Jump to content
Main menu
Main menu
move to sidebar
hide
Navigation
Main page
Recent changes
Random page
Help about MediaWiki
Special pages
Copper9 Wiki
Search
Search
Appearance
Create account
Log in
Personal tools
Create account
Log in
Pages for logged out editors
learn more
Contributions
Talk
Editing
How to bypass ISP censorship
(section)
Page
Discussion
English
Read
Edit
Edit source
View history
Tools
Tools
move to sidebar
hide
Actions
Read
Edit
Edit source
View history
General
What links here
Related changes
Page information
Appearance
move to sidebar
hide
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
= Local DPI Bypass Tools = This category of tools is fundamentally different from VPNs. They allow access to specific blocked services without the disruptive side effects of a VPN, such as changing your IP address. They also don't bypass IP blacklisting. These tools work by “desynchronizing” the censor's view of the network connection from the server's, causing the inspection to fail while allowing the real connection to proceed. They provide no extra encryption or anonymity; your ISP can still see what sites you are visiting, but their automated blocking mechanism is fooled. == [https://github.com/bol-van/zapret Zapret] == A stand-alone, high-performance DPI circumvention tool designed to “desynchronize” DPI systems by manipulating network packets at a low level. Zapret was created primarily to target the “Sovereign Internet” (RuNet) blocking system in Russia. Zapret is designed to run on a Linux-based gateway, such as a home router running OpenWrt or directly on a user's Linux desktop. Zapret uses low-level packet manipulation via components like <code>nfqws</code> and <code>tpws</code>. It employs a variety of “DPI desync” techniques, which can be configured by the user. These include sending fake packets (e.g., with the <code>--dpi-desync=fake</code> parameter), fragmenting packets (<code>--dpi-desync=fakedsplit</code>), and modifying packet checksums or TTLs to “fool” the inspection system (<code>--dpi-desync-fooling=badsum</code>). The tool includes a <code>blockcheck.sh</code> script that a user can run to test and identify the most effective desync parameters for their specific ISP. '''PROs:''' * <span style="color:green">'''High Performance:'''</span> Adds negligible latency. Because it typically only manipulates the first few packets of a connection to break the DPI's state, it is significantly faster than a full tunnel. * <span style="color:green">'''No IP Change:'''</span> This is its most significant advantage. It does not change your public IP address, making it ideal for accessing local, geo-restricted services (like banking, streaming, or city services) that would be broken by a VPN. It also does not need to trust any third party servers. * <span style="color:green">'''Transparent:'''</span> When installed on a router, it works transparently for all devices on the network (phones, computers, consoles) with no client-side software required. * <span style="color:green">'''Adaptive:'''</span> It is highly configurable to adapt to the specific, evolving DPI strategies used by different ISPs and nation-states. '''CONs:''' * <span style="color:red">'''No Extra Privacy or Anonymity:'''</span> This is critical to understand. Zapret does not provide extra privacy or anonymity. Your ISP can still see which sites you are visiting; the tool just prevents the automated block to provide access. * <span style="color:red">'''Specific Use Case:'''</span> It only defeats DPI. It does not bypass DNS-level blocking (it must be paired with an encrypted DNS service like DoH/DoT) or IP-address-level bans. == [https://github.com/ValdikSS/GoodbyeDPI Goodbye DPI] == A user-friendly DPI circumvention utility designed specifically for the Windows operating system. It runs on a user's local Windows PC (versions 7 through 11 are supported). It works by installing a Windows filter driver to intercept and modify packets as they leave the machine. It employs multiple methods simultaneously to be effective against a wide range of DPI systems. These methods include: TCP-level fragmentation, HTTP header manipulation (e.g., replacing Host with hoSt, or removing spaces), and sending fake packets with low TTLs to “poison” the DPI's state and cause it to fail. It also includes modes to redirect DNS requests to non-standard ports to bypass simple DNS poisoning. '''PROs:''' * <span style="color:green">'''Easy to Use:'''</span> This is its primary advantage. It is ideal for non-technical Windows users. The most common use case involves just running a single <code>.cmd</code> script. * <span style="color:green">'''No IP Change:'''</span> Shares the same benefits as Zapret; it does not interfere with local, geo-restricted services. Also, no third party to trust. * <span style="color:green">'''Effective:'''</span> It is designed to actively bypass both “Passive DPI” (which tries to “race” the real server with a fake reset packet) and “Active DPI” (which sits in-line and modifies traffic). '''CONs:''' * <span style="color:red">'''No Extra Privacy or Anonymity:'''</span> Like Zapret, this provides no extra encryption and is not a privacy tool. It is for access only.
Summary:
Please note that all contributions to Copper9 Wiki may be edited, altered, or removed by other contributors. If you do not want your writing to be edited mercilessly, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource (see
Wiki on Copper9:Copyrights
for details).
Do not submit copyrighted work without permission!
Cancel
Editing help
(opens in new window)
Search
Search
Editing
How to bypass ISP censorship
(section)
Add topic
