xvzc / spoofdpi Goto Github PK
View Code? Open in Web Editor NEWA simple and fast anti-censorship tool written in Go
License: Apache License 2.0
A simple and fast anti-censorship tool written in Go
License: Apache License 2.0
CONNECT chat.openai.com:443 HTTP/1.1
Host: chat.openai.com:443
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36
DEBU[2023-07-08T00:02:17Z] [HTTPS] Start
DEBU[2023-07-08T00:02:17Z] [DOH] Found 104.18.3.161 with chat.openai.com
DEBU[2023-07-08T00:02:17Z] [HTTPS] New connection to the server chat.openai.com 172.18.0.2:42426
DEBU[2023-07-08T00:02:17Z] [HTTPS] Sent 200 Connection Estabalished to 172.17.128.1:57608
DEBU[2023-07-08T00:02:17Z] [HTTPS] Client sent hello 272bytes
DEBU[2023-07-08T00:02:20Z] [HTTPS] Error reading from 172.17.128.1:57608 timed out
DEBU[2023-07-08T00:02:20Z] [HTTPS] Closing client Connection.. 172.17.128.1:57608
DEBU[2023-07-08T00:02:20Z] [HTTPS] Error reading from 104.18.3.161:443 timed out
DEBU[2023-07-08T00:02:20Z] [HTTPS] Closing server Connection.. chat.openai.com 172.18.0.2:42426
DEBU[2023-07-08T00:02:20Z] [PROXY] Request from 172.17.128.1:57610
CONNECT api-iam.intercom.io:443 HTTP/1.1
Host: api-iam.intercom.io:443
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36
DEBU[2023-07-08T00:02:20Z] [HTTPS] Start
DEBU[2023-07-08T00:02:20Z] [DOH] Found 107.23.65.63 with api-iam.intercom.io
DEBU[2023-07-08T00:02:20Z] [HTTPS] New connection to the server api-iam.intercom.io 172.18.0.2:57306
DEBU[2023-07-08T00:02:20Z] [HTTPS] Sent 200 Connection Estabalished to 172.17.128.1:57610
DEBU[2023-07-08T00:02:20Z] [HTTPS] Client sent hello 517bytes
DEBU[2023-07-08T00:02:23Z] [HTTPS] Error reading from 172.17.128.1:57610 timed out
DEBU[2023-07-08T00:02:23Z] [HTTPS] Closing client Connection.. 172.17.128.1:57610
DEBU[2023-07-08T00:02:23Z] [HTTPS] Closing server Connection.. api-iam.intercom.io 172.18.0.2:57306
DEBU[2023-07-08T00:02:23Z] [HTTPS] Error reading from 107.23.65.63:443 timed out
I've tried loading a blocked website and here's what I've got
DEBU[2022-06-06T21:25:33+03:00] [PROXY] Request from 127.0.0.1:57186
CONNECT meduza.io:443 HTTP/1.1
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:101.0) Gecko/20100101 Firefox/101.0
Proxy-Connection: keep-alive
Connection: keep-alive
Host: meduza.io:443
DEBU[2022-06-06T21:25:33+03:00] [HTTPS] Start
DEBU[2022-06-06T21:25:33+03:00] [PROXY] Request from 127.0.0.1:57192
CONNECT meduza.io:443 HTTP/1.1
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:101.0) Gecko/20100101 Firefox/101.0
Proxy-Connection: keep-alive
Connection: keep-alive
Host: meduza.io:443
DEBU[2022-06-06T21:25:33+03:00] [HTTPS] Start
DEBU[2022-06-06T21:25:34+03:00] [DOH] Found 151.115.46.187 with meduza.io
DEBU[2022-06-06T21:25:34+03:00] [DOH] Found 151.115.46.187 with meduza.io
DEBU[2022-06-06T21:25:34+03:00] [HTTPS] New connection to the server meduza.io 192.168.1.127:56512
DEBU[2022-06-06T21:25:34+03:00] [HTTPS] Sent 200 Connection Estabalished to the client
DEBU[2022-06-06T21:25:34+03:00] [HTTPS] New connection to the server meduza.io 192.168.1.127:56510
DEBU[2022-06-06T21:25:34+03:00] [HTTPS] Sent 200 Connection Estabalished to the client
DEBU[2022-06-06T21:25:34+03:00] [HTTPS] Client sent hello 517bytes
DEBU[2022-06-06T21:25:34+03:00] [HTTPS] Client sent hello 517bytes
DEBU[2022-06-06T21:25:34+03:00] [HTTPS] Error reading from 127.0.0.1:57192 timed out
DEBU[2022-06-06T21:25:34+03:00] [HTTPS] Closing server Connection.. meduza.io 192.168.1.127:56510
DEBU[2022-06-06T21:25:34+03:00] [HTTPS] Error reading from 127.0.0.1:57186 timed out
DEBU[2022-06-06T21:25:34+03:00] [HTTPS] Closing server Connection.. meduza.io 192.168.1.127:56512
DEBU[2022-06-06T21:25:34+03:00] [HTTPS] Error reading from 127.0.0.1:57192 timed out
DEBU[2022-06-06T21:25:34+03:00] [HTTPS] Closing client Connection.. 127.0.0.1:57192
DEBU[2022-06-06T21:25:34+03:00] [HTTPS] Error reading from 127.0.0.1:57186 timed out
DEBU[2022-06-06T21:25:34+03:00] [HTTPS] Closing client Connection.. 127.0.0.1:57186
It looks like it's timing out, but I don't know why.
Originally posted by @da-the-dev in #25 (comment)
Keeps saying that the binary is not found
I'm not sure whether it is possible to do it already but it would be nice to have a command line flag so that I can specify which websites dpi should be bypassed on This is because SpoofDPI breaks some websites for me, and I only want to apply the bypass to some certain websites.
For users that already use encrypted DNS resolver like dnscrypt-proxy & stubby
As I described it on title, it's not working on ARM64 like raspberry pi.
Dynarec for ARM64, with extension: ASIMD CRC32 PageSize:4096 Running on Cortex-A72 with 4 Cores Params database has 32 entries Box64 with Dynarec v0.2.5 4c7ac85a built on Nov 22 2023 06:29:18 BOX64: Didn't detect 48bits of address space, considering it's 39bits Counted 60 Env var BOX64 LIB PATH: ./:lib/:lib64/:x86_64/:bin64/:libs64/:/lib/x86_64-linux-gnu/:/usr/lib/x86_64-linux-gnu/ BOX64 BIN PATH: ./:bin/:/home/shaper/.local/bin/:/usr/local/sbin/:/usr/local/bin/:/usr/sbin/:/usr/bin/:/sbin/:/bin/:/usr/local/games/:/usr/games/ Looking for ./spoof-dpi Rename process to "spoof-dpi" 20911|BOX64: Warning, calling Signal 11 function handler SIG_DFL Unhandled signal caught, aborting NativeBT: ./spoof-dpi() [0x34a0e558] NativeBT: linux-vdso.so.1(__kernel_rt_sigreturn+0) [0x7fb3b8d7bc] NativeBT: /lib/aarch64-linux-gnu/libc.so.6(+0x809d0) [0x7fb3a009d0] NativeBT: /lib/aarch64-linux-gnu/libc.so.6(gsignal+0x1c) [0x7fb39ba76c] NativeBT: /lib/aarch64-linux-gnu/libc.so.6(abort+0xf0) [0x7fb39a74bc] NativeBT: ./spoof-dpi() [0x34a0cdf8] NativeBT: ./spoof-dpi() [0x34a0d510] NativeBT: ./spoof-dpi() [0x34a0f024] NativeBT: ./spoof-dpi() [0x34fd9f5c] NativeBT: ./spoof-dpi() [0x349d5c7c] NativeBT: /lib/aarch64-linux-gnu/libc.so.6(+0x27780) [0x7fb39a7780] NativeBT: /lib/aarch64-linux-gnu/libc.so.6(__libc_start_main+0x98) [0x7fb39a7858] NativeBT: ./spoof-dpi() [0x349d65fc] EmulatedBT: /home/shaper/.spoof-dpi/bin/spoof-dpi+62100 [0x462100] 20911|SIGABRT @0x7fb3a009d0 (???(/lib/aarch64-linux-gnu/libc.so.6+0x809d0)) (x64pc=0x462100//home/shaper/.spoof-dpi/bin/spoof-dpi:"???", rsp=0x1007fe828, stack=0x100000000:0x100800000 own=(nil) fp=(nil)), for accessing 0x3e8000051af (code=-6/prot=0), db=(nil)((nil):(nil)/(nil):(nil)/???:clean, hash:0/0) handler=(nil) RSP-0x20:0x0000000000000000 RSP-0x18:0x0000000000000000 RSP-0x10:0x0000000000000000 RSP-0x08:0x0000000000000000 RSP+0x00:0x0000000000000000 RSP+0x08:0x0000000000000000 RSP+0x10:0x0000000000000000 RSP+0x18:0x0000000000000002 RAX:0x0000000000000000 RCX:0x0000000002d83203 RDX:0x0000000017888915 RBX:0x0000000000010800 RSP:0x00000001007fe828 RBP:0x0000000000000000 RSI:0x00000000008b64b0 RDI:0x0000000000001002 R8:0x0000000000000000 R9:0x0000000000000000 R10:0x0000000000000000 R11:0x0000000000000000 R12:0x0000000000000000 R13:0x0000000000000000 R14:0x0000000000000000 R15:0x0000000000000000 ES:0x002b CS:0x0033 SS:0x002b DS:0x002b FS:0x0043 GS:0x0053
please can you make this ARM version?
OS: raspbian (Debian (Linux))
Version:
Some sites do not open in Russia, for example, adguard.com
. When using a VPN/proxy, they open. Can you improve DPI bypass? Let me know if you need logs or other information.
I've downloaded and launched spoof-dpi. Then, in my Firefox settings I've set in Network Settings => Automatic proxy configuration URL = http://127.0.0.1:8080/. After that I get this error message:
INFO[2022-06-04T22:28:42+03:00] Created a listener on : 8080
FATA[2022-06-04T22:28:51+03:00] Error accepting connection: accept tcp 127.0.0.1:8080: accept4: too many open files
I'm on Arch Linux x86_64. Am I doing it correctly?
i have used green tunnel and i did packet capturing but i couldnt understand how the dpi spoofing is working because i could easily see the sni value of the main requested domains so can you please explain me how this program differ and does it break the sni value or the packet or how does it bypass(if possible please show difference between normal packets of wireshark and with spoofdpi and please help me understand practically :-)
thankyou
Hi.
The number of binaries in releases is very small. Is it possible to increase the number of supported platforms? "Linux" version did not start for me
spoof-dpi --help
-bash: /bin/spoof-dpi: cannot execute binary file
Is it an x64 binary? I am using (old) x86 linux i386/i586.
We also need binaries for armv7 (android), arm64-v8a (android), windows (x64/x86)
This application dont's support ipv6-network and ipv6-sites.
spoof-dpi --port=8000 --dns=[2606:4700:4700::1111] zsh: no matches found: --dns=[2606:4700:4700::1111]
ERRO[2023-01-23T01:55:19+03:00] [HTTPS DOH] Error looking up for domain: ipv6.ams2.test-ipv6.com couldn't resolve the domain
ERRO[2023-01-23T01:55:33+03:00] [HTTPS DOH] Error looking up for domain: 2001:470:1:18::115 Name error
From what I understand it's possible to deploy SpoofDPI on a server and put up a custom host and port - but is it possible to make it work on top of ShadowSocks?
Hi,
SpoofDPI won't work for me (and never worked). Any connection attempt to any site always gives the same errors:
ERRO[2022-08-07T15:09:15+03:00] [HTTPS DOH] Error looking up for domain: www.google.com Post "https://8.8.8.8/dns-query": dial tcp 8.8.8.8:443: connect: no route to host
ERRO[2022-08-07T15:09:18+03:00] [HTTPS DOH] Error looking up for domain: www.google.com Post "https://8.8.8.8/dns-query": dial tcp 8.8.8.8:443: connect: no route to host
...
Please advice!
Thanks!
I swap between an ethernet adapter connected to my cable internet, and a WiFi that connects to a hotspot my Pixel phone is hosting.
networksetup -listallhardwareports
:
Hardware Port: USB 10/100/1G/2.5G LAN
Device: en6
Ethernet Address: no
Hardware Port: Wi-Fi
Device: en0
Ethernet Address: no
After switching network interfaces, I have to exit SpoofDPI, then either leave it closed or re-open it to get the DNS resolution working again.
NOTE: SpoofDPI does automatically set the proxy settings for both interfaces, but the DNS resolve issue persists.
Hello
I'm looking for a DPI bypass tool.
GreenTunnel, etc. are not working in Korea, and I was wondering if this tool works, but I couldn't run it properly because I didn't have enough basic knowledge about Linux.
root@TEST:/# spoof-dpi
-ash: /root/.spoof-dpi/bin/spoof-dpi: No such file or directory
So, do you have any thoughts of creating a Docker image?
It will be much easier to execute.
e.g dns.nextdns.io dns.adguard.com
After installing the script through curl on my rpi 3 running libreelec 11 through ssh i got below response
Successfully installed SpoofDPI.
Please add the line below to your rcfile(.bashrc or .zshrc etc..)
export PATH=$PATH:~/.spoof-dpi/bin
which is expected
but when i tried to run spoof-dpi by
~/.spoof/bin/spoof-dpi
I got the below error
/storage/.spoof-dpi/bin/spoof-dpi: line 1: syntax error: unexpected end of file (expecting ")")
Please let me know at the earliest a solution for this as i've tried the only other option of running green-tunnel on docker hogs memory and freezes the rpi.
Install and run on rpi running libreelec os.
OS: Libreelec
Version:11
I'm using macOS Ventura 13.2.1 and getting an error. I installed it via go.
mertcangokgoz@Macbook ~ » spoof-dpi -debug
███████ ██████ ██████ ██████ ███████ ██████ ██████ ██
██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██
███████ ██████ ██ ██ ██ ██ █████ ██ ██ ██████ ██
██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██
███████ ██ ██████ ██████ ██ ██████ ██ ██
• ADDR : 127.0.0.1
• PORT : 8080
• DNS : 8.8.8.8
• DEBUG : true
FATA[2023-03-08T08:30:21+03:00] exit status 14
Hi,
I am trying to use it with opnsense router to enable DPI spoofing network wide. (Just Like GoodbyeDPI)
When using it via firewall Although All http traffic working correctly, the problem is with HTTPS traffic.
Websites are not opening correctly. it ended up with "Unsupported method:" error.
Will it be possible to port this project to account for this use case?
Firewall:
I cannot access any website after I change the network. I need to restart SpoofDPI to make it work again.
Access websites normally.
It keeps loading then timed out.
OS: Fedora Workstation 39
Version: 0.8
hi, I notice there is some difference between the binary I downloaded from Releases and the binary I build with Go (I'm on Arch Linux)
the binary I downloaded from releases is contacting gnome and ubuntu domains, and the binary I built myself contacts none (according to VirusTotal)
does the one you build include anything different, or is it built with special settings, or telemetry?
CONNECT nichemusic.info:443 HTTP/1.1
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:99.0) Gecko/20100101 Firefox/99.0
Proxy-Connection: keep-alive
Connection: keep-alive
Host: nichemusic.info:443
DEBU[2022-03-04T11:13:04+04:00] [HTTPS] Found ip over HTTPS: 202.254.234.109
DEBU[2022-03-04T11:13:04+04:00] [HTTPS] Connected to the server.
DEBU[2022-03-04T11:13:04+04:00] [HTTPS] Sent 200 Connection Estabalished
DEBU[2022-03-04T11:13:04+04:00] [HTTPS] Client 127.0.0.1:52148 sent hello: 517bytes
DEBU[2022-03-04T11:13:05+04:00] [HTTPS] 202.254.234.109:443 sent data: 1452bytes
DEBU[2022-03-04T11:13:05+04:00] [HTTPS] 202.254.234.109:443 sent data: 1452bytes
DEBU[2022-03-04T11:13:05+04:00] [HTTPS] 202.254.234.109:443 sent data: 1192bytes
DEBU[2022-03-04T11:13:13+04:00] [HTTPS] 127.0.0.1:52086 sent data: 39bytes
DEBU[2022-03-04T11:13:13+04:00] [HTTPS] 127.0.0.1:52090 sent data: 39bytes
DEBU[2022-03-04T11:13:13+04:00] [HTTPS] 188.114.97.2:443 sent data: 39bytes
DEBU[2022-03-04T11:13:13+04:00] [HTTPS] 188.114.97.2:443 sent data: 39bytes
DEBU[2022-03-04T11:13:21+04:00] [HTTPS] 127.0.0.1:52076 sent data: 39bytes
DEBU[2022-03-04T11:13:21+04:00] [HTTPS] 172.67.129.178:443 sent data: 39bytes
DEBU[2022-03-04T11:13:42+04:00] [HTTPS] 44.237.168.235:443 sent data: 31bytes
DEBU[2022-03-04T11:13:42+04:00] [HTTPS] 127.0.0.1:52048 sent data: 35bytes
DEBU[2022-03-04T11:13:49+04:00] [HTTPS] 127.0.0.1:52116 sent data: 39bytes
DEBU[2022-03-04T11:13:49+04:00] [HTTPS] Error reading from 127.0.0.1:52148
DEBU[2022-03-04T11:13:49+04:00] [HTTPS] EOF
DEBU[2022-03-04T11:13:49+04:00] [HTTPS] Exiting Serve() method.
DEBU[2022-03-04T11:13:49+04:00] [HTTPS] 64.233.164.106:443 sent data: 39bytes
DEBU[2022-03-04T11:13:49+04:00] [HTTPS] Error reading from 202.254.234.109:443
DEBU[2022-03-04T11:13:49+04:00] [HTTPS] EOF
DEBU[2022-03-04T11:13:49+04:00] [HTTPS] Exiting Serve() method.
got this error running on openwrt arm64 :
/usr/bin/spoof-dpi: line 1: �ELF����: not found
/usr/bin/spoof-dpi: line 5: syntax error: unexpected word (expecting ")")
perhaps it related to the colored banner like in screenshoot ?
I found the file ._spoof-dpi
included in the download. What is it used for?
Spoof-dpi crashes when try to load a website that doesn't exist (or website maybe goes offline).
CONNECT www.matchacha.ro:443 HTTP/1.1
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:100.0) Gecko/20100101 Firefox/100.0
Proxy-Connection: keep-alive
Connection: keep-alive
Host: www.matchacha.ro:443
panic: runtime error: index out of range [0] with length 0
goroutine 55 [running]:
github.com/xvzc/SpoofDPI/doh.Lookup({0xc0000946f8, 0x5})
/SpoofDPI/doh/dns.go:22 +0x6e
github.com/xvzc/SpoofDPI/net.(*Conn).HandleHttps(0xc00023ecb0, {{0xc000294820, 0xcf, 0xd0}, {0xc0000946f0, 0x7}, {0xc0000946f8, 0x10}, {0xc000094708, 0x4}, ...})
/SpoofDPI/net/conn.go:125 +0xaf
github.com/xvzc/SpoofDPI/proxy.(*Proxy).Start.func1()
/SpoofDPI/proxy/proxy.go:59 +0x167
created by github.com/xvzc/SpoofDPI/proxy.(*Proxy).Start
/SpoofDPI/proxy/proxy.go:43 +0x2bb
Just overwrite v0.5 over worked v0.4 on same test machine. While trying to access to listen port, I have an error in console output:
`panic: runtime error: index out of range [1] with length 1
goroutine 6 [running]:
github.com/xvzc/SpoofDPI/packet.parse({0xc000014130, 0xc000200000, 0x8e1da0})
/SpoofDPI/packet/http.go:140 +0x210
github.com/xvzc/SpoofDPI/packet.NewHttpPacket({0xc000014130, 0x3, 0x8})
/SpoofDPI/packet/http.go:57 +0x5a
github.com/xvzc/SpoofDPI/proxy.(*Proxy).Start.func1()
/SpoofDPI/proxy/proxy.go:50 +0x4e
created by github.com/xvzc/SpoofDPI/proxy.(*Proxy).Start
/SpoofDPI/proxy/proxy.go:43 +0x2bb`
Host machine is a LXC container with Ubuntu 20.04. Version v0.4 is working fine.
Well as the title says; I thought it'll be nice to have SpoofDPI config file that allow us to use it in iPhone's since most of the passive DPI blocker wont work in iOS (for Countries ofc but what about your shitty local company decides to build a goddamn China Wall over your internet which blocks almost every VPN or any bypass method you have used prior to the entering that shitty sweatshop job, you know...)
Which cames into my mind FoXray app atm (It's the most stable one in iOS imho). But due to being newbie I could create it with a little bit of help.
Here is the built in parameters for any config file on that app:
1-Outbound Protocols (Vless/Vmess/Shadowsocks/Trojan/Socks), adress, port,uuid,flow,password etc.. (depends on protocol)
2-Stream Transport(tcp/kcp/ws/http/quic/grpc), Header (none/http)
3-Security (none/tls/reality) Servername, Allowinsecure (on/off), ALPN, Fingerprint
4-Mux (on/off)
5-Fragment (if enabled) packests,length, interval
If someone could help me to fill that config parameters we could copy this project Directly to the iOS if I'm not wrong.
Also another suggestion: In-Built AdBlocker Blocks Option for the main project (switchable ofc).
macOS 12.2.1
➜ ~ spoof-dpi -debug
███████ ██████ ██████ ██████ ███████ ██████ ██████ ██
██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██
███████ ██████ ██ ██ ██ ██ █████ ██ ██ ██████ ██
██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██
███████ ██ ██████ ██████ ██ ██████ ██ ██
• PORT : 8080
• DNS : 8.8.8.8
• DEBUG : true
FATA[2022-03-14T05:22:41+03:00] exit status 4
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.