[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-2238":3},{"id":4,"name":5,"fullName":6,"owner":7,"repo":5,"description":8,"homepage":9,"htmlUrl":9,"language":10,"languages":9,"totalLinesOfCode":9,"stars":11,"forks":12,"watchers":13,"openIssues":14,"contributorsCount":15,"subscribersCount":15,"size":15,"stars1d":16,"stars7d":17,"stars30d":18,"stars90d":15,"forks30d":15,"starsTrendScore":19,"compositeScore":20,"rankGlobal":9,"rankLanguage":9,"license":21,"archived":22,"fork":22,"defaultBranch":23,"hasWiki":24,"hasPages":22,"topics":25,"createdAt":9,"pushedAt":9,"updatedAt":26,"readmeContent":27,"aiSummary":28,"trendingCount":15,"starSnapshotCount":15,"syncStatus":29,"lastSyncTime":30,"discoverSource":31},2238,"SNISPF","Rainman69\u002FSNISPF","Rainman69","SNISPF - Cross-Platform SNI Spoofing & DPI Bypass Tool",null,"Python",202,33,5,1,0,3,6,87,9,4.59,"MIT License",false,"main",true,[],"2026-06-12 02:00:39","# SNISPF\n\n### Cross-Platform DPI Bypass Tool\n\n```\n ███████╗███╗ ██╗██╗███████╗██████╗ ███████╗\n ██╔════╝████╗ ██║██║██╔════╝██╔══██╗██╔════╝\n ███████╗██╔██╗ ██║██║███████╗██████╔╝█████╗\n ╚════██║██║╚██╗██║██║╚════██║██╔═══╝ ██╔══╝\n ███████║██║ ╚████║██║███████║██║ ██║\n ╚══════╝╚═╝ ╚═══╝╚═╝╚══════╝╚═╝ ╚═╝\n```\n**[FA README | توضیحات فارسی](https:\u002F\u002Fgithub.com\u002FRainman69\u002FSNISPF\u002Fblob\u002Fmain\u002FREADME_FA.md)**\n\n**SNISPF** is a lightweight command-line tool that helps you get past internet\ncensorship. It works by reshaping the way your connection introduces itself to\nfirewalls so that filtered websites slip through undetected. Runs on\n**Windows, macOS, and Linux** — no drivers, no admin rights needed for the\ndefault bypass method.\n\nAny idea? → **[SNISPF\u002Fdiscussions](https:\u002F\u002Fgithub.com\u002FRainman69\u002FSNISPF\u002Fdiscussions)**\n\n**Maintained by [@Rainman69](https:\u002F\u002Fgithub.com\u002FRainman69)**\n\n‎**⭐️فراموش نشه⭐️**\n---\n\n## Table of Contents\n\n- [How Does It Work?](#how-does-it-work)\n- [Requirements](#requirements)\n- [Installation](#installation)\n- [Quick Start](#quick-start)\n- [Configuration](#configuration)\n- [CLI Flags](#cli-flags)\n- [Bypass Methods](#bypass-methods)\n- [Fragment Strategies](#fragment-strategies)\n- [Domain Checker](#domain-checker)\n- [Platform Support](#platform-support)\n- [Troubleshooting](#troubleshooting)\n- [Project Structure](#project-structure)\n- [Running the Tests](#running-the-tests)\n- [License](#license)\n\n---\n\n## How Does It Work?\n\nWhen you visit a website over HTTPS, your device sends a \"hello\" message (a\n**TLS ClientHello**) that contains the website name in plain text. This is the\n**SNI** (Server Name Indication). DPI (Deep Packet Inspection) systems read\nthat name and decide whether to block the connection.\n\nSNISPF sits between your app and the internet. It intercepts the hello message\nand either **chops it up** or **sends a decoy** so the censorship system\ncan't read the real hostname. The destination server still receives the full,\ncorrect request and answers normally.\n\n```\n┌──────────┐ ┌─────────┐ ┌─────────┐ ┌──────────────┐\n│ Your App ├────>│ SNISPF ├────>│ DPI \u002F ├────>│ Real Server │\n│ (browser,│ │ (local │ │Firewall │ │ (e.g. │\n│ v2ray, │ │ proxy) │ │ │ │ Cloudflare) │\n│ etc.) │ │ │ │ │ │ │\n└──────────┘ └─────────┘ └─────────┘ └──────────────┘\n │ │\n │ sends fake \u002F │ sees fake or\n │ fragmented │ incomplete SNI\n │ hello message │ --> lets it through\n```\n\n---\n\n## Requirements\n\n- **Python 3.8** or newer (check with `python3 --version`)\n- That's it. No external dependencies, no C compilers, no kernel modules.\n\n---\n\n## Installation\n\nSNISPF is distributed **as source only**. There are no GitHub Releases,\nprebuilt binaries, or container images — running it is intentionally just a\nsmall Python project you clone and execute.\n\n### Option 1 — Run from source\n\n```bash\ngit clone https:\u002F\u002Fgithub.com\u002FRainman69\u002FSNISPF.git\ncd SNISPF\npython3 run.py --info\n```\n\n### Option 2 — `pip install` from the repo\n\n```bash\ngit clone https:\u002F\u002Fgithub.com\u002FRainman69\u002FSNISPF.git\ncd SNISPF\npip install .\nsnispf --info\n```\n\nOr in one line, without cloning:\n\n```bash\npip install git+https:\u002F\u002Fgithub.com\u002FRainman69\u002FSNISPF.git\n```\n\n> **Tip:** use a virtual environment (`python3 -m venv .venv && source .venv\u002Fbin\u002Factivate`) so the install doesn't touch your system Python.\n\n---\n\n## Quick Start\n\n### 1. Start the proxy\n\n```bash\n# Using the default config.json bundled with the repo\npython3 run.py --config config.json\n\n# Or all-CLI, no config file:\npython3 run.py \\\n --listen 0.0.0.0:40443 \\\n --connect 104.19.230.21:443 \\\n --sni www.hcaptcha.com \\\n --method fragment\n```\n\nYou should see a log line like:\n\n```\nListening on 0.0.0.0:40443\nForwarding to 104.19.230.21:443\nFake SNI: www.hcaptcha.com\nBypass strategy: fragment\n```\n\n### 2. Point your app at it\n\nSNISPF is a transparent TCP forwarder. In whatever client you use\n(`v2ray`, `xray`, browser proxy plugin, raw TCP client, …) configure the\nupstream server as **`127.0.0.1:40443`** instead of the original\nCloudflare endpoint. Everything else (TLS, the real SNI for routing on\nthe CDN, etc.) is unchanged.\n\n---\n\n## Configuration\n\nYou can run SNISPF either from a JSON config file or entirely from CLI flags.\nAnything passed on the command line overrides the file.\n\n### Generate a default config\n\n```bash\npython3 run.py --generate-config my_config.json\n```\n\n### Config file reference\n\n```jsonc\n{\n \"LISTEN_HOST\": \"0.0.0.0\", \u002F\u002F Address to bind the local proxy on\n \"LISTEN_PORT\": 40443, \u002F\u002F Local TCP port to listen on\n \"CONNECT_IP\": \"104.19.230.21\", \u002F\u002F Upstream IP (typically a Cloudflare edge)\n \"CONNECT_PORT\": 443, \u002F\u002F Upstream TCP port\n \"FAKE_SNI\": \"www.hcaptcha.com\", \u002F\u002F Hostname to put in the decoy\u002Ffragmented SNI\n \"BYPASS_METHOD\": \"fragment\", \u002F\u002F fragment | fake_sni | combined\n \"FRAGMENT_STRATEGY\": \"sni_split\", \u002F\u002F sni_split | half | multi | tls_record_frag\n \"FRAGMENT_DELAY\": 0.1, \u002F\u002F Seconds to wait between fragments\n \"USE_TTL_TRICK\": false, \u002F\u002F Inject decoy with low IP TTL (auto on macOS \u002F Android)\n \"FAKE_SNI_METHOD\": \"prefix_fake\" \u002F\u002F prefix_fake | record_layer_split\n}\n```\n\n---\n\n## CLI Flags\n\n```\n--config, -C FILE Path to JSON config file\n--generate-config PATH Generate a default config file and exit\n--listen, -l HOST:PORT Listen address (default: 0.0.0.0:40443)\n--connect, -c IP:PORT Target server address\n--sni, -s HOSTNAME Fake SNI hostname\n--method, -m METHOD fragment | fake_sni | combined\n--fragment-strategy STR sni_split | half | multi | tls_record_frag\n--fragment-delay SEC Delay between fragments\n--ttl-trick Use IP TTL trick for fake packets\n--no-raw Disable raw socket injection even if available\n--check-domains FILE Bulk-check domains for Cloudflare backing\n--check-workers N Parallel workers for domain checking (default: 50)\n--check-timeout SEC Per-domain timeout (default: 3.0)\n--output FILE Export verified Cloudflare domains\n--check-http Also verify HTTP connectivity during check\n--verbose, -v Debug logging\n--quiet, -q Warnings only\n--version, -V Print version and exit\n--info Show platform capabilities and exit\n```\n\n---\n\n## Bypass Methods\n\n### `fragment` (default)\n\nCuts the TLS ClientHello into multiple TCP segments at the SNI boundary.\nThe DPI middlebox sees only fragments of the hostname and can't make a\nmatching decision. **Works on every platform, no privileges needed.**\n\n### `fake_sni`\n\nSends one or more decoy ClientHello packets containing a fake hostname,\nfollowed by the real one. The DPI commits its verdict on the first packet\nit sees (the decoy) while the real server still gets the legitimate\nhello. Most effective with raw sockets (Linux + root) for the `seq_id`\ntrick. Without raw sockets, falls back automatically to TTL-trick mode.\n\n### `combined` (strongest)\n\nBoth fragmentation and a decoy hello at the same time. Recommended when\nthe censor's DPI is aggressive.\n\n---\n\n## Fragment Strategies\n\n| Strategy | What it does |\n|---------------------|------------------------------------------------------------------------|\n| `sni_split` (def.) | Splits the TCP record exactly at the SNI hostname inside the hello |\n| `half` | Splits into two roughly equal halves |\n| `multi` | Multiple small fragments (5–10 bytes each) |\n| `tls_record_frag` | Splits at the TLS record layer instead of the TCP layer |\n\n---\n\n## Domain Checker\n\nSNISPF ships a bulk checker that takes a list of hostnames and tells you\nwhich ones are actually fronted by Cloudflare, so you can pick a good\n**FAKE_SNI** target.\n\n```bash\n# domains.txt: one hostname per line\npython3 run.py --check-domains domains.txt\npython3 run.py --check-domains domains.txt --output verified.txt\npython3 run.py --check-domains domains.txt --check-http -v\n```\n\nOutput is a table with the resolved IP, whether it falls inside a\npublished Cloudflare range, and (optionally) whether an HTTPS request\nreturned a Cloudflare response header.\n\n---\n\n## Platform Support\n\n| Platform | Status | Notes |\n|-------------------------|-------------|-----------------------------------------------------------------------------|\n| Linux (any distro) | First-class | Raw socket injection available with `sudo` \u002F `CAP_NET_RAW` |\n| macOS (Apple Silicon) | First-class | Auto-uses TTL trick (raw sockets are root-only on Darwin) |\n| macOS (Intel) | First-class | Same as above |\n| Windows 10\u002F11 | First-class | Fragmentation methods only — no raw sockets |\n| Android via Termux | Supported | Works without root using the fragment\u002Fcombined methods (TTL trick auto-on) |\n| OpenBSD \u002F FreeBSD | Best-effort | Fragmentation methods work; raw injection untested |\n\nRun `python3 run.py --info` to see exactly which capabilities your system\nexposes.\n\n---\n\n## Troubleshooting\n\n**Port already in use**\n```bash\npython3 run.py -l :40444 ... # pick any free local port\n```\n\n**Permission denied on port \u003C 1024**\nUse a port ≥ 1024, or run with `sudo` if you really need a privileged port.\n\n**Bypass doesn't work for some sites**\n- Try `-m combined --fragment-strategy multi`\n- Try a different `FAKE_SNI` (verify it's Cloudflare-backed with\n `--check-domains`).\n- Increase `FRAGMENT_DELAY` (e.g. `--fragment-delay 0.25`) — some censors\n re-assemble fragments that arrive too quickly.\n\n**Macros \u002F antivirus complaining**\nSNISPF is pure Python and ships no compiled binaries; if your AV is\nflagging *something*, it's almost certainly a false positive on a Python\ninterpreter. You can read every line of source in this repo.\n\n---\n\n## Project Structure\n\n```\nSNISPF\u002F\n├── run.py # Entry point (python3 run.py …)\n├── config.json # Default configuration\n├── pyproject.toml # Package metadata (snispf console script)\n├── README.md \u002F README_FA.md # Docs (this file + Farsi translation)\n├── LICENSE # MIT\n├── sni_spoofing\u002F\n│ ├── __init__.py # __version__, package init\n│ ├── cli.py # argparse + main entry point\n│ ├── forwarder.py # async TCP forwarder, bypass orchestration\n│ ├── bypass\u002F # Fragmentation \u002F fake-SNI \u002F raw-injection strategies\n│ ├── tls\u002F # ClientHello builder + parser\n│ ├── scanner\u002F # Bulk Cloudflare-domain checker (only)\n│ └── utils\u002F # Platform detection, IP\u002Fport helpers\n└── tests\u002F # unittest suite\n```\n\n---\n\n## Running the Tests\n\n```bash\ncd SNISPF\npython3 -m unittest discover -s tests -v\n```\n\nThe suite covers the TLS ClientHello builder and fragmentation logic.\nNetwork-dependent tests are intentionally not part of the default run.\n\n---\n\n## License\n\n[MIT](.\u002FLICENSE) © Rainman69\n","SNISPF 是一个跨平台的SNI欺骗与DPI绕过工具。它通过修改客户端发出的TLS ClientHello消息,使其中的目标服务器名称无法被深度包检测系统正确识别,从而帮助用户访问被封锁的网站。该工具采用Python编写,具有轻量级、无需安装驱动程序或管理员权限的特点,支持Windows、macOS和Linux操作系统。适用于需要规避网络审查环境下的个人或组织使用。",2,"2026-06-11 02:49:01","CREATED_QUERY"]