Surge 5 5.18.0 - App Store

---

About Surge 5

Surge is a web development and proxy utility. It is designed for developers and therefore requires professional knowledge to use. These four capabilities form the core workflow of Surge: . Takeover: You can take over the...

Surge is a web development and proxy utility. It is designed for developers and therefore requires professional knowledge to use. These four capabilities form the core workflow of Surge: . Takeover: You can take over the network connection sent by the device. Surge supports both proxy service and virtual NIC takeover. . Processing: You can modify the network requests and responses that have been taken over. This includes URL redirection, local file mapping, custom modification using JavaScript, and many other methods. . Forwarding: You can forward the taken over network requests to other proxy servers. This can be global forwarding or with a flexible rule system to determine an outbound policy. . Intercept: You can intercept and save specific data of network requests and responses, and you can also decrypt HTTPS traffic with MITM. Highlighted Features . Takeover all HTTP/HTTPS/TCP traffic from any applications on your device, and redirect to an HTTP/HTTPS/SOCKS5/SOCKS5-TLS/SSH proxy server following highly configurable rules. . Used as a WireGuard Client to convert the L3 VPN as a proxy. . Record and display HTTP requests and responses sent from your iOS devices, including body and header. . Configure rules using domain match, domain suffix, domain keyword, CIDR IP range, and GeoIP lookup. . Measure traffic usage and network speed on WiFi, cellular, and proxy connections. . High performance and suitable for intensive use. . Block ads by domain rules. . Local DNS Map (equivalent to /etc/hosts). You can use this function to switch the production/development environment for your app without changing any code. . All features work on the cellular network. . Decrypt HTTPS traffic with Man-in-the-Middle. . Perform URL rewrite. . Fully IPv6 supports. . Header rewrite. . Raw L3 packets capture. . Safari extension to add rules. . JSON, text, image and video viewer for the captured body. . Album mode for the request list. . Pre-filter for capturing. . HTTPS proxy protocol supports client-side SSL/TLS certificate validation. . Scripting: Use JavaScript to extend the ability of Surge as your wish. . Sync profiles cross devices with iCloud Drive or Dropbox. . DNS-over-HTTPS, DNS-over-HTTP3, DNS-over-QUIC, TLS 1.3 and more advanced features. You may read the online manual for more information: http://manual.nssurge.com/ Terms and Conditions: https://nssurge.com/legal/terms Privacy Policy: https://nssurge.com/legal/privacy

Version History (Because the interval since the last subscription feature update was too long, all users whose subscription feature expiration date is after December 11, 2025 have been granted a free 3-month extension.) New subscription feature: Logbook, used to persistently record various events that occur, - Currently includes events such as engine start and stop, network switching, script start and stop, script timeout, etc. - The logbook is specially optimized for script debugging, making it easy to view a script’s input, output, and logs. At the same time, scripts can proactively write content to the logbook using $surge.logbook("content") - Surge Dashboard on Surge Mac can read the logbook content of remote Surge instances, and all script execution details can be accessed remotely Other improvements - Added support for the X25519MLKEM768 post-quantum hybrid key exchange group for all TLS-related features (such as proxy protocols, MITM, DoH/DoT/DoH3) - Improved the $persistentStore management page, adding operations such as search, import/export, and delete all - Refactored memory management for the QUIC protocol to resolve an issue where, under certain circumstances, QUIC-based protocols could experience sudden excessive memory usage that caused Surge to be terminated by the system - Fixed a memory leak when using Trust Tunnel - Fixed a crash that could occur with extremely low probability - Fixed an issue where API requests could get stuck when HTTP API TLS is enabled - Fixed some UI detail issues 5.18.0 May 6 Added - Experimental support for the Trust Tunnel protocol - Added an Intent for profile switching; you can now switch the current Surge profile directly in Shortcuts - Added a Debug message toggle on the Ponte page; when enabled, detailed connection status messages will be shown during the Ponte connection process - Support for directly referencing hosted profiles without first adding the hosted profile as a local profile (i.e., the Linked Profile feature on macOS) - Enterprise/Team license can now be used on the tvOS version Improved - All parameters for the throughput test are now customizable - Added a workaround to address an issue on newer iOS versions where, after long scripts run for a while, setTimeout is throttled by the system’s resource saving and can fire at most once every 2 seconds - Policy groups no longer validate the validity of sub-policy names. If a referenced sub-policy does not exist, the non-existent options will be automatically hidden at runtime. The include-other-group parameter has been adjusted similarly. Note: using a non-existent policy in [Rule] will still trigger a hard profile error prompt. Fixed - Fixed a compatibility issue between AnyTLS and some servers (when reuse is enabled, if a previous request fails, subsequent requests could hang) - Fixed a rare crash when using QUIC-type protocols or h3 DNS - Fixed an issue where only the small card view could display the “Update External Resources” menu item 5.17.1 Mar 14 - Optimize various UI details and presentation on iOS 26. - New subscription feature: compatible with the AnyTLS (v2) proxy protocol. - Supports Hysteria 2 Salamander obfuscation mode. - Optimize QUIC SNI extraction to support extracting SNI from incomplete initial packets - On the policy group page, long-press a policy group with a profile that has a policy-path to update the policy group directly. - The QUIC block behavior for all proxy protocols has now been adjusted to be blocked by default. 5.17.0 Jan 14 Bug fixes and other improvements 5.16.3 12/10/2025 Bug fixes 5.16.2 10/24/2025 - Added bandwidth testing feature - Bug fixes 5.16.1 10/01/2025 - Adapted to the latest iOS version interface style. - Added external IP and NAT type detection features. 5.16.0 09/16/2025 Bug fixes and minor enhancements 5.15.2 08/13/2025 Bug fixes 5.15.1 07/16/2025 Built with the Surge v6 core, synchronizing new features from Surge Mac 6.0, including: - Significant performance improvements to the Surge VIF Engine (free update) - Improvements to Surge Smart Group (free update for unlocked users) - Surge Ponte 2.0 - Multiple Channels (requires use with Surge Mac 6.0) - Snell v5 (feature subscription required) For full details, please refer to the Surge Mac 6 release notes: https://kb.nssurge.com/surge-knowledge-base/release-notes/surge-mac-6-release-note 5.15.0 07/11/2025 - Added [General] parameter `block-quic`, which is used to globally override the behavior of blocking QUIC traffic. - Optimized the text and JSON viewer in the request inspector, now supporting large files and code highlighting. - Rewrote HTTP script-related implementation; it now performs better and uses less memory when handling large bodies. - Supports SNI extraction for gQUIC. - Refactored traffic statistics functionality; now, even if you haven't entered the main program for a long time, you won't have to wait a long time when accessing the traffic statistics page. - Added export feature to traffic statistics. - Other detail optimizations and bug fixes. 5.14.6 05/11/2025 - Support DNS over TLS. - Bug fixes and performance improvements. 5.14.5 03/26/2025 - When enabling the HTTP capture switch, all active connections will now be forcibly interrupted to ensure that no requests are missed due to existing long connections. - Optimized compatibility with some QUIC clients, such as Lark. - Fixed an issue where download data bytes in statistics was incorrect after modifying the request HTTP using scripts or other mechanisms. - Adjusted the priority of processing logic when forwarding QUIC. Now, for a proxy policy that does not support UDP forwarding, it will prioritize considering QUIC Block before falling back to DIRECT or REJECT. - Bug fixes and other improvements. 5.14.4 02/20/2025 New Feature: Port Forwarding - This feature is commonly used in development and debugging scenarios such as connecting to servers like MariaDB using SSH. #!REQUIREMENT upgrade - Now provides three simple notations: #!IOS-ONLY, #!MACOS-ONLY, and #!TVOS-ONLY. - Content disabled by this end-of-line comment can now be displayed and edited in the UI. It will appear as disabled when conditions are not met, and if enabled, restrictions will be automatically removed. [Host] Optimization - [Host] section supports configuration using DOMAIN-SET and RULE-SET to improve matching efficiency. Use case: Other Improvements - Added option icmp-forwarding, enabled by default. - Optimize using Smart policy groups as the underlying proxy. Now, in this usage scenario, the characteristics of Smart policy groups can be fully utilized. - Bug fixes and other improvements. 5.14.3 01/20/2025 - Bug fixes and improvements. 5.14.2 12/09/2024 Bug fixes 5.14.1 11/07/2024 New Features - Added pre-matching rules for low-overhead request rejection. Please refer to the documentation for details. https://manual.nssurge.com/policy/reject.html - Body Rewrite supports using JQ expressions to manipulate JSON. - The shadowsocks protocol adds support for the `2022-blake3-aes-256-gcm` and `2022-blake3-aes-128-gcm` encryption modes - Adapted icon mode for iOS 18. - New Control Center control for HTTP capture. - DNS now supports system search domain settings - Added parameter proxy-restricted-to-lan to restrict the proxy to only accept devices from the same subnet - When updating external resources, ETag will be recorded and sent; re-download will not be triggered if the resource has not changed Improvements - Overall optimization and improvement of UDP forwarding. - The policy group list view supports configuring custom icons. - Resolved issues with real-time display on iOS 18 - Optimized the display effect of policy group icons - Improved HTTP engine compatibility with non-standard requests - More explicit error prompts when Surge is activated without a network connection - Enhanced error handling logic for encrypted DNS, retrying immediately upon encountering errors - Added warning messages for excessive [Host] entries - The URL-REGEX rule now supports `extended-matching` tags. - Allow the use of Ponte policy as an underlying proxy. Bug Fixes - Fixed an issue where Control Center/home screen widgets would still show as active even when Surge was turned off - Fixed a memory leak issue in encrypted DNS under certain errors - Corrected subscription cycle constraint errors for new icons - Other bug fixes 5.14.0 11/01/2024 - Control Center Widget: On iOS 18, you can now quickly toggle Surge in the Control Center. - New Icon: Sapphire. - Added Ponte diagnostic function for quickly locating Ponte-related issues, accessible from the Ponte device page. - Port Hopping: Hysteria2 and TUIC protocol now support port hopping to improve ISP's QoS issues with UDP. See the server documentation for details. - Added `[General]` parameter `show-error-page`, which is used to control whether Surge's HTTP error page is displayed when an error occurs. This parameter is enabled by default, and the behavior is consistent with previous versions. - Bug fixes. 5.13.0 09/18/2024 - New subscription feature: Custom policy group icons. - Refactor the Surge tvOS profile deployment process using CloudKit, significantly improving stability. Please note that both Surge iOS and tvOS need to be upgraded to the latest version before you can use the profile deployment feature, and the tvOS version needs to be launched once for registration. - When using the add rule function in the request list, you can choose to add it to an existing rule set. (Supports local rule files and inline rule sets). - Optimized behavior when enabling IPv6 VIF under No Default Route mode. - Other optimizations and bug fixes. 5.12.0 08/07/2024 - Support turning off Surge via widgets/Shortcuts when the always-on switch is turned on. - Support turning on Surge via widgets/Shortcuts when the Surge VPN Profile is not selected (or when other VPNs are running). - Fix an issue where DOMAIN-SUFFIX rules may become invalid if duplicate DOMAIN and DOMAIN-SUFFIX rules are included in the rule set. - Optimizations related to No Default Route mode, significantly improving usability. - Other bug fixes. 5.11.3 06/14/2024 - Now you can see the number of times a rule has been used in the rule list. - Optimized the implementation method of blocking QUIC traffic to increase the likelihood of clients correctly falling back. - The Smart group will use the SUBSTITUTE policy (DIRECT) instead of failing directly when there are no sub-policies. - Fixed an issue where the `server-cert-fingerprint-sha256` parameter was not effective for TLS-like protocols with sni=off settings. - Added a new rule type `HOSTNAME-TYPE`, used to determine the type of request hostname. Optional values are: `IPv4`, `IPv6`, `DOMAIN`, `SIMPLE`. (`SIMPLE` refers to hostnames without a dot, such as `localhost`) - Optimized DNS request logs. Now more information is displayed. Additionally, if DIRECT policy connects directly without triggering DNS in the rule system, related DNS logs can still be shown. - When deleting a policy that is being used by a policy group, it is now allowed to delete it directly and automatically remove it from all policy groups. - Bug fixes and other Improvements. 5.11.2 05/28/2024 - Optimize the matching performance of small rule sets, especially evident on older model CPUs. - The external resource update page can display error information generated by rule set processing. - Automatically ignore invalid empty lines in the rule set. - Corrected the issue where applying temporary rules and then experiencing a policy change does not disrupt existing connections. - Corrected the issue when using Ponte policy within Smart group, if the target device is itself, it failed to automatically switch to DIRECT policy. - Corrected the problem of incorrect time displayed in request logs for Ponte device requests. - Corrected crashes that may occur when external policy groups change. - Fixed an issue where configuration upgrade functionality did not correctly take effect for managed configurations and enterprise configurations. - During Smart group initialization phase, no longer displays most frequently used tags to avoid misunderstanding. - Fixed an issue where local script files could not be automatically reloaded after being edited. - Optimized indexing process for large rule sets. - Limited maximum number of files for iCloud background auto auto-sync to 200 to avoid memory usage issues. - Fixed potential UI display issues when adjusting policies through remote controller。 5.11.1 04/29/2024 Smart Group This is a new type of policy group, driven by our carefully designed algorithm engine, which can automatically select the appropriate policy from the sub-policies of this policy group. The goal of the Smart policy group is to replace the original automatic testing groups (url/load-balance/fallback), greatly optimizing the experience while minimizing the need for manual intervention in policy groups. Users only need to put the available policies into this group. For details, see: https://kb.nssurge.com/surge-knowledge-base/guidelines/smart-group Rule System - Overall performance optimization of the rule system. - Significant optimization of the indexing algorithm in large domain rule sets, improving the search efficiency by more than ten times for rule sets with more than 100,000 rules. - Corrected the issue where sub-rules of logical rules within a rule set could not be covered by the `no-resolve` and `extended-matching` parameters of the rule set. - Added a new rule type `DOMAIN-WILDCARD`, supporting `?` and `*` domain name matching. - `DOMAIN-SET` and `RULE-SET` are changed to strict validation. If there are invalid lines in the file, the entire rule set will be invalidated to avoid problems caused by misuse. IPv6 - The behavior of the `ipv6-vif` parameter has been modified. When set to always, IPv6 functionality will be enabled even if `ipv6=true` is not set. - Added a warning for the `ipv6-vif=always` parameter. - Adjusted the automatic retry mechanism. Accessing IPv6 addresses in a non-IPv6 network will no longer enter the retry process, and the request will fail immediately (solving the problem of some applications stalling when IPv6 VIF is enabled in a non-IPv6 environment, but the application will still continue to send IPv6 requests). Other Optimizations - Enhanced `$notification.post`, adding support for media resources, sound hints, and automatic dismissal. - Optimized WireGuard failure handling. - Reduced the power consumption of the TUIC protocol during sleep. - Improved the precision of time statistics in the request log system, now accurate to µs level. - Optimized various abnormal retry mechanisms, avoiding high resource usage caused by continuous retry in the face of some specific problems. For operations that need to be retried continuously (such as WireGuard reconnection, Ponte server reporting to iCloud), Surge will now retry after 0.1s, 0.5s, 1s, 5s, 10s, 30s after an error. - Optimized the caching system for external resources. - Added the profile line modifier `#!REQUIREMENT`. - When the current network is found to be managed by Surge Mac Gateway, Surge iOS will now automatically pause. (This can be adjusted via the auto-suspend option, enabled by default.) - Optimized TUN takeover and specific app performance compatibility issues. - Optimized memory usage, infrequently used and large scripts will not be cached in memory anymore. - The network diagnostics page adds SSID/BSSID with copy functionality. - Now, when uploading logs in the log interface, the engine currently running will automatically generate the most recent verbose logs (the new version has cached 256KB of logs in memory), so when reporting problems, you can upload directly without needing to reproduce in verbose mode. - For external resources related to policy groups and script types, the maximum size is now limited to 2MB, to avoid memory overflow in case of configuration errors. Check the knowledge base for complete release note. 5.11.0 04/25/2024 New Features - New subscription feature: Body Rewrite. Surge now can rewrite the body of HTTP request or response, replacing the original content with regular expressions. If you need to make more flexible modifications, try scripting. Improvements - Comprehensive enhancement of the Mock (Map Local) function, adding data types such as text, tiny-gif, base64 to facilitate inline data return. Also added the ability to customize status codes. - Optimized the request list filter, now displaying the filter at the top and allowing quick toggling of filter activation. Long-pressing a filter item displays a menu for deletion or reversing the item to a negative filter. - Added recognition for STUN packets, which can be matched with PROTOCOL,STUN. - Optimized the external resource management page. - Optimized the script editor page. - Optimized the module management page. - Added a long-press shortcut menu to the Utilities tab. - Added a new URL scheme for the iOS version: surge:///install-module?url=… Optimizations - When configuring Shortcuts to execute Surge scripts, the script list of the current configuration can now be directly accessed. - Enhanced compatibility when decompressing HTTP Body. - Optimized the script engine, limiting the number of concurrent JSC engine processes to 2 to avoid memory issues. - The GeoIP database can now be updated by the main application without needing a restart to take effect. - Optimized the request log, now displaying the specific rules matched for URL Rewrite and Header Rewrite. - Adjusted the logic of the DNS engine handling empty results, now not waiting for all servers to respond with empty results when multiple DNS servers are configured, to avoid additional waiting when AAAA records do not exist.. - The module page allows undoing modifications to avoid misoperations that change the order of effectiveness. Fixes - Fixed the issue where warnings generated by module configurations were not displayed. - Fixed a crash in Surge caused by passing some incorrect types of parameters in scripts. - Fixed compatibility issues with non-https WebSockets in proxy mode with the new version of Safari. - Fixed the issue where deleting an entry in the rule search page would delete all duplicate entries. - Fixed some missing highlights in the editor. - Other bug fixes. 5.10.0 03/28/2024 Module - Added several new official modules; official modules can now be dynamically updated. - Modules have a new classification field for convenient access and categorization in the UI. - Modules now accept parameter tables, supporting multiple parameters. Parameters will be used to modify module content through text replacement. Script - New script execution engine. Optimized execution performance and memory usage. - $httpClient has added several practical parameters. For more details on the updates above, see the documentation. Enhancements - Added desktop shortcut jumps for remote controllers; see the configuration guide at the bottom of the device page for details. - New parameter: always-raw-tcp-keywords. For usage, refer to documentation. - Added SRC-PORT rule to match client port numbers. - IN-PORT/SRC-PORT/DEST-POT three rules are categorized as port number rule class, supporting more usages. - The UI can now maintain pure empty lines from original configurations after editing. Fixes - Corrected a detail issue with QUIC flow control and optimized latency performance for Ponte/TUIC/Hysteria2 protocols. - After editing a single rule, the notification-related parameters will be retained.. - Corrected an issue where switching outbound modes via widget was not possible in newer iOS versions. - Fixed potential sudden memory overruns that could occur when when processing huge external resources leading to stops. 5.9.0 03/01/2024

---

Previous Versions

Here you can find the changelog of Surge 5 since it was posted on our website on 2020-04-04 01:53:33. The latest version is 5.18.0 and it was updated on 2026-06-23 04:30:13. See below the changes in each version.

---

Related Apps

Here you can find apps that are similar with Surge 5.

---

Disclaimer