Shadowsocks

Appearance

On this page

⚠️ This is NOT the official shadowsocks website ⚠️

The official shadowsocks site is at shadowsocks.org

Under the condition of MIT License of the original project, this forked site is used ONLY for non-commercial and personal study purposes. The official shadowsocks site is at shadowsocks.org. In addition, the SEO indexing has been turned off on this site in order to protect the exposure of the official shadowsocks.org on the internet

The official shadowsocks site is at shadowsocks.org

SIP002 URI scheme

SIP002 purposed a new URI scheme, following RFC3986:

SS-URI = "ss://" userinfo "@" hostname ":" port [ "/" ] [ "?" plugin ] [ "#" tag ]
userinfo = websafe-base64-encode-utf8(method  ":" password)
           method ":" password

Note that encoding userinfo with Base64URL is recommended but optional for Stream and AEAD (SIP004). But for AEAD-2022 (SIP022), userinfo MUST NOT be encoded with Base64URL. When userinfo is not encoded, method and password MUST be percent encoded.

The last / should be appended if plugin is present, but is optional if only tag is present. Example: ss://YmYtY2ZiOnRlc3Q@192.168.100.1:8888/?plugin=url-encoded-plugin-argument-value&unsupported-arguments=should-be-ignored#Dummy+profile+name. This kind of URIs can be parsed by standard libraries provided by most languages.

For plugin argument, we use the similar format as TOR_PT_SERVER_TRANSPORT_OPTIONS, which have the format like simple-obfs;obfs=http;obfs-host=example.com where colons, semicolons, equal signs and backslashes MUST be escaped with a backslash.

Examples:

With user info encoded with Base64URL:

  • ss://YWVzLTEyOC1nY206dGVzdA@192.168.100.1:8888#Example1
  • ss://cmM0LW1kNTpwYXNzd2Q@192.168.100.1:8888/?plugin=obfs-local%3Bobfs%3Dhttp#Example2

Plain user info:

  • ss://2022-blake3-aes-256-gcm:YctPZ6U7xPPcU%2Bgp3u%2B0tx%2FtRizJN9K8y%2BuKlW2qjlI%3D@192.168.100.1:8888#Example3
  • ss://2022-blake3-aes-256-gcm:YctPZ6U7xPPcU%2Bgp3u%2B0tx%2FtRizJN9K8y%2BuKlW2qjlI%3D@192.168.100.1:8888/?plugin=v2ray-plugin%3Bserver#Example3

FAQ:

Q1: Why parse user info to Base64URL?

A1: To safely encode all the characters in the key string. Note that we never try to "encrypt" your key in the URI.

Q2: Why not parse host name and port number into Base64URL?

A2: As mentioned above, we never try to "encrypt" anything in the URI. Additional parsing of host name and port number is not necessary.

Q3: Why not every client supports SIP002 URI scheme?

A3: Currently, SIP002 is still an optional feature unless the client supports SIP003 plugin.

Q4: Why the tags with space is truncated?

A4: White space is not legal in URI. It should be escaped. For example, ss://...#shadowsocks server 1 (illegal URI) should be escaped into ss://...#shadowsocks%20server%201 (legal URI).

This website is released under the MIT License.

Copyright © 2025 Shadowsocks contributors