Compare commits
22 Commits
| Author | SHA1 | Date |
|---|---|---|
ValdikSS
|
d9bf7c3ccd | |
|
ValdikSS
|
ad18fb9854 | |
mdashlw
|
bc82203364 | |
|
ValdikSS
|
a1fb62ff82 | |
Ikko Eltociear Ashimine
|
46e6c8f2db | |
|
ValdikSS
|
905d3c98a6 | |
|
ValdikSS
|
b08836de50 | |
|
ValdikSS
|
cf1f2a8674 | |
|
ValdikSS
|
16464646a9 | |
|
ValdikSS
|
ba015cf44e | |
|
ValdikSS
|
3837635f2c | |
|
ValdikSS
|
95c5ca81b2 | |
|
ValdikSS
|
bbb7e4cea8 | |
|
ValdikSS
|
15eb10ac68 | |
|
ValdikSS
|
4c846c712d | |
|
ValdikSS
|
4a82fd442d | |
|
ValdikSS
|
b3c9ff8419 | |
|
ValdikSS
|
fc6fd98a62 | |
|
ValdikSS
|
6304328548 | |
|
ValdikSS
|
86867fe678 | |
mohadangKim
|
54349a1c31 | |
Vlad
|
54f810b6b0 |
|
|
@ -5,7 +5,7 @@ body:
|
|||
- type: markdown
|
||||
attributes:
|
||||
value: |
|
||||
**USE THIS FORM ONLY FOR BUGS**
|
||||
### USE THIS FORM ONLY FOR BUGS! The webside does not open? That's likely NOT a bug, do not report it here!
|
||||
GoodbyeDPI does not guarantee to work with your ISP for every blocked website or at all. If GoodbyeDPI can't unblock some or any websites, this is most likely not a software bug, and you should not report it here.
|
||||
|
||||
Please only report software bugs, such as:
|
||||
|
|
@ -18,7 +18,7 @@ body:
|
|||
Please make sure to check other opened and closed issues, it could be your bug has been reported already.
|
||||
For questions, or if in doubt, [use NTC.party forum](https://ntc.party/c/community-software/goodbyedpi).
|
||||
|
||||
**ИСПОЛЬЗУЙТЕ ЭТУ ФОРМУ ТОЛЬКО ДЛЯ БАГОВ**
|
||||
### ИСПОЛЬЗУЙТЕ ЭТУ ФОРМУ ТОЛЬКО ДЛЯ БАГОВ! Веб-сайт не открывается? Это, скорее всего, не баг, не сообщайте сюда!
|
||||
GoodbyeDPI не гарантирует ни 100% работу с вашим провайдером, ни работу с каждым заблокированным сайтом. Если GoodbyeDPI не разблокирует доступ к некоторым или всем веб-сайтам, вероятнее всего, это не программная ошибка, и не стоит о ней сообщать здесь.
|
||||
|
||||
Пожалуйста, сообщайте только об ошибках в программе, таких как:
|
||||
|
|
|
|||
|
|
@ -4,23 +4,24 @@ on:
|
|||
push:
|
||||
paths:
|
||||
- 'src/**'
|
||||
workflow_dispatch:
|
||||
|
||||
env:
|
||||
WINDIVERT_URL: https://www.reqrypt.org/download/WinDivert-2.2.0-A.zip
|
||||
WINDIVERT_NAME: WinDivert-2.2.0-A.zip
|
||||
WINDIVERT_BASENAME: WinDivert-2.2.0-A
|
||||
WINDIVERT_SHA256: 2a7630aac0914746fbc565ac862fa096e3e54233883ac52d17c83107496b7a7f
|
||||
WINDIVERT_URL: https://reqrypt.org/download/WinDivert-2.2.0-D.zip
|
||||
WINDIVERT_NAME: WinDivert-2.2.0-D.zip
|
||||
WINDIVERT_BASENAME: WinDivert-2.2.0-D
|
||||
WINDIVERT_SHA256: 1d461cfdfa7ba88ebcfbb3603b71b703e9f72aba8aeff99a75ce293e6f89d2ba
|
||||
|
||||
jobs:
|
||||
build:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
- uses: actions/checkout@v4
|
||||
|
||||
- name: Declare short commit variable
|
||||
id: vars
|
||||
run: |
|
||||
echo "::set-output name=sha_short::$(git rev-parse --short HEAD)"
|
||||
echo "sha_short=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
|
||||
|
||||
- name: Install MinGW-w64
|
||||
run: >
|
||||
|
|
@ -30,7 +31,7 @@ jobs:
|
|||
|
||||
- name: Download WinDivert from cache
|
||||
id: windivert-cache
|
||||
uses: actions/cache@v2
|
||||
uses: actions/cache@v4
|
||||
with:
|
||||
path: ${{ env. WINDIVERT_NAME }}
|
||||
key: ${{ env. WINDIVERT_SHA256 }}
|
||||
|
|
@ -48,14 +49,14 @@ jobs:
|
|||
run: >
|
||||
cd src && make clean &&
|
||||
make CPREFIX=x86_64-w64-mingw32- BIT64=1 WINDIVERTHEADERS=../${{ env.WINDIVERT_BASENAME }}/include WINDIVERTLIBS=../${{ env.WINDIVERT_BASENAME }}/x64 -j4
|
||||
|
||||
|
||||
- name: Prepare x86_64 directory
|
||||
run: |
|
||||
mkdir goodbyedpi_x86_64_${{ steps.vars.outputs.sha_short }}
|
||||
cp src/goodbyedpi.exe ${{ env.WINDIVERT_BASENAME }}/x64/*.{dll,sys} goodbyedpi_x86_64_${{ steps.vars.outputs.sha_short }}
|
||||
|
||||
- name: Upload output file x86_64
|
||||
uses: actions/upload-artifact@v2
|
||||
uses: actions/upload-artifact@v4
|
||||
with:
|
||||
name: goodbyedpi_x86_64_${{ steps.vars.outputs.sha_short }}
|
||||
path: goodbyedpi_x86_64_${{ steps.vars.outputs.sha_short }}
|
||||
|
|
@ -71,7 +72,7 @@ jobs:
|
|||
cp src/goodbyedpi.exe ${{ env.WINDIVERT_BASENAME }}/x86/*.{dll,sys} goodbyedpi_x86_${{ steps.vars.outputs.sha_short }}
|
||||
|
||||
- name: Upload output file x86
|
||||
uses: actions/upload-artifact@v2
|
||||
uses: actions/upload-artifact@v4
|
||||
with:
|
||||
name: goodbyedpi_x86_${{ steps.vars.outputs.sha_short }}
|
||||
path: goodbyedpi_x86_${{ steps.vars.outputs.sha_short }}
|
||||
|
|
|
|||
16
README.md
16
README.md
|
|
@ -43,6 +43,7 @@ Usage: goodbyedpi.exe [OPTION...]
|
|||
supplied text file (HTTP Host/TLS SNI).
|
||||
This option can be supplied multiple times.
|
||||
--allow-no-sni perform circumvention if TLS SNI can't be detected with --blacklist enabled.
|
||||
--frag-by-sni if SNI is detected in TLS packet, fragment the packet right before SNI value.
|
||||
--set-ttl <value> activate Fake Request Mode and send it with supplied TTL value.
|
||||
DANGEROUS! May break websites in unexpected ways. Use with care (or --blacklist).
|
||||
--auto-ttl [a1-a2-m] activate Fake Request Mode, automatically detect TTL and decrease
|
||||
|
|
@ -87,7 +88,7 @@ To check if your ISP's DPI could be circumvented, first make sure that your prov
|
|||
|
||||
Then run the `goodbyedpi.exe` executable without any options. If it works — congratulations! You can use it as-is or configure further, for example by using `--blacklist` option if the list of blocked websites is known and available for your country.
|
||||
|
||||
If your provider intercepts DNS requests, you may want to use `--dns-addr` option to a public DNS resover running on non-standard port (such as Yandex DNS `77.88.8.8:1253`) or configure DNS over HTTPS/TLS using third-party applications.
|
||||
If your provider intercepts DNS requests, you may want to use `--dns-addr` option to a public DNS resolver running on non-standard port (such as Yandex DNS `77.88.8.8:1253`) or configure DNS over HTTPS/TLS using third-party applications.
|
||||
|
||||
Check the .cmd scripts and modify it according to your preference and network conditions.
|
||||
|
||||
|
|
@ -140,12 +141,15 @@ Modify them according to your own needs.
|
|||
|
||||
# Similar projects
|
||||
|
||||
- **[zapret](https://github.com/bol-van/zapret)** by @bol-van (for Linux).
|
||||
- **[Green Tunnel](https://github.com/SadeghHayeri/GreenTunnel)** by @SadeghHayeri (for MacOS, Linux and Windows).
|
||||
- **[DPITunnel](https://github.com/zhenyolka/DPITunnel)** by @zhenyolka (for Android).
|
||||
- **[PowerTunnel](https://github.com/krlvm/PowerTunnel)** by @krlvm (for Windows, MacOS and Linux).
|
||||
- **[PowerTunnel for Android](https://github.com/krlvm/PowerTunnel-Android)** by @krlvm (for Android).
|
||||
- **[zapret](https://github.com/bol-van/zapret)** by @bol-van (for MacOS, Linux and Windows)
|
||||
- **[Green Tunnel](https://github.com/SadeghHayeri/GreenTunnel)** by @SadeghHayeri (for MacOS, Linux and Windows)
|
||||
- **[DPI Tunnel CLI](https://github.com/zhenyolka/DPITunnel-cli)** by @zhenyolka (for Linux and routers)
|
||||
- **[DPI Tunnel for Android](https://github.com/zhenyolka/DPITunnel-android)** by @zhenyolka (for Android)
|
||||
- **[PowerTunnel](https://github.com/krlvm/PowerTunnel)** by @krlvm (for Windows, MacOS and Linux)
|
||||
- **[PowerTunnel for Android](https://github.com/krlvm/PowerTunnel-Android)** by @krlvm (for Android)
|
||||
- **[SpoofDPI](https://github.com/xvzc/SpoofDPI)** by @xvzc (for macOS and Linux)
|
||||
- **[GhosTCP](https://github.com/macronut/ghostcp)** by @macronut (for Windows)
|
||||
- **[ByeDPI](https://github.com/hufrea/byedpi)** for Linux/Windows + **[ByeDPIAndroid](https://github.com/dovecoteescapee/ByeDPIAndroid/)** for Android (no root)
|
||||
|
||||
# Kudos
|
||||
|
||||
|
|
|
|||
|
|
@ -11,7 +11,12 @@ TARGET = goodbyedpi.exe
|
|||
#LIBS = -L$(WINDIVERTLIBS) -Wl,-Bstatic -lssp -Wl,-Bdynamic -lWinDivert -lws2_32
|
||||
LIBS = -L$(WINDIVERTLIBS) -lWinDivert -lws2_32 -l:libssp.a
|
||||
CC = $(CPREFIX)gcc
|
||||
|
||||
CCWINDRES = $(CPREFIX)windres
|
||||
ifeq (, $(shell which $(CPREFIX)windres))
|
||||
CCWINDRES = windres
|
||||
endif
|
||||
|
||||
CFLAGS = -std=c99 -pie -fPIE -pipe -I$(WINDIVERTHEADERS) -L$(WINDIVERTLIBS) \
|
||||
-O2 -D_FORTIFY_SOURCE=2 -fstack-protector \
|
||||
-Wall -Wextra -Wpedantic -Wformat=2 -Wformat-overflow=2 -Wformat-truncation=2 \
|
||||
|
|
|
|||
|
|
@ -162,6 +162,7 @@ static struct option long_options[] = {
|
|||
{"dns-verb", no_argument, 0, 'v' },
|
||||
{"blacklist", required_argument, 0, 'b' },
|
||||
{"allow-no-sni",no_argument, 0, ']' },
|
||||
{"frag-by-sni", no_argument, 0, '>' },
|
||||
{"ip-id", required_argument, 0, 'i' },
|
||||
{"set-ttl", required_argument, 0, '$' },
|
||||
{"min-ttl", required_argument, 0, '[' },
|
||||
|
|
@ -474,7 +475,7 @@ static void send_native_fragment(HANDLE w_filter, WINDIVERT_ADDRESS addr,
|
|||
PWINDIVERT_TCPHDR ppTcpHdr,
|
||||
unsigned int fragment_size, int step) {
|
||||
char packet_bak[MAX_PACKET_SIZE];
|
||||
memcpy(&packet_bak, packet, packetLen);
|
||||
memcpy(packet_bak, packet, packetLen);
|
||||
UINT orig_packetLen = packetLen;
|
||||
|
||||
if (fragment_size >= packet_dataLen) {
|
||||
|
|
@ -531,7 +532,7 @@ static void send_native_fragment(HANDLE w_filter, WINDIVERT_ADDRESS addr,
|
|||
packetLen,
|
||||
NULL, &addr
|
||||
);
|
||||
memcpy(packet, &packet_bak, orig_packetLen);
|
||||
memcpy(packet, packet_bak, orig_packetLen);
|
||||
//printf("Sent native fragment of %d size (step%d)\n", packetLen, step);
|
||||
}
|
||||
|
||||
|
|
@ -568,6 +569,7 @@ int main(int argc, char *argv[]) {
|
|||
do_dnsv4_redirect = 0, do_dnsv6_redirect = 0,
|
||||
do_dns_verb = 0, do_tcp_verb = 0, do_blacklist = 0,
|
||||
do_allow_no_sni = 0,
|
||||
do_fragment_by_sni = 0,
|
||||
do_fake_packet = 0,
|
||||
do_auto_ttl = 0,
|
||||
do_wrong_chksum = 0,
|
||||
|
|
@ -806,6 +808,9 @@ int main(int argc, char *argv[]) {
|
|||
case ']': // --allow-no-sni
|
||||
do_allow_no_sni = 1;
|
||||
break;
|
||||
case '>': // --frag-by-sni
|
||||
do_fragment_by_sni = 1;
|
||||
break;
|
||||
case '$': // --set-ttl
|
||||
do_auto_ttl = auto_ttl_1 = auto_ttl_2 = auto_ttl_max = 0;
|
||||
do_fake_packet = 1;
|
||||
|
|
@ -899,6 +904,7 @@ int main(int argc, char *argv[]) {
|
|||
" supplied text file (HTTP Host/TLS SNI).\n"
|
||||
" This option can be supplied multiple times.\n"
|
||||
" --allow-no-sni perform circumvention if TLS SNI can't be detected with --blacklist enabled.\n"
|
||||
" --frag-by-sni if SNI is detected in TLS packet, fragment the packet right before SNI value.\n"
|
||||
" --set-ttl <value> activate Fake Request Mode and send it with supplied TTL value.\n"
|
||||
" DANGEROUS! May break websites in unexpected ways. Use with care (or --blacklist).\n"
|
||||
" --auto-ttl [a1-a2-m] activate Fake Request Mode, automatically detect TTL and decrease\n"
|
||||
|
|
@ -957,6 +963,7 @@ int main(int argc, char *argv[]) {
|
|||
"Fragment HTTP: %u\n" /* 2 */
|
||||
"Fragment persistent HTTP: %u\n" /* 3 */
|
||||
"Fragment HTTPS: %u\n" /* 4 */
|
||||
"Fragment by SNI: %u\n" /* 5 */
|
||||
"Native fragmentation (splitting): %d\n" /* 5 */
|
||||
"Fragments sending in reverse: %d\n" /* 6 */
|
||||
"hoSt: %d\n" /* 7 */
|
||||
|
|
@ -976,23 +983,24 @@ int main(int argc, char *argv[]) {
|
|||
(do_fragment_http ? http_fragment_size : 0), /* 2 */
|
||||
(do_fragment_http_persistent ? http_fragment_size : 0),/* 3 */
|
||||
(do_fragment_https ? https_fragment_size : 0), /* 4 */
|
||||
do_native_frag, /* 5 */
|
||||
do_reverse_frag, /* 6 */
|
||||
do_host, /* 7 */
|
||||
do_host_removespace, /* 8 */
|
||||
do_additional_space, /* 9 */
|
||||
do_host_mixedcase, /* 10 */
|
||||
do_http_allports, /* 11 */
|
||||
do_fragment_http_persistent_nowait, /* 12 */
|
||||
do_dnsv4_redirect, /* 13 */
|
||||
do_dnsv6_redirect, /* 14 */
|
||||
do_allow_no_sni, /* 15 */
|
||||
do_auto_ttl ? "auto" : (do_fake_packet ? "fixed" : "disabled"), /* 16 */
|
||||
do_fragment_by_sni, /* 5 */
|
||||
do_native_frag, /* 6 */
|
||||
do_reverse_frag, /* 7 */
|
||||
do_host, /* 8 */
|
||||
do_host_removespace, /* 9 */
|
||||
do_additional_space, /* 10 */
|
||||
do_host_mixedcase, /* 11 */
|
||||
do_http_allports, /* 12 */
|
||||
do_fragment_http_persistent_nowait, /* 13 */
|
||||
do_dnsv4_redirect, /* 14 */
|
||||
do_dnsv6_redirect, /* 15 */
|
||||
do_allow_no_sni, /* 16 */
|
||||
do_auto_ttl ? "auto" : (do_fake_packet ? "fixed" : "disabled"), /* 17 */
|
||||
ttl_of_fake_packet, do_auto_ttl ? auto_ttl_1 : 0, do_auto_ttl ? auto_ttl_2 : 0,
|
||||
do_auto_ttl ? auto_ttl_max : 0, ttl_min_nhops,
|
||||
do_wrong_chksum, /* 17 */
|
||||
do_wrong_seq, /* 18 */
|
||||
max_payload_size /* 19 */
|
||||
do_wrong_chksum, /* 18 */
|
||||
do_wrong_seq, /* 19 */
|
||||
max_payload_size /* 20 */
|
||||
);
|
||||
|
||||
if (do_fragment_http && http_fragment_size > 2 && !do_native_frag) {
|
||||
|
|
@ -1046,6 +1054,7 @@ int main(int argc, char *argv[]) {
|
|||
packetLen);
|
||||
should_reinject = 1;
|
||||
should_recalc_checksum = 0;
|
||||
sni_ok = 0;
|
||||
|
||||
ppIpHdr = (PWINDIVERT_IPHDR)NULL;
|
||||
ppIpV6Hdr = (PWINDIVERT_IPV6HDR)NULL;
|
||||
|
|
@ -1129,9 +1138,9 @@ int main(int argc, char *argv[]) {
|
|||
* But if the packet is more than 2 bytes, check ClientHello byte.
|
||||
*/
|
||||
if ((packet_dataLen == 2 && memcmp(packet_data, "\x16\x03", 2) == 0) ||
|
||||
(packet_dataLen >= 3 && memcmp(packet_data, "\x16\x03\x01", 3) == 0))
|
||||
(packet_dataLen >= 3 && ( memcmp(packet_data, "\x16\x03\x01", 3) == 0 || memcmp(packet_data, "\x16\x03\x03", 3) == 0 )))
|
||||
{
|
||||
if (do_blacklist) {
|
||||
if (do_blacklist || do_fragment_by_sni) {
|
||||
sni_ok = extract_sni(packet_data, packet_dataLen,
|
||||
&host_addr, &host_len);
|
||||
}
|
||||
|
|
@ -1147,7 +1156,7 @@ int main(int argc, char *argv[]) {
|
|||
char lsni[HOST_MAXLEN + 1] = {0};
|
||||
extract_sni(packet_data, packet_dataLen,
|
||||
&host_addr, &host_len);
|
||||
memcpy(&lsni, host_addr, host_len);
|
||||
memcpy(lsni, host_addr, host_len);
|
||||
printf("Blocked HTTPS website SNI: %s\n", lsni);
|
||||
#endif
|
||||
if (do_fake_packet) {
|
||||
|
|
@ -1182,7 +1191,7 @@ int main(int argc, char *argv[]) {
|
|||
host_len = hdr_value_len;
|
||||
#ifdef DEBUG
|
||||
char lhost[HOST_MAXLEN + 1] = {0};
|
||||
memcpy(&lhost, host_addr, host_len);
|
||||
memcpy(lhost, host_addr, host_len);
|
||||
printf("Blocked HTTP website Host: %s\n", lhost);
|
||||
#endif
|
||||
|
||||
|
|
@ -1284,7 +1293,11 @@ int main(int argc, char *argv[]) {
|
|||
current_fragment_size = http_fragment_size;
|
||||
}
|
||||
else if (do_fragment_https && ppTcpHdr->DstPort != htons(80)) {
|
||||
current_fragment_size = https_fragment_size;
|
||||
if (do_fragment_by_sni && sni_ok) {
|
||||
current_fragment_size = (void*)host_addr - packet_data;
|
||||
} else {
|
||||
current_fragment_size = https_fragment_size;
|
||||
}
|
||||
}
|
||||
|
||||
if (current_fragment_size) {
|
||||
|
|
|
|||
Loading…
Reference in New Issue