
This repo across BitVibe Labs
Verify against the repo before relying on details.