SpoofDPI - A simple anti-censorship tool written in Go

SpoofDPI

Read in other Languages: English, 한국어

A simple and fast software designed to bypass Deep Packet Inspection

image

Dependencies

  • Go

Installation

Binary

SpoofDPI will be installed in ~/.spoof-dpi/bin.
To run SpoofDPI in any directory, add the line below to your ~/.bashrc || ~/.zshrc || ...

export PATH=$PATH:~/.spoof-dpi/bin

curl

Install the latest binary with curl

  • OSX
curl -fsSL https://raw.githubusercontent.com/xvzc/SpoofDPI/main/install.sh | bash -s osx
  • Linux
curl -fsSL https://raw.githubusercontent.com/xvzc/SpoofDPI/main/install.sh | bash -s linux

wget

Install the latest binary with wget

  • OSX
wget -O - https://raw.githubusercontent.com/xvzc/SpoofDPI/main/install.sh | bash -s osx
  • Linux
wget -O - https://raw.githubusercontent.com/xvzc/SpoofDPI/main/install.sh | bash -s linux

Go

You can also install SpoofDPI with go install
$ go install github.com/xvzc/SpoofDPI/cmd/spoof-dpi

Remember that $GOPATH should be set in your $PATH

Git

You can also build your own
$ git clone https://github.com/xvzc/SpoofDPI.git
$ cd SpoofDPI
$ go build ./cmd/...

Usage

Usage: spoof-dpi [options...]
--dns=<addr>   | default: 8.8.8.8
--port=<port>  | default: 8080
--debug=<bool> | default: false

If you are using any vpn extensions such as Hotspot Shield in Chrome browser,
go to Settings > Extensions, and disable them.

OSX

Run $ spoof-dpi and it will automatically set your proxy

Linux

Run $ spoof-dpi and open your favorite browser with proxy option
google-chrome --proxy-server="http://127.0.0.1:8080"

How it works

HTTP

Since most of websites in the world now support HTTPS, SpoofDPI doesn't bypass Deep Packet Inspections for HTTP requets, However It still serves proxy connection for all HTTP requests.

HTTPS

Although TLS 1.3 encrypts every handshake process, the domain names are still shown as plaintext in the Client hello packet. In other words, when someone else looks on the packet, they can easily guess where the packet is headed to. The domain name can offer a significant information while DPI is being processed, and we can actually see that the connection is blocked right after sending Client hello packet. I had tried some ways to bypass this, and found out that it seemed like only the first chunk gets inspected when we send the Client hello packet splited in chunks. What SpoofDPI does to bypass this is to send the first 1 byte of a request to the server, and then send the rest.

SpoofDPI doesn't decrypt your HTTPS requests, and that's why we don't need the SSL certificates.

Inspirations

Green Tunnel by @SadeghHayeri
GoodbyeDPI by @ValdikSS

Owner
Kwanghoo Park
Hi
Kwanghoo Park
https://github.com/xvzc/SpoofDPI
Comments
  • FATA[2022-06-04T22:27:16+03:00] Error accepting connection: accept tcp 127.0.0.1:8080: accept4: too many open files

    FATA[2022-06-04T22:27:16+03:00] Error accepting connection: accept tcp 127.0.0.1:8080: accept4: too many open files

    I've downloaded and launched spoof-dpi. Then, in my Firefox settings I've set in Network Settings => Automatic proxy configuration URL = http://127.0.0.1:8080/. After that I get this error message:

    INFO[2022-06-04T22:28:42+03:00] Created a listener on : 8080
FATA[2022-06-04T22:28:51+03:00] Error accepting connection: accept tcp 127.0.0.1:8080: accept4: too many open files

    I'm on Arch Linux x86_64. Am I doing it correctly?

  • Release v0.5 error while access to listen port

    Release v0.5 error while access to listen port

    Just overwrite v0.5 over worked v0.4 on same test machine. While trying to access to listen port, I have an error in console output:

    `panic: runtime error: index out of range [1] with length 1

    goroutine 6 [running]: github.com/xvzc/SpoofDPI/packet.parse({0xc000014130, 0xc000200000, 0x8e1da0}) /SpoofDPI/packet/http.go:140 +0x210 github.com/xvzc/SpoofDPI/packet.NewHttpPacket({0xc000014130, 0x3, 0x8}) /SpoofDPI/packet/http.go:57 +0x5a github.com/xvzc/SpoofDPI/proxy.(*Proxy).Start.func1() /SpoofDPI/proxy/proxy.go:50 +0x4e created by github.com/xvzc/SpoofDPI/proxy.(*Proxy).Start /SpoofDPI/proxy/proxy.go:43 +0x2bb`

    Host machine is a LXC container with Ubuntu 20.04. Version v0.4 is working fine.

  • exit status 4

    exit status 4

    macOS 12.2.1

    ➜ ~ spoof-dpi -debug ███████ ██████ ██████ ██████ ███████ ██████ ██████ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ███████ ██████ ██ ██ ██ ██ █████ ██ ██ ██████ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ███████ ██ ██████ ██████ ██ ██████ ██ ██

    • PORT : 8080 • DNS : 8.8.8.8 • DEBUG : true

    FATA[2022-03-14T05:22:41+03:00] exit status 4

  • Try to load a website that doesn't exist → spoof-dpi crashes

    Try to load a website that doesn't exist → spoof-dpi crashes

    Spoof-dpi crashes when try to load a website that doesn't exist (or website maybe goes offline).

    CONNECT www.matchacha.ro:443 HTTP/1.1
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:100.0) Gecko/20100101 Firefox/100.0
Proxy-Connection: keep-alive
Connection: keep-alive
Host: www.matchacha.ro:443
 
panic: runtime error: index out of range [0] with length 0

goroutine 55 [running]:
github.com/xvzc/SpoofDPI/doh.Lookup({0xc0000946f8, 0x5})
	/SpoofDPI/doh/dns.go:22 +0x6e
github.com/xvzc/SpoofDPI/net.(*Conn).HandleHttps(0xc00023ecb0, {{0xc000294820, 0xcf, 0xd0}, {0xc0000946f0, 0x7}, {0xc0000946f8, 0x10}, {0xc000094708, 0x4}, ...})
	/SpoofDPI/net/conn.go:125 +0xaf
github.com/xvzc/SpoofDPI/proxy.(*Proxy).Start.func1()
	/SpoofDPI/proxy/proxy.go:59 +0x167
created by github.com/xvzc/SpoofDPI/proxy.(*Proxy).Start
	/SpoofDPI/proxy/proxy.go:43 +0x2bb
  • SpofDPI won't work: dial tcp 8.8.8.8:443: connect: no route to host

    SpofDPI won't work: dial tcp 8.8.8.8:443: connect: no route to host

    Hi,

    SpoofDPI won't work for me (and never worked). Any connection attempt to any site always gives the same errors:

    ERRO[2022-08-07T15:09:15+03:00] [HTTPS DOH] Error looking up for domain: www.google.com Post "https://8.8.8.8/dns-query": dial tcp 8.8.8.8:443: connect: no route to host ERRO[2022-08-07T15:09:18+03:00] [HTTPS DOH] Error looking up for domain: www.google.com Post "https://8.8.8.8/dns-query": dial tcp 8.8.8.8:443: connect: no route to host ...

    Please advice!

    Thanks!

  • Support for more platforms and architectures ?

    Support for more platforms and architectures ?

    Hi.

    The number of binaries in releases is very small. Is it possible to increase the number of supported platforms? "Linux" version did not start for me

    spoof-dpi --help -bash: /bin/spoof-dpi: cannot execute binary file

    Is it an x64 binary? I am using (old) x86 linux i386/i586.

    We also need binaries for armv7 (android), arm64-v8a (android), windows (x64/x86)

  • Could you make a docker image?

    Could you make a docker image?

    Hello I'm looking for a DPI bypass tool. GreenTunnel, etc. are not working in Korea, and I was wondering if this tool works, but I couldn't run it properly because I didn't have enough basic knowledge about Linux.

    root@TEST:/# spoof-dpi
-ash: /root/.spoof-dpi/bin/spoof-dpi: No such file or directory

    So, do you have any thoughts of creating a Docker image?

    It will be much easier to execute.

  • Doesn't run in openwrt arm64

    Doesn't run in openwrt arm64

    got this error running on openwrt arm64 :

    /usr/bin/spoof-dpi: line 1: ELF: not found
/usr/bin/spoof-dpi: line 5: syntax error: unexpected word (expecting ")")

    perhaps it related to the colored banner like in screenshoot ?

  • Connection times out

    Connection times out

    I've tried loading a blocked website and here's what I've got

    DEBU[2022-06-06T21:25:33+03:00] [PROXY] Request from 127.0.0.1:57186

CONNECT meduza.io:443 HTTP/1.1
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:101.0) Gecko/20100101 Firefox/101.0
Proxy-Connection: keep-alive
Connection: keep-alive
Host: meduza.io:443

DEBU[2022-06-06T21:25:33+03:00] [HTTPS] Start
DEBU[2022-06-06T21:25:33+03:00] [PROXY] Request from 127.0.0.1:57192

CONNECT meduza.io:443 HTTP/1.1
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:101.0) Gecko/20100101 Firefox/101.0
Proxy-Connection: keep-alive
Connection: keep-alive
Host: meduza.io:443

DEBU[2022-06-06T21:25:33+03:00] [HTTPS] Start
DEBU[2022-06-06T21:25:34+03:00] [DOH] Found 151.115.46.187 with meduza.io
DEBU[2022-06-06T21:25:34+03:00] [DOH] Found 151.115.46.187 with meduza.io
DEBU[2022-06-06T21:25:34+03:00] [HTTPS] New connection to the server meduza.io 192.168.1.127:56512
DEBU[2022-06-06T21:25:34+03:00] [HTTPS] Sent 200 Connection Estabalished to the client
DEBU[2022-06-06T21:25:34+03:00] [HTTPS] New connection to the server meduza.io 192.168.1.127:56510
DEBU[2022-06-06T21:25:34+03:00] [HTTPS] Sent 200 Connection Estabalished to the client
DEBU[2022-06-06T21:25:34+03:00] [HTTPS] Client sent hello 517bytes
DEBU[2022-06-06T21:25:34+03:00] [HTTPS] Client sent hello 517bytes
DEBU[2022-06-06T21:25:34+03:00] [HTTPS] Error reading from 127.0.0.1:57192 timed out
DEBU[2022-06-06T21:25:34+03:00] [HTTPS] Closing server Connection.. meduza.io 192.168.1.127:56510
DEBU[2022-06-06T21:25:34+03:00] [HTTPS] Error reading from 127.0.0.1:57186 timed out
DEBU[2022-06-06T21:25:34+03:00] [HTTPS] Closing server Connection.. meduza.io 192.168.1.127:56512
DEBU[2022-06-06T21:25:34+03:00] [HTTPS] Error reading from 127.0.0.1:57192 timed out
DEBU[2022-06-06T21:25:34+03:00] [HTTPS] Closing client Connection.. 127.0.0.1:57192
DEBU[2022-06-06T21:25:34+03:00] [HTTPS] Error reading from 127.0.0.1:57186 timed out
DEBU[2022-06-06T21:25:34+03:00] [HTTPS] Closing client Connection.. 127.0.0.1:57186

    It looks like it's timing out, but I don't know why.

    Originally posted by @da-the-dev in https://github.com/xvzc/SpoofDPI/issues/25#issuecomment-1147752441

Related tags
Network golang proxy-server dpi censorship-circumvention deep-packet-inspection dpi-filtering anti-censorship dpi-bypassing censorship-free
Simple wget - Simple wget written as test for Scorum

simple_wget simple wget written as test for Scorum Task: Implement in Go (http:/

Jan 24, 2022
GO Simple Tunnel - a simple tunnel written in golang
 GO Simple Tunnel - a simple tunnel written in golang

GO Simple Tunnel GO语言实现的安全隧道 English README !!!V3版本已经可用,欢迎抢先体验!!! 特性 多端口监听 可设置转发代理,支持多级转发(代理链) 支持标准HTTP/HTTPS/HTTP2/SOCKS4(A)/SOCKS5代理协议 Web代理支持探测防御 支

Jan 2, 2023
Server-tool - A simple tool to run and create Minecraft servers

Server Tool A simple tool to run and maintain different Minecraft servers. This

Dec 15, 2022
Hetzner-dns-updater - A simple tool to update a DNS record via Hetzner DNS API. Used for simple HA together with Nomad

hetzner-dns-updater A small utility tool to update a single record via Hetzner D

Feb 12, 2022
Jazigo is a tool written in Go for retrieving configuration for multiple devices, similar to rancid, fetchconfig, oxidized, Sweet.

Table of Contents About Jazigo Supported Platforms Features Requirements Quick Start - Short version Quick Start - Detailed version Global Settings Im

Jan 5, 2023
A TCP throughput measuring tool written in Go language
 A TCP throughput measuring tool written in Go language

tcpmeter - a tool for measuring TCP upload and download speeds and RTT latency. Build go build Run start the server on the remote machine: tcpmeter -s

Apr 17, 2022
Minecraft noise searching tool written in go

Commotion A minecraft world generation imitation library written in golang. TODO

Aug 7, 2022
A simple TUN/TAP library written in native Go.

water water is a native Go library for TUN/TAP interfaces. water is designed to be simple and efficient. It wraps almost only syscalls and uses only G

Jan 7, 2023
A simple low bandwidth simulator written in go

NETSNAIL 0.8 ABOUT Netsnail is a simple network proxy that simulates low bandwidth. RUNNING Usage of netsnail: -d=0: the delay on data transfe

May 19, 2021
A simple port scanner written in go

Scan27 A simple port scanner written in go Features: V1 it Scans the given Ip or Host name for open ports Usage ./scan27 Enter IP address or Host name

Jul 23, 2022
sonarbyte is a simple and fast subdomain scanner written in go to extract subdomain from Rapid7's DNS Database using omnisint's api.
 sonarbyte is a simple and fast subdomain scanner written in go to extract subdomain from Rapid7's DNS Database using omnisint's api.

sonarbyte Description Sonarbyte is a simple and fast subdomain scanner written in go to extract subdomains from Rapid7's DNS Database using omnisint's

Jul 27, 2022
Simple script fro DNS upload testing. Written in Go.

BENCH DNS Simple script fro DNS upload testing. Written in Go. Features Using local domain list file with -file argument Download from URL and then us

Dec 6, 2021
A simple proxy server written in GO

proxy-server A simple HTTP proxy server with support to domain filter. TODO Supp

Jan 6, 2022
Httpserver - A very simple http server written in Go

httpserver A very simple http server written in Go How to run You will first nee

Jan 21, 2022
This tool will listen on a given port, strip SSL encryption, forward traffic through a plain TCP proxy, then encrypt the returning traffic again and send it to the target of your choice. Unlike most SSL stripping solutions this tool will negotiate ALPN and preserve the negotiated protocol all the way to the target.

ALPN Pass This tool will listen on a given port, strip SSL encryption, forward traffic through a plain TCP proxy, then encrypt the returning traffic a

Dec 31, 2022
This is a tool that allows you to check minecraft names availability, this tool can do around 3000~ names a minute or more!

Checker This is a tool that allows you to check minecraft names availability, this tool can do around 3000~ names a minute or more! Tutorial To instal

Feb 13, 2022
Traefik config validator: a CLI tool to (syntactically) validate your Traefik configuration filesTraefik config validator: a CLI tool to (syntactically) validate your Traefik configuration files
 Traefik config validator: a CLI tool to (syntactically) validate your Traefik configuration filesTraefik config validator: a CLI tool to (syntactically) validate your Traefik configuration files

Traefik Config Validator Note This is currently pre-release software. traefik-config-validator is a CLI tool to (syntactically) validate your Traefik

Dec 16, 2021
A simple tool for retrieving a request's IP address on the server.

reqip A simple tool for retrieving a request's IP address on the server. Inspired from request-ip Installation Via go get go get github.com/mo7zayed/r

Oct 26, 2022
Simple tool to handle hosts file black lists that can remove comments, remove duplicates, compress to 9 domains per line, add IPv6 entries, as well as can convert black lists to multiple other black list formats compatible with other software.

Hosts-BL Simple tool to handle hosts file black lists that can remove comments, remove duplicates, compress to 9 domains per line, add IPv6 entries, a

Sep 23, 2022