[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-6021":3},{"id":4,"name":5,"fullName":6,"owner":7,"repo":5,"description":8,"homepage":9,"htmlUrl":10,"language":11,"languages":10,"totalLinesOfCode":10,"stars":12,"forks":13,"watchers":14,"openIssues":15,"contributorsCount":16,"subscribersCount":16,"size":16,"stars1d":17,"stars7d":18,"stars30d":19,"stars90d":16,"forks30d":16,"starsTrendScore":20,"compositeScore":21,"rankGlobal":10,"rankLanguage":10,"license":22,"archived":23,"fork":23,"defaultBranch":24,"hasWiki":25,"hasPages":23,"topics":26,"createdAt":10,"pushedAt":10,"updatedAt":31,"readmeContent":32,"aiSummary":33,"trendingCount":16,"starSnapshotCount":16,"syncStatus":34,"lastSyncTime":35,"discoverSource":36},6021,"GoodbyeDPI","ValdikSS\u002FGoodbyeDPI","ValdikSS","GoodbyeDPI — Deep Packet Inspection circumvention utility (for Windows)","https:\u002F\u002Fntc.party\u002Fc\u002Fcommunity-software\u002Fgoodbyedpi",null,"C",28389,2179,447,134,0,9,42,132,40,45,"Apache License 2.0",false,"master",true,[27,28,29,30],"anticensorship","censorship-circumvention","deep-packet-inspection","dpi","2026-06-12 02:01:15","GoodbyeDPI — Deep Packet Inspection circumvention utility\n=========================\n\nThis software designed to bypass Deep Packet Inspection systems found in many Internet Service Providers which block access to certain websites.\n\nIt handles DPI connected using optical splitter or port mirroring (**Passive DPI**) which do not block any data but just replying faster than requested destination, and **Active DPI** connected in sequence.\n\n**Windows 7, 8, 8.1, 10 or 11** with administrator privileges required.\n\n# Quick start\n\n* **For Russia**: Download [latest version from Releases page](https:\u002F\u002Fgithub.com\u002FValdikSS\u002FGoodbyeDPI\u002Freleases), unpack the file and run **1_russia_blacklist_dnsredir.cmd** script.\n* For other countries: Download [latest version from Releases page](https:\u002F\u002Fgithub.com\u002FValdikSS\u002FGoodbyeDPI\u002Freleases), unpack the file and run **2_any_country_dnsredir.cmd**.\n\nThese scripts launch GoodbyeDPI in recommended mode with DNS resolver redirection to Yandex DNS on non-standard port (to prevent DNS poisoning). \nIf it works — congratulations! You can use it as-is or configure further.\n\n# How to use\n\nDownload [latest version from Releases page](https:\u002F\u002Fgithub.com\u002FValdikSS\u002FGoodbyeDPI\u002Freleases) and run.\n\n## Supported arguments\nTo get relevant information about your version of the program, use the -h (--help) argument at startup.\n```\nUsage: goodbyedpi.exe [OPTION...]\n -p block passive DPI\n -q block QUIC\u002FHTTP3\n -r replace Host with hoSt\n -s remove space between host header and its value\n -m mix Host header case (test.com -> tEsT.cOm)\n -f \u003Cvalue> set HTTP fragmentation to value\n -k \u003Cvalue> enable HTTP persistent (keep-alive) fragmentation and set it to value\n -n do not wait for first segment ACK when -k is enabled\n -e \u003Cvalue> set HTTPS fragmentation to value\n -a additional space between Method and Request-URI (enables -s, may break sites)\n -w try to find and parse HTTP traffic on all processed ports (not only on port 80)\n --port \u003Cvalue> additional TCP port to perform fragmentation on (and HTTP tricks with -w)\n --ip-id \u003Cvalue> handle additional IP ID (decimal, drop redirects and TCP RSTs with this ID).\n This option can be supplied multiple times.\n --dns-addr \u003Cvalue> redirect UDP DNS requests to the supplied IP address (experimental)\n --dns-port \u003Cvalue> redirect UDP DNS requests to the supplied port (53 by default)\n --dnsv6-addr \u003Cvalue> redirect UDPv6 DNS requests to the supplied IPv6 address (experimental)\n --dnsv6-port \u003Cvalue> redirect UDPv6 DNS requests to the supplied port (53 by default)\n --dns-verb print verbose DNS redirection messages\n --blacklist \u003Ctxtfile> perform circumvention tricks only to host names and subdomains from\n supplied text file (HTTP Host\u002FTLS SNI).\n This option can be supplied multiple times.\n --allow-no-sni perform circumvention if TLS SNI can't be detected with --blacklist enabled.\n --frag-by-sni if SNI is detected in TLS packet, fragment the packet right before SNI value.\n --set-ttl \u003Cvalue> activate Fake Request Mode and send it with supplied TTL value.\n DANGEROUS! May break websites in unexpected ways. Use with care (or --blacklist).\n --auto-ttl [a1-a2-m] activate Fake Request Mode, automatically detect TTL and decrease\n it based on a distance. If the distance is shorter than a2, TTL is decreased\n by a2. If it's longer, (a1; a2) scale is used with the distance as a weight.\n If the resulting TTL is more than m(ax), set it to m.\n Default (if set): --auto-ttl 1-4-10. Also sets --min-ttl 3.\n DANGEROUS! May break websites in unexpected ways. Use with care (or --blacklist).\n --min-ttl \u003Cvalue> minimum TTL distance (128\u002F64 - TTL) for which to send Fake Request\n in --set-ttl and --auto-ttl modes.\n --wrong-chksum activate Fake Request Mode and send it with incorrect TCP checksum.\n May not work in a VM or with some routers, but is safer than set-ttl.\n --wrong-seq activate Fake Request Mode and send it with TCP SEQ\u002FACK in the past.\n --native-frag fragment (split) the packets by sending them in smaller packets, without\n shrinking the Window Size. Works faster (does not slow down the connection)\n and better.\n --reverse-frag fragment (split) the packets just as --native-frag, but send them in the\n reversed order. Works with the websites which could not handle segmented\n HTTPS TLS ClientHello (because they receive the TCP flow \"combined\").\n --fake-from-hex \u003Cvalue> Load fake packets for Fake Request Mode from HEX values (like 1234abcDEF).\n This option can be supplied multiple times, in this case each fake packet\n would be sent on every request in the command line argument order.\n --fake-with-sni \u003Cvalue> Generate fake packets for Fake Request Mode with given SNI domain name.\n The packets mimic Mozilla Firefox 130 TLS ClientHello packet\n (with random generated fake SessionID, key shares and ECH grease).\n Can be supplied multiple times for multiple fake packets.\n --fake-gen \u003Cvalue> Generate random-filled fake packets for Fake Request Mode, value of them\n (up to 30).\n --fake-resend \u003Cvalue> Send each fake packet value number of times.\n Default: 1 (send each packet once).\n --max-payload [value] packets with TCP payload data more than [value] won't be processed.\n Use this option to reduce CPU usage by skipping huge amount of data\n (like file transfers) in already established sessions.\n May skip some huge HTTP requests from being processed.\n Default (if set): --max-payload 1200.\n\n\nLEGACY modesets:\n -1 -p -r -s -f 2 -k 2 -n -e 2 (most compatible mode)\n -2 -p -r -s -f 2 -k 2 -n -e 40 (better speed for HTTPS yet still compatible)\n -3 -p -r -s -e 40 (better speed for HTTP and HTTPS)\n -4 -p -r -s (best speed)\n\nModern modesets (more stable, more compatible, faster):\n -5 -f 2 -e 2 --auto-ttl --reverse-frag --max-payload\n -6 -f 2 -e 2 --wrong-seq --reverse-frag --max-payload\n -7 -f 2 -e 2 --wrong-chksum --reverse-frag --max-payload\n -8 -f 2 -e 2 --wrong-seq --wrong-chksum --reverse-frag --max-payload\n -9 -f 2 -e 2 --wrong-seq --wrong-chksum --reverse-frag --max-payload -q (this is the default)\n\n Note: combination of --wrong-seq and --wrong-chksum generates two different fake packets.\n```\n## How to check\nTo check if your ISP's DPI could be circumvented, first make sure that your provider does not poison DNS answers by enabling \"Secure DNS (DNS over HTTPS)\" option in your browser.\n\n* **Chrome**: Settings → [Privacy and security](chrome:\u002F\u002Fsettings\u002Fsecurity) → Use secure DNS → With: NextDNS\n* **Firefox**: [Settings](about:preferences) → Network Settings → Enable DNS over HTTPS → Use provider: NextDNS\n\nThen run the `goodbyedpi.exe` executable without any options. If it works — congratulations! You can use it as-is or configure further, for example by using `--blacklist` option if the list of blocked websites is known and available for your country.\n\nIf your provider intercepts DNS requests, you may want to use `--dns-addr` option to a public DNS resolver running on non-standard port (such as Yandex DNS `77.88.8.8:1253`) or configure DNS over HTTPS\u002FTLS using third-party applications.\n\nCheck the .cmd scripts and modify it according to your preference and network conditions.\n\n# How does it work\n\n### Passive DPI\n\nMost Passive DPI send HTTP 302 Redirect if you try to access blocked website over HTTP and TCP Reset in case of HTTPS, faster than destination website. Packets sent by DPI usually have IP Identification field equal to `0x0000` or `0x0001`, as seen with Russian providers. These packets, if they redirect you to another website (censorship page), are blocked by GoodbyeDPI.\n\n### Active DPI\n\nActive DPI is more tricky to fool. Currently the software uses 7 methods to circumvent Active DPI:\n\n* TCP-level fragmentation for first data packet\n* TCP-level fragmentation for persistent (keep-alive) HTTP sessions\n* Replacing `Host` header with `hoSt`\n* Removing space between header name and value in `Host` header\n* Adding additional space between HTTP Method (GET, POST etc) and URI\n* Mixing case of Host header value\n* Sending fake HTTP\u002FHTTPS packets with low Time-To-Live value, incorrect checksum or incorrect TCP Sequence\u002FAcknowledgement numbers to fool DPI and prevent delivering them to the destination\n\nThese methods should not break any website as they're fully compatible with TCP and HTTP standards, yet it's sufficient to prevent DPI data classification and to circumvent censorship. Additional space may break some websites, although it's acceptable by HTTP\u002F1.1 specification (see 19.3 Tolerant Applications).\n\nThe program loads WinDivert driver which uses Windows Filtering Platform to set filters and redirect packets to the userspace. It's running as long as console window is visible and terminates when you close the window.\n\n# How to build from source\n\nThis project can be built using **GNU Make** and [**mingw**](https:\u002F\u002Fmingw-w64.org). The only dependency is [WinDivert](https:\u002F\u002Fgithub.com\u002Fbasil00\u002FDivert).\n\nTo build x86 exe run:\n\n`make CPREFIX=i686-w64-mingw32- WINDIVERTHEADERS=\u002Fpath\u002Fto\u002Fwindivert\u002Finclude WINDIVERTLIBS=\u002Fpath\u002Fto\u002Fwindivert\u002Fx86`\n\nAnd for x86_64:\n\n`make CPREFIX=x86_64-w64-mingw32- BIT64=1 WINDIVERTHEADERS=\u002Fpath\u002Fto\u002Fwindivert\u002Finclude WINDIVERTLIBS=\u002Fpath\u002Fto\u002Fwindivert\u002Famd64`\n\n# How to install as Windows Service\n\nCheck examples in `service_install_russia_blacklist.cmd`, `service_install_russia_blacklist_dnsredir.cmd` and `service_remove.cmd` scripts.\n\nModify them according to your own needs.\n\n# Known issues\n\n* Horribly outdated Windows 7 installations are not able to load WinDivert driver due to missing support for SHA256 digital signatures. Install KB3033929 [x86](https:\u002F\u002Fwww.microsoft.com\u002Fen-us\u002Fdownload\u002Fdetails.aspx?id=46078)\u002F[x64](https:\u002F\u002Fwww.microsoft.com\u002Fen-us\u002Fdownload\u002Fdetails.aspx?id=46148), or better, update the whole system using Windows Update.\n* Intel\u002FQualcomm Killer network cards: `Advanced Stream Detect` in Killer Control Center is incompatible with GoodbyeDPI, [disable it](https:\u002F\u002Fgithub.com\u002FValdikSS\u002FGoodbyeDPI\u002Fissues\u002F541#issuecomment-2296038239).\n* QUIK trading software [may interfere with GoodbyeDPI](https:\u002F\u002Fgithub.com\u002FValdikSS\u002FGoodbyeDPI\u002Fissues\u002F677#issuecomment-2390595606). First start QUIK, then GoodbyeDPI.\n* ~~Some SSL\u002FTLS stacks unable to process fragmented ClientHello packets, and HTTPS websites won't open. Bug: [#4](https:\u002F\u002Fgithub.com\u002FValdikSS\u002FGoodbyeDPI\u002Fissues\u002F4), [#64](https:\u002F\u002Fgithub.com\u002FValdikSS\u002FGoodbyeDPI\u002Fissues\u002F64).~~ Fragmentation issues are fixed in v0.1.7.\n* ~~ESET Antivirus is incompatible with WinDivert driver [#91](https:\u002F\u002Fgithub.com\u002FValdikSS\u002FGoodbyeDPI\u002Fissues\u002F91). This is most probably antivirus bug, not WinDivert.~~\n\n\n# Similar projects\n\n- **[zapret](https:\u002F\u002Fgithub.com\u002Fbol-van\u002Fzapret)** by @bol-van (for MacOS, Linux and Windows)\n- **[Green Tunnel](https:\u002F\u002Fgithub.com\u002FSadeghHayeri\u002FGreenTunnel)** by @SadeghHayeri (for MacOS, Linux and Windows)\n- **[DPI Tunnel CLI](https:\u002F\u002Fgithub.com\u002Fnomoresat\u002FDPITunnel-cli)** by @zhenyolka (for Linux and routers)\n- **[DPI Tunnel for Android](https:\u002F\u002Fgithub.com\u002Fnomoresat\u002FDPITunnel-android)** by @zhenyolka (for Android)\n- **[PowerTunnel](https:\u002F\u002Fgithub.com\u002Fkrlvm\u002FPowerTunnel)** by @krlvm (for Windows, MacOS and Linux)\n- **[PowerTunnel for Android](https:\u002F\u002Fgithub.com\u002Fkrlvm\u002FPowerTunnel-Android)** by @krlvm (for Android)\n- **[SpoofDPI](https:\u002F\u002Fgithub.com\u002Fxvzc\u002FSpoofDPI)** by @xvzc (for macOS and Linux)\n- **[SpoofDPI-Platform](https:\u002F\u002Fgithub.com\u002Fr3pr3ss10n\u002FSpoofDPI-Platform)** by @r3pr3ss10n (for Android, macOS, Windows)\n- **[GhosTCP](https:\u002F\u002Fgithub.com\u002Fmacronut\u002Fghostcp)** by @macronut (for Windows)\n- **[ByeDPI](https:\u002F\u002Fgithub.com\u002Fhufrea\u002Fbyedpi)** for Linux\u002FWindows + **[ByeDPIAndroid](https:\u002F\u002Fgithub.com\u002Fdovecoteescapee\u002FByeDPIAndroid\u002F)** \u002F **[ByeByeDPI](https:\u002F\u002Fgithub.com\u002Fromanvht\u002FByeByeDPI\u002F)** for Android (no root)\n- **[youtubeUnblock](https:\u002F\u002Fgithub.com\u002FWaujito\u002FyoutubeUnblock\u002F)** by @Waujito (for OpenWRT\u002FEntware routers and Linux)\n\n# Kudos\n\nThanks @basil00 for [WinDivert](https:\u002F\u002Fgithub.com\u002Fbasil00\u002FDivert). That's the main part of this program.\n\nThanks for every [BlockCheck](https:\u002F\u002Fgithub.com\u002FValdikSS\u002Fblockcheck) contributor. It would be impossible to understand DPI behaviour without this utility.\n","GoodbyeDPI 是一个用于绕过深度包检测(DPI)系统的工具,特别适用于那些因互联网服务提供商封锁而无法访问某些网站的情况。它能够处理被动和主动两种类型的DPI系统,通过修改HTTP头部、DNS重定向等技术手段帮助用户规避网络审查。该软件采用C语言编写,支持Windows 7至11操作系统,并需要管理员权限运行。GoodbyeDPI非常适合在存在网络审查或限制的环境中使用,比如特定国家和地区内对部分互联网内容的访问受限情况。",2,"2026-06-11 03:05:19","top_language"]