Circumventing DPI (Deep Packet Inspection) censorship 08-30-2022, 01:38 PM
#1
If you are in a country that censors the internet, it is possible that this is done using DPI. DPI stands for Deep Packet Inspection, and it allows a government or an ISP to analyze live all the content of the internet packets that transit the network. With the super nice goal of blocking packets that would not respect the dictatorship in force.
So how do you get around this packet analysis system without passing all your traffic through Tor or similar systems?
Well, with GoodbyeDPI. This tool is available for Windows and allows you to work on both passive and active DPI. Regarding passive DPI, most of them throw an HTTP 302 redirect if you try to access a blocked website via HTTP and a TCP Reset HTTPS, faster than the destination website.
TCP Reset, also known as RST, occurs when an unexpected TCP packet arrives at a host. The latter usually responds by sending back a reset packet on the same connection. It is without payload, but with an RST bit set in the TCP header flags.
As a result, packets sent by the CIO system usually have an IP ID field equal to 0x0000 or 0x0001, as is the case with Russian providers. This is where GoodbyeDPI comes into play and will simply block these packets, preventing them from redirecting you to another website such as a page informing you of the block.
This does not require a third party server and does not affect the internet connection speed. But it doesn't work with all ISPs since some use an active DPI filtering system. This one is a bit more complex to bypass, but not impossible.
To do so, GoodbyeDPI uses 7 different methods like TCP fragmentation, packet header modifications as well as sending fake HTTP / HTTPS packets with low TTL (time to live), incorrect checksum...etc. in order to trick the system into not processing the packets.
All these methods do not disturb the functioning of the websites you visit since they are respectful of TCP and HTTP standards.
As you can see, this is not an exact science, but it's cool to know that solutions exist and can allow you to surf while circumventing censorship. Of course, this is risky in some countries because a more thorough analysis can show that you are using a circumvention system. So be careful.
GoodbyeDPI can be downloaded here :
https://github.com/ValdikSS/GoodbyeDPI
And there is a whole support forum here:
https://ntc.party/c/community-software/goodbyedpi/8
And if you want something that does pretty much the same thing for macOS and Linux, there is also this tool called SpoofDPI :
https://github.com/xvzc/SpoofDPI
Bless !
So how do you get around this packet analysis system without passing all your traffic through Tor or similar systems?
Well, with GoodbyeDPI. This tool is available for Windows and allows you to work on both passive and active DPI. Regarding passive DPI, most of them throw an HTTP 302 redirect if you try to access a blocked website via HTTP and a TCP Reset HTTPS, faster than the destination website.
TCP Reset, also known as RST, occurs when an unexpected TCP packet arrives at a host. The latter usually responds by sending back a reset packet on the same connection. It is without payload, but with an RST bit set in the TCP header flags.
As a result, packets sent by the CIO system usually have an IP ID field equal to 0x0000 or 0x0001, as is the case with Russian providers. This is where GoodbyeDPI comes into play and will simply block these packets, preventing them from redirecting you to another website such as a page informing you of the block.
This does not require a third party server and does not affect the internet connection speed. But it doesn't work with all ISPs since some use an active DPI filtering system. This one is a bit more complex to bypass, but not impossible.
To do so, GoodbyeDPI uses 7 different methods like TCP fragmentation, packet header modifications as well as sending fake HTTP / HTTPS packets with low TTL (time to live), incorrect checksum...etc. in order to trick the system into not processing the packets.
All these methods do not disturb the functioning of the websites you visit since they are respectful of TCP and HTTP standards.
As you can see, this is not an exact science, but it's cool to know that solutions exist and can allow you to surf while circumventing censorship. Of course, this is risky in some countries because a more thorough analysis can show that you are using a circumvention system. So be careful.
GoodbyeDPI can be downloaded here :
https://github.com/ValdikSS/GoodbyeDPI
And there is a whole support forum here:
https://ntc.party/c/community-software/goodbyedpi/8
And if you want something that does pretty much the same thing for macOS and Linux, there is also this tool called SpoofDPI :
https://github.com/xvzc/SpoofDPI
Bless !
![[+]](https://sinister.ly/images/modern/collapse_collapsed.png)
