GoodbyeDPI—system-wide DPI circumvention utility for Windows
589 views
Skip to first unread message
ValdikSS ValdikSS
Jan 4, 2018, 2:44:52 PM1/4/18
to Network Traffic Obfuscation
GoodbyeDPI is a system-wide zero-configuration DPI circumvention utility. It blocks HTTP redirection and TCP RST packets generated by Passive DPI, and slightly modifies HTTP requests and implement TCP fragmentation (by modifying TCP Window Size) to bypass Active DPI.
This tool is efficient against most DPI systems used in Russia, and some in Iran, Turkey and even China.
It's open-source and written in C.
More information: https://github.com/ValdikSS/GoodbyeDPI
Downloads: https://github.com/ValdikSS/GoodbyeDPI/releases
It's widely used in Russia (10000+ users). Recently, Russian DPI vendors started to patch their systems to block all GoodbyeDPI techniques, I believe that is because Roscomnadzor started a big test of all available DPI solutions to make recommendations for ISPs, and most probably one of the rule getting in the list is to be able to block websites with GoodbyeDPI enabled, so that's a rather known project here.
I'm planning to add TCB teardown/confuse techniques from INTANG project and some more tricks to overcome this.
This tool is efficient against most DPI systems used in Russia, and some in Iran, Turkey and even China.
It's open-source and written in C.
More information: https://github.com/ValdikSS/GoodbyeDPI
Downloads: https://github.com/ValdikSS/GoodbyeDPI/releases
It's widely used in Russia (10000+ users). Recently, Russian DPI vendors started to patch their systems to block all GoodbyeDPI techniques, I believe that is because Roscomnadzor started a big test of all available DPI solutions to make recommendations for ISPs, and most probably one of the rule getting in the list is to be able to block websites with GoodbyeDPI enabled, so that's a rather known project here.
I'm planning to add TCB teardown/confuse techniques from INTANG project and some more tricks to overcome this.
Justin Henck
Jan 5, 2018, 11:30:18 AM1/5/18
to Network Traffic Obfuscation
Thanks for sharing.
ValdikSS ValdikSS
Jan 5, 2018, 2:32:33 PM1/5/18
to Network Traffic Obfuscation
It is possible to set low TCP Window Size (like 1 or 2) in SYN/ACK packet from server, and the client will be forced to send only 1 or 2 bytes of payload in the first packet. This bypasses DPI which cannot reassemble TCP flow.
You can use nfqws from zapret project (https://github.com/bol-van/zapret) or this project (https://github.com/NullHypothesis/brdgrd) or Linux kernel module + iptables module (https://github.com/p5n/ipt_tcpwin)
In case anyone interested, I'm also the author of Russian ISP blocking type checker blockcheck (https://github.com/ValdikSS/blockcheck). It also detects DPI type and performs a set of tests to circumvent it.
You can use nfqws from zapret project (https://github.com/bol-van/zapret) or this project (https://github.com/NullHypothesis/brdgrd) or Linux kernel module + iptables module (https://github.com/p5n/ipt_tcpwin)
In case anyone interested, I'm also the author of Russian ISP blocking type checker blockcheck (https://github.com/ValdikSS/blockcheck). It also detects DPI type and performs a set of tests to circumvent it.
Philipp Winter
Jan 18, 2018, 12:01:10 PM1/18/18
to Network Traffic Obfuscation
On Thu, Jan 04, 2018 at 11:44:52AM -0800, 'ValdikSS ValdikSS' via Network Traffic Obfuscation wrote:
> GoodbyeDPI is a system-wide zero-configuration DPI circumvention
> utility. It blocks HTTP redirection and TCP RST packets generated by
> Passive DPI, and slightly modifies HTTP requests and implement TCP
> fragmentation (by modifying TCP Window Size) to bypass Active DPI.
Folks here may also be interested in vecna's sniffjoke:
> GoodbyeDPI is a system-wide zero-configuration DPI circumvention
> utility. It blocks HTTP redirection and TCP RST packets generated by
> Passive DPI, and slightly modifies HTTP requests and implement TCP
> fragmentation (by modifying TCP Window Size) to bypass Active DPI.
<https://github.com/vecna/sniffjoke>
It's a Linux tool that transparently messes with an application's
underlying TCP connection, to exploit the ambiguity that an on-path IDS
has to deal with when reconstructing TCP state between two machines.
Reply all
Reply to author
Forward
0 new messages