Commit Graph

62 Commits

Author SHA1 Message Date
ValdikSS
9bfce3156e Make mode -9 the default, instead of -5
Auto-ttl gives many false positives in TTL detection, which breaks non-blocked websites.
Use the combination of wrong-seq and wrong-chksum and hope to the best.
Also block QUIC to workaround possible throttling, as right now it is not dissected.
2024-07-31 14:49:15 +03:00
ValdikSS
f7362094d3 New modes: -8 and -9
-8 is -7 with added --wrong-seq, it sends two subsequent fake packets, one with
incorrect sequence, and another one with incorrect checksum.

-9 is -8 with QUIC block.
2024-07-31 14:49:15 +03:00
ValdikSS
f1aece75ae New mode: -7 - As -6 but with wrong chksum 2024-07-31 14:49:15 +03:00
ValdikSS
d031ae65bf New option: -q - block QUIC/HTTP3
Only Initial packet in Long Header Packets are blocked.
The packet should be at least 1200 bytes in size.
2024-07-31 14:49:10 +03:00
ValdikSS
905d3c98a6 Revert "Add Unicorn HTTPS for iOS": doesn't do anything
This reverts commit 95c5ca81b2.
2024-07-26 03:44:16 +03:00
ValdikSS
95c5ca81b2 Add Unicorn HTTPS for iOS 2024-05-31 03:18:56 +03:00
ValdikSS
bbb7e4cea8 Add ByeDPI 2024-05-30 22:41:46 +03:00
ValdikSS
15eb10ac68 Fragment packet by the beginning of SNI value. #357
It has been reported that the DPI systems in Saudi Arabia and
United Arab Emirates are started to search for the beginning of
SNI extension header and its value, without parsing the TLS ClientHello
packet, in any part of TCP session.

Workaround the issue by splitting the packet right after the end
of extension headers and before its value.

https://ntc.party/t/goodbyedpi-in-saudi-arabia/7884
https://ntc.party/t/goodbyedpi-in-uae/7914
2024-05-30 22:16:14 +03:00
ValdikSS
6304328548 Merge branch 'master' of https://github.com/VladWinner/GoodbyeDPI into VladWinner-master 2022-08-06 14:52:02 +03:00
ValdikSS
86867fe678 Add GhosTCP by macronut to the list of alternative projects 2022-08-06 14:46:00 +03:00
Vlad
54f810b6b0
Update README.md 2022-03-14 20:26:29 +03:00
ValdikSS
766a8ab4ed Add forgotten default max-payload value in the README 2022-01-07 01:39:57 +03:00
ValdikSS
b7190f0e1f Add DANGEROUS notices for ttl modes in readme 2022-01-06 23:43:10 +03:00
ValdikSS
857aeb2366 Add SpoofDPI to similar projects 2022-01-04 22:48:22 +03:00
ValdikSS
871670845f Document forgotten --max-payload in -5 and -6 modes (v0.2.0+) 2022-01-04 15:40:21 +03:00
ValdikSS
09089e0364 Update readme 2021-12-30 03:45:50 +03:00
ValdikSS
d7c681d1a2 Add Max Payload Size limit option (--max-payload-size)
This option excludes TCP packets with the data payload larger than
defined value from being copied by WinDivert driver to GoodbyeDPI.

As most of HTTP and TLS ClientHello packets are repatively small,
and file transfers are usually big and are sent/received using
the whole available MTU/MSS, we can just exclude them from
being processed by our userspace program to reduce unnecessary
CPU load.
2021-12-30 03:41:12 +03:00
ValdikSS
ab74ddc425 Update readme 2021-12-29 16:22:43 +03:00
ValdikSS
cc1676ad92 --allow-no-sni option. Useful with --blacklist and undetectable SNI.
This option is added specially for protonmail.com, as it sends
low Window Size in SYN-ACK for requests from Russia, to force
the client to fragment the packet. GoodbyeDPI doesn't do reassembling
and can't extract SNI in this case, thus won't circumvent the
censorship if --blacklist option is used.
2021-12-29 16:18:56 +03:00
ValdikSS
46c4f36de8 Add Fake Packet maximum TTL limit to Auto TTL mode
This patchset adds maximum TTL size of the fake packet to be sent,
to further  improve compatibility with asymmertic routing and
non-standard TTL value set on servers.
2021-12-29 02:05:39 +03:00
ValdikSS
bb8bafb663 Add Auto TTL range adjustment, introduce min-ttl and use it for --set-ttl as well. 2021-12-28 23:48:57 +03:00
ValdikSS
9e98b478df Update readme 2021-12-28 00:31:54 +03:00
ValdikSS
b799b33fed Update readme 2021-12-26 20:24:16 +03:00
ValdikSS
9fcf097cb7 Use Auto TTL = 4 by default
Previous value of 2 caused issues with the services connected via
very different uplink/downlink routing links.
2021-12-25 20:43:56 +03:00
ValdikSS
a5c2f9fac9 Introduce -5 and -6 modes and make -5 default
Modern modesets (more stable, more compatible, faster):
 -5          -f 2 -e 2 --auto-ttl --reverse-frag (this is the default now)
 -6          -f 2 -e 2 --wrong-seq --reverse-frag
2021-12-25 13:56:57 +03:00
ValdikSS
b45b463d51 Update readme 2021-12-25 12:24:25 +03:00
ValdikSS
80fcd9c5cf Replace required/optional brackets in the readme 2021-12-25 12:24:25 +03:00
ValdikSS
787c4d25c3 Update readme 2021-12-24 22:28:59 +03:00
msekmfb
0c04f201eb
Add PowerTunnel for Android to similar projects 2020-03-08 11:11:35 +03:00
ValdikSS
19b777cdb2
Update README.md
Add PowerTunnel (manual merge of #168)
2020-02-09 22:24:43 +03:00
ValdikSS
b69ab64d5d
Update README.md 2020-02-09 19:22:30 +03:00
ValdikSS
f2de8fce8d Fake Request Mode 2019-10-31 22:36:12 +03:00
alisharifi76
7e2f782376
Add 'GreenTunnel' to 'Similar projects' section. 2019-03-29 22:32:05 +04:30
drogga
23485b67b4
Update README.md
add KB3033929 download link for Windows 7 x64
2019-01-31 21:23:41 +09:00
ValdikSS
b95c45ee62
Update README.md 2018-10-14 18:24:36 +03:00
ValdikSS
39507e66e0
Update README.md 2018-07-24 15:54:55 +03:00
ValdikSS
d6c2b825aa
Update README.md 2018-07-20 16:37:19 +03:00
ValdikSS
aad03f2e4a Enable PIE, High Entropy ASLR and add more warnings to Makefile 2018-07-19 21:31:38 +03:00
ValdikSS
c377119136 Update README.md 2018-02-17 15:21:51 +03:00
ValdikSS
dc4d0a36d9 Update README.md 2018-01-21 14:37:05 +03:00
ValdikSS
2e23d93762 New option: --ip-id. Handles additional IP ID numbers of passive DPI. 2018-01-21 14:35:30 +03:00
ValdikSS
bb8fc64f18 Handle ip.id up to 0xF.
Some DPI send several TCP RST or HTTP redirection packets with
increasing IP ID number. Handle them all.
2017-12-24 20:37:49 +03:00
ValdikSS
23babdc8fa Windows Service support.
Program can now be started as a Windows Service. No additional
arguments needed. Refer to `service_install` and `service_remove`
scripts in released zip file.
2017-12-20 17:03:22 +03:00
ValdikSS
582503452f Implement TCP fragmentation for HTTP Persistent (keep-alive) sessions.
New option `-k` splits HTTP request into two segments, and either
send only the first one (Windows would retransmit the other one
based on ACK number in ACK reply) or both (with `-n` enabled).

This fixes behaviour on some DPI which trace persistent sessions
but do not reassemble packages.
2017-12-20 02:10:59 +03:00
ValdikSS
bfed8638e5 Implement blacklist.
Only domains and subdomains from the blacklist file would be processed
with HTTP modifications. Does not affect HTTPS data.
2017-12-17 00:26:11 +03:00
ValdikSS
72516c0b2b Add information about --dns-verb option 2017-12-16 20:24:40 +03:00
ValdikSS
dd4d6bc5c6 Do not print DNS warnings by default and drop duplicate requests.
Windows is known to use all available interfaces for DNS requests,
which is handled as a duplicate (retransmission) in dns redirector.

It's safe to just drop these duplicates.
2017-12-16 14:30:42 +03:00
R4SAS
30bb1a665a make it more usable with MSYS and linux MinGW both (#48)
* make it more usable

* update README
2017-12-13 18:13:54 +04:00
ValdikSS
c6c071e35f Update README.md 2017-12-06 03:21:07 +03:00
ValdikSS
c7905f0b31 Mix HTTP Host header value 2017-12-04 22:06:46 +03:00