Shadowrocket Complete Guide: How to Use Shadowrocket with Proxies
Shadowrocket is a paid iOS proxy client that routes iPhone and iPad traffic through HTTP, SOCKS5, Shadowsocks, VLESS-compatible, and rule-based proxy profiles. This guide walks through the full Shadowrocket proxy setup: adding a Polish mobile proxy endpoint, testing the exit IP, closing DNS leaks, and deciding when Shadowrocket beats a plain VPN for iPhone proxy use.
Treat Shadowrocket as a routing control layer on your iPhone: add the proxy server, pick the right protocol, send selected apps or domains through it, then confirm the exit IP and DNS before touching real accounts. For account management, app QA, scraping, or Polish geo-testing, pair it with a dedicated 4G/5G mobile proxy β free shared proxies cause bans and session breaks that no amount of Shadowrocket rule-tuning will fix.
Shadowrocket users need exact configuration details and quick validation. This guide should explain how to enter host, port, credentials, and protocol settings, then test the connection on iOS before using it for browser profiles, apps, or traffic checks.
Table of Contents
What is Shadowrocket?
Shadowrocket is an iOS proxy utility, not just another one-button VPN. It lets you add proxy servers, select protocols, build routing rules, inspect traffic behavior, and decide which domains or apps should exit through a proxy.
That control is why the keyword cluster around shadowrocket, shadowrocket setup, shawdow rocket, and how to use shadowrocket is commercially useful: the user usually already has intent. They need a working proxy endpoint, not generic VPN education.
Best for iOS proxy routing
Run iPhone or iPad traffic through HTTP, SOCKS5, Shadowsocks-style, or rule-based proxy profiles.
Best with clean IPs
Shadowrocket is only as good as the proxy behind it. Free shared proxies bring bans, fingerprint leaks, and sessions that break mid-login.
Best for mobile QA
QA teams can reproduce Polish 4G network behavior from a real iPhone without shifting the entire office connection.
When Shadowrocket is the right tool
| Workflow | Use Shadowrocket when | Proxy choice |
|---|---|---|
| Account separation | Each iOS profile or account needs a stable network identity. | Dedicated mobile IP |
| Polish geo-testing | You need app, checkout, ad, or content behavior from Poland. | Warsaw 4G/5G mobile IP |
| Social and marketplace QA | You must avoid office-IP linkage during login tests. | Sticky mobile proxy |
| Scraping or automation checks | You need to test mobile web behavior from iOS. | SOCKS5 or full-device route |
| Simple privacy browsing | You only need casual tunneling. | VPN may be enough |
How to use Shadowrocket with a mobile proxy
Start with the real App Store listing β verify the developer is Shadow Launch Technology Limited before installing. Avoid copied IPA files and modified builds; your proxy credentials and account cookies are too sensitive to run through an untrusted client.
Create a new server entry and paste the host, port, username, and password from your Proxy Poland dashboard. Use HTTP for browser-style traffic, SOCKS5 for broader TCP compatibility across apps, and Xray/VLESS at the system level when your workflow requires the whole iPhone routed through one consistent Polish mobile IP.
Stable-session rule
Rules, DNS, and routing modes
Global routing
Use for full-device IP validation, QA, app testing, or when every request must exit through one Polish mobile IP.
Rule routing
Use for selected domains, app endpoints, analytics hosts, or split workflows where only part of traffic needs proxy routing.
DNS checks
Always test DNS after enabling a profile. A visible Polish IP with non-Polish DNS can still fail fraud or geo consistency checks.
Local bypass
Keep LAN, printer, router, and device-management traffic outside the proxy to avoid breaking local network access.
Testing checklist before real use
Open an IP checker and confirm the visible address, ASN carrier type, country, and city. Then run a DNS leak test from the same device. If the workflow depends on a Polish mobile network, both the IP and the DNS resolver should look like a real Polish mobile user β not a VPS or datacenter.
Then test low-risk traffic first: load a plain browser page, open an app login screen without submitting credentials, and hit the target domain you plan to work with. Only once everything checks out should you log into real accounts or fire any automation.
Common Shadowrocket problems
| Symptom | Likely cause | Fix |
|---|---|---|
| Connected but IP unchanged | Profile is not active or routing mode excludes the target. | Enable global routing for validation. |
| App works, browser fails | Rules route one app path but not Safari or WebView traffic. | Test global mode, then narrow rules. |
| Login challenge appears | IP changed mid-session or proxy reputation is poor. | Use sticky mobile IP and avoid free proxies. |
| Slow asset loading | Overloaded endpoint or bad route to media hosts. | Use a dedicated modem or real Android phone with a real SIM card and local bypass rules. |
| Geo result is wrong | DNS, language, timezone, or WebRTC does not match the IP. | Align device settings and run leak tests. |
Shadowrocket vs alternatives
| Client | Best for | Tradeoff |
|---|---|---|
| Shadowrocket | iOS users who need proxy rules and protocol control. | Paid app; iOS-first workflow. |
| Streisand | VLESS/Xray users on iOS who prefer modern protocol profiles. | Less familiar to casual proxy users. |
| V2RayN | Windows desktop VLESS/Xray setup. | Not an iOS client. |
| OpenVPN Connect | Simple full-device tunnel with .ovpn configs. | Less granular than Shadowrocket rules. |
| Plain VPN app | Casual privacy or one-click location change. | Poor for account separation and proxy testing. |
Official sources
Frequently Asked Questions
How to use Shadowrocket with a proxy?+
Install Shadowrocket from the App Store, tap the plus icon, paste the proxy host, port, username, password, and protocol (HTTP, SOCKS5, or VLESS-compatible), enable the profile, then verify the visible exit IP and DNS resolver before opening any account-bound app.
Is shawdow rocket the same as Shadowrocket?+
Yes. Shawdow rocket is a frequent App Store search misspelling. The actual app is Shadowrocket by Shadow Launch Technology Limited, $2.99 in the US App Store, iOS 13+ and iPadOS only β there is no official Android version.
Does Shadowrocket work with SOCKS5 proxies?+
Yes. Shadowrocket supports SOCKS5 with username and password authentication. SOCKS5 is the right pick when an app needs raw TCP routing beyond HTTP, such as a Telegram client, an SSH connection, or a VLESS-over-SOCKS chain.
Should I use Shadowrocket or a VPN on iPhone?+
Use Shadowrocket when you need per-app or per-domain rules, multiple proxy protocols, or a sticky exit IP. Use a VPN app when you only need full-device tunneling and do not care which app gets which route. The two can also coexist if Shadowrocket runs in proxy mode and the VPN handles only certain rules.
Can Shadowrocket use a mobile proxy?+
Yes. A dedicated 4G/5G mobile proxy is the most reliable pairing for account separation, Polish geo-testing, and app QA. Free shared proxies and Shadowsocks lists tend to break under hCaptcha, Cloudflare Turnstile, and TikTok device challenges that mobile carrier IPs typically pass.
What does the iOS keychain do to Shadowrocket profiles?+
Profile credentials are stored in the iOS keychain and tied to the device biometric. Restoring an iCloud backup to a different Apple ID can wipe the keychain entry, leaving the profile but blanking the password. Re-enter the credentials manually after a restore β there is no automatic recovery path.
How do subscription URL imports work?+
Shadowrocket can pull a base64-encoded list of profiles from a subscription URL and refresh on a schedule (default 24 hours). The URL must serve plain HTTP/HTTPS without a captcha gate. Use this for managed VLESS or Shadowsocks groups; do not use it for credentials you would not paste into a browser.
Can I set cellular-vs-Wi-Fi rules per profile?+
Yes. Under Configuration -> Settings -> Auto Connect, Shadowrocket lets you toggle the proxy on for Wi-Fi only, cellular only, or both. This is useful when a Polish mobile proxy should run only over home Wi-Fi while the device's native Polish SIM handles cellular.
How does Shadowrocket's kill-switch behave?+
There is no separate kill-switch toggle. The on-demand rule with Always-on disconnects traffic when the profile cannot connect, which approximates a kill-switch. Some apps using QUIC/UDP can leak around it; turn off Wi-Fi Assist and disable cellular for the target app to harden the path.
Can I use multiple Shadowrocket profiles per app?+
Yes, via the Configuration tab's rule editor. Add per-domain or per-process rules: route instagram.com through profile A, tiktok.com through profile B, everything else direct. iOS limits one active VPN tunnel at a time, so all rules must run inside the same Shadowrocket profile graph.
Does Shadowrocket conflict with iCloud Private Relay?+
Yes. iCloud Private Relay routes Safari traffic through Apple's two-hop relay, which overrides Shadowrocket for that traffic. Disable Private Relay in Settings -> Apple ID -> iCloud -> Private Relay, or accept that Safari will not honor Shadowrocket rules while Private Relay is active.
Why does hCaptcha keep firing on Shadowrocket on iOS?+
hCaptcha scores Safari and WebView traffic by JA4 fingerprint plus IP reputation. iOS Safari's JA4 is fixed, so the only useful lever is the IP. A datacenter or shared Shadowsocks exit triggers the challenge; a dedicated Polish mobile carrier IP usually passes on the first attempt.
iOS proxy endpoint
Use Shadowrocket with a dedicated Polish mobile IP
Get a clean 4G/5G mobile endpoint for iPhone testing, app QA, account separation, and Polish geo workflows.