Hi.

The number of binaries in releases is very small. Is it possible to increase the number of supported platforms? "Linux" version did not start for me

spoof-dpi --help
-bash: /bin/spoof-dpi: cannot execute binary file

Is it an x64 binary? I am using (old) x86 linux i386/i586.

We also need binaries for armv7 (android), arm64-v8a (android), windows (x64/x86)

For users that already use encrypted DNS resolver like dnscrypt-proxy & stubby

i have used green tunnel and i did packet capturing but i couldnt understand how the dpi spoofing is working because i could easily see the sni value of the main requested domains so can you please explain me how this program differ and does it break the sni value or the packet or how does it bypass(if possible please show difference between normal packets of wireshark and with spoofdpi and please help me understand practically :-)
thankyou

I have an issue sending or download images and files using WhatsApp. My environment is using WhatsApp Desktop from the Microsoft Store.

this is example for upload retry

this is example for stuck download

Some sites do not open in Russia, for example, adguard.com. When using a VPN/proxy, they open. Can you improve DPI bypass? Let me know if you need logs or other information.

As I described it on title, it's not working on ARM64 like raspberry pi.

Dynarec for ARM64, with extension: ASIMD CRC32 PageSize:4096 Running on Cortex-A72 with 4 Cores Params database has 32 entries Box64 with Dynarec v0.2.5 4c7ac85a built on Nov 22 2023 06:29:18 BOX64: Didn't detect 48bits of address space, considering it's 39bits Counted 60 Env var BOX64 LIB PATH: ./:lib/:lib64/:x86_64/:bin64/:libs64/:/lib/x86_64-linux-gnu/:/usr/lib/x86_64-linux-gnu/ BOX64 BIN PATH: ./:bin/:/home/shaper/.local/bin/:/usr/local/sbin/:/usr/local/bin/:/usr/sbin/:/usr/bin/:/sbin/:/bin/:/usr/local/games/:/usr/games/ Looking for ./spoof-dpi Rename process to "spoof-dpi" 20911|BOX64: Warning, calling Signal 11 function handler SIG_DFL Unhandled signal caught, aborting NativeBT: ./spoof-dpi() [0x34a0e558] NativeBT: linux-vdso.so.1(__kernel_rt_sigreturn+0) [0x7fb3b8d7bc] NativeBT: /lib/aarch64-linux-gnu/libc.so.6(+0x809d0) [0x7fb3a009d0] NativeBT: /lib/aarch64-linux-gnu/libc.so.6(gsignal+0x1c) [0x7fb39ba76c] NativeBT: /lib/aarch64-linux-gnu/libc.so.6(abort+0xf0) [0x7fb39a74bc] NativeBT: ./spoof-dpi() [0x34a0cdf8] NativeBT: ./spoof-dpi() [0x34a0d510] NativeBT: ./spoof-dpi() [0x34a0f024] NativeBT: ./spoof-dpi() [0x34fd9f5c] NativeBT: ./spoof-dpi() [0x349d5c7c] NativeBT: /lib/aarch64-linux-gnu/libc.so.6(+0x27780) [0x7fb39a7780] NativeBT: /lib/aarch64-linux-gnu/libc.so.6(__libc_start_main+0x98) [0x7fb39a7858] NativeBT: ./spoof-dpi() [0x349d65fc] EmulatedBT: /home/shaper/.spoof-dpi/bin/spoof-dpi+62100 [0x462100] 20911|SIGABRT @0x7fb3a009d0 (???(/lib/aarch64-linux-gnu/libc.so.6+0x809d0)) (x64pc=0x462100//home/shaper/.spoof-dpi/bin/spoof-dpi:"???", rsp=0x1007fe828, stack=0x100000000:0x100800000 own=(nil) fp=(nil)), for accessing 0x3e8000051af (code=-6/prot=0), db=(nil)((nil):(nil)/(nil):(nil)/???:clean, hash:0/0) handler=(nil) RSP-0x20:0x0000000000000000 RSP-0x18:0x0000000000000000 RSP-0x10:0x0000000000000000 RSP-0x08:0x0000000000000000 RSP+0x00:0x0000000000000000 RSP+0x08:0x0000000000000000 RSP+0x10:0x0000000000000000 RSP+0x18:0x0000000000000002 RAX:0x0000000000000000 RCX:0x0000000002d83203 RDX:0x0000000017888915 RBX:0x0000000000010800 RSP:0x00000001007fe828 RBP:0x0000000000000000 RSI:0x00000000008b64b0 RDI:0x0000000000001002 R8:0x0000000000000000 R9:0x0000000000000000 R10:0x0000000000000000 R11:0x0000000000000000 R12:0x0000000000000000 R13:0x0000000000000000 R14:0x0000000000000000 R15:0x0000000000000000 ES:0x002b CS:0x0033 SS:0x002b DS:0x002b FS:0x0043 GS:0x0053

please can you make this ARM version?

OS: raspbian (Debian (Linux))

Version:

Additional context

unfortanetly it doesnt work in iran

Spoof-dpi crashes when try to load a website that doesn't exist (or website maybe goes offline).

CONNECT www.matchacha.ro:443 HTTP/1.1
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:100.0) Gecko/20100101 Firefox/100.0
Proxy-Connection: keep-alive
Connection: keep-alive
Host: www.matchacha.ro:443
 
panic: runtime error: index out of range [0] with length 0

goroutine 55 [running]:
github.com/xvzc/SpoofDPI/doh.Lookup({0xc0000946f8, 0x5})
	/SpoofDPI/doh/dns.go:22 +0x6e
github.com/xvzc/SpoofDPI/net.(*Conn).HandleHttps(0xc00023ecb0, {{0xc000294820, 0xcf, 0xd0}, {0xc0000946f0, 0x7}, {0xc0000946f8, 0x10}, {0xc000094708, 0x4}, ...})
	/SpoofDPI/net/conn.go:125 +0xaf
github.com/xvzc/SpoofDPI/proxy.(*Proxy).Start.func1()
	/SpoofDPI/proxy/proxy.go:59 +0x167
created by github.com/xvzc/SpoofDPI/proxy.(*Proxy).Start
	/SpoofDPI/proxy/proxy.go:43 +0x2bb

I found the file ._spoof-dpi included in the download. What is it used for?

hi, I notice there is some difference between the binary I downloaded from Releases and the binary I build with Go (I'm on Arch Linux)

• the one I downloaded from https://github.com/xvzc/SpoofDPI/releases/download/0.8/spoof-dpi-linux.tar.gz (4.9 MB): https://www.virustotal.com/gui/file/50d4865a71770d3cb3cceb4e53c8c5a1f5c2e4c179daca94912cadba077b3405/relations
• the one I build myself with go(8.0 MB) https://pixeldrain.com/u/bfoRMDjy: https://www.virustotal.com/gui/file/0d46a3fca6a31ed00658cc7eeadfaba7e6fbb9c18bbed727703ad99abeb15802/relations

the binary I downloaded from releases is contacting gnome and ubuntu domains, and the binary I built myself contacts none (according to VirusTotal)

does the one you build include anything different, or is it built with special settings, or telemetry?

Keeps saying that the binary is not found

I swap between an ethernet adapter connected to my cable internet, and a WiFi that connects to a hotspot my Pixel phone is hosting.

networksetup -listallhardwareports:

Hardware Port: USB 10/100/1G/2.5G LAN
Device: en6
Ethernet Address: no

Hardware Port: Wi-Fi
Device: en0
Ethernet Address: no

After switching network interfaces, I have to exit SpoofDPI, then either leave it closed or re-open it to get the DNS resolution working again.

NOTE: SpoofDPI does automatically set the proxy settings for both interfaces, but the DNS resolve issue persists.

This application dont's support ipv6-network and ipv6-sites.

1. Ipv6-address in dns is not valid in app
   spoof-dpi --port=8000 --dns=[2606:4700:4700::1111] zsh: no matches found: --dns=[2606:4700:4700::1111]
2. DNS request with AAAA records only throws an error.
   ERRO[2023-01-23T01:55:19+03:00] [HTTPS DOH] Error looking up for domain: ipv6.ams2.test-ipv6.com couldn't resolve the domain
3. App recognizes ipv6-host as domain name and throws error. Ipv6-site is not available.
   ERRO[2023-01-23T01:55:33+03:00] [HTTPS DOH] Error looking up for domain: 2001:470:1:18::115 Name error

From what I understand it's possible to deploy SpoofDPI on a server and put up a custom host and port - but is it possible to make it work on top of ShadowSocks?

After installing the script through curl on my rpi 3 running libreelec 11 through ssh i got below response

Successfully installed SpoofDPI.
Please add the line below to your rcfile(.bashrc or .zshrc etc..)

export PATH=$PATH:~/.spoof-dpi/bin

which is expected

but when i tried to run spoof-dpi by

~/.spoof/bin/spoof-dpi

I got the below error
/storage/.spoof-dpi/bin/spoof-dpi: line 1: syntax error: unexpected end of file (expecting ")")

Please let me know at the earliest a solution for this as i've tried the only other option of running green-tunnel on docker hogs memory and freezes the rpi.

How To Reproduce?

Install and run on rpi running libreelec os.

OS: Libreelec

Version:11

Describe the bug

I cannot access any website after I change the network. I need to restart SpoofDPI to make it work again.

Expected behavior

Access websites normally.

Actual behavior

It keeps loading then timed out.

How To Reproduce?

1. Start SpoofDPI.
2. Change current network to another access point (WiFi) or to wired network.
3. Access any website.

Client information

OS: Fedora Workstation 39

Version: 0.8

Additional context

e.g dns.nextdns.io dns.adguard.com

network error using openai

CONNECT chat.openai.com:443 HTTP/1.1
Host: chat.openai.com:443
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36

DEBU[2023-07-08T00:02:17Z] [HTTPS] Start
DEBU[2023-07-08T00:02:17Z] [DOH] Found 104.18.3.161 with chat.openai.com
DEBU[2023-07-08T00:02:17Z] [HTTPS] New connection to the server chat.openai.com 172.18.0.2:42426
DEBU[2023-07-08T00:02:17Z] [HTTPS] Sent 200 Connection Estabalished to 172.17.128.1:57608
DEBU[2023-07-08T00:02:17Z] [HTTPS] Client sent hello 272bytes
DEBU[2023-07-08T00:02:20Z] [HTTPS] Error reading from 172.17.128.1:57608 timed out
DEBU[2023-07-08T00:02:20Z] [HTTPS] Closing client Connection.. 172.17.128.1:57608
DEBU[2023-07-08T00:02:20Z] [HTTPS] Error reading from 104.18.3.161:443 timed out
DEBU[2023-07-08T00:02:20Z] [HTTPS] Closing server Connection.. chat.openai.com 172.18.0.2:42426
DEBU[2023-07-08T00:02:20Z] [PROXY] Request from 172.17.128.1:57610

CONNECT api-iam.intercom.io:443 HTTP/1.1
Host: api-iam.intercom.io:443
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36

DEBU[2023-07-08T00:02:20Z] [HTTPS] Start
DEBU[2023-07-08T00:02:20Z] [DOH] Found 107.23.65.63 with api-iam.intercom.io
DEBU[2023-07-08T00:02:20Z] [HTTPS] New connection to the server api-iam.intercom.io 172.18.0.2:57306
DEBU[2023-07-08T00:02:20Z] [HTTPS] Sent 200 Connection Estabalished to 172.17.128.1:57610
DEBU[2023-07-08T00:02:20Z] [HTTPS] Client sent hello 517bytes
DEBU[2023-07-08T00:02:23Z] [HTTPS] Error reading from 172.17.128.1:57610 timed out
DEBU[2023-07-08T00:02:23Z] [HTTPS] Closing client Connection.. 172.17.128.1:57610
DEBU[2023-07-08T00:02:23Z] [HTTPS] Closing server Connection.. api-iam.intercom.io 172.18.0.2:57306
DEBU[2023-07-08T00:02:23Z] [HTTPS] Error reading from 107.23.65.63:443 timed out

Hi,

SpoofDPI won't work for me (and never worked). Any connection attempt to any site always gives the same errors:

ERRO[2022-08-07T15:09:15+03:00] [HTTPS DOH] Error looking up for domain: www.google.com Post "https://8.8.8.8/dns-query": dial tcp 8.8.8.8:443: connect: no route to host
ERRO[2022-08-07T15:09:18+03:00] [HTTPS DOH] Error looking up for domain: www.google.com Post "https://8.8.8.8/dns-query": dial tcp 8.8.8.8:443: connect: no route to host
...

Please advice!

Thanks!

I'm not sure whether it is possible to do it already but it would be nice to have a command line flag so that I can specify which websites dpi should be bypassed on This is because SpoofDPI breaks some websites for me, and I only want to apply the bypass to some certain websites.

ubuntu 22.04

I'm using macOS Ventura 13.2.1 and getting an error. I installed it via go.

mertcangokgoz@Macbook ~ » spoof-dpi -debug
███████ ██████   ██████   ██████  ███████ ██████  ██████  ██ 
██      ██   ██ ██    ██ ██    ██ ██      ██   ██ ██   ██ ██ 
███████ ██████  ██    ██ ██    ██ █████   ██   ██ ██████  ██ 
     ██ ██      ██    ██ ██    ██ ██      ██   ██ ██      ██ 
███████ ██       ██████   ██████  ██      ██████  ██      ██ 

• ADDR  : 127.0.0.1
• PORT  : 8080
• DNS   : 8.8.8.8
• DEBUG : true

FATA[2023-03-08T08:30:21+03:00] exit status 14

Just overwrite v0.5 over worked v0.4 on same test machine. While trying to access to listen port, I have an error in console output:

`panic: runtime error: index out of range [1] with length 1

goroutine 6 [running]:
github.com/xvzc/SpoofDPI/packet.parse({0xc000014130, 0xc000200000, 0x8e1da0})
/SpoofDPI/packet/http.go:140 +0x210
github.com/xvzc/SpoofDPI/packet.NewHttpPacket({0xc000014130, 0x3, 0x8})
/SpoofDPI/packet/http.go:57 +0x5a
github.com/xvzc/SpoofDPI/proxy.(*Proxy).Start.func1()
/SpoofDPI/proxy/proxy.go:50 +0x4e
created by github.com/xvzc/SpoofDPI/proxy.(*Proxy).Start
/SpoofDPI/proxy/proxy.go:43 +0x2bb`

Host machine is a LXC container with Ubuntu 20.04. Version v0.4 is working fine.

Hello
I'm looking for a DPI bypass tool.
GreenTunnel, etc. are not working in Korea, and I was wondering if this tool works, but I couldn't run it properly because I didn't have enough basic knowledge about Linux.

root@TEST:/# spoof-dpi
-ash: /root/.spoof-dpi/bin/spoof-dpi: No such file or directory

So, do you have any thoughts of creating a Docker image?

It will be much easier to execute.

I've tried loading a blocked website and here's what I've got

DEBU[2022-06-06T21:25:33+03:00] [PROXY] Request from 127.0.0.1:57186

CONNECT meduza.io:443 HTTP/1.1
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:101.0) Gecko/20100101 Firefox/101.0
Proxy-Connection: keep-alive
Connection: keep-alive
Host: meduza.io:443

DEBU[2022-06-06T21:25:33+03:00] [HTTPS] Start
DEBU[2022-06-06T21:25:33+03:00] [PROXY] Request from 127.0.0.1:57192

CONNECT meduza.io:443 HTTP/1.1
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:101.0) Gecko/20100101 Firefox/101.0
Proxy-Connection: keep-alive
Connection: keep-alive
Host: meduza.io:443

DEBU[2022-06-06T21:25:33+03:00] [HTTPS] Start
DEBU[2022-06-06T21:25:34+03:00] [DOH] Found 151.115.46.187 with meduza.io
DEBU[2022-06-06T21:25:34+03:00] [DOH] Found 151.115.46.187 with meduza.io
DEBU[2022-06-06T21:25:34+03:00] [HTTPS] New connection to the server meduza.io 192.168.1.127:56512
DEBU[2022-06-06T21:25:34+03:00] [HTTPS] Sent 200 Connection Estabalished to the client
DEBU[2022-06-06T21:25:34+03:00] [HTTPS] New connection to the server meduza.io 192.168.1.127:56510
DEBU[2022-06-06T21:25:34+03:00] [HTTPS] Sent 200 Connection Estabalished to the client
DEBU[2022-06-06T21:25:34+03:00] [HTTPS] Client sent hello 517bytes
DEBU[2022-06-06T21:25:34+03:00] [HTTPS] Client sent hello 517bytes
DEBU[2022-06-06T21:25:34+03:00] [HTTPS] Error reading from 127.0.0.1:57192 timed out
DEBU[2022-06-06T21:25:34+03:00] [HTTPS] Closing server Connection.. meduza.io 192.168.1.127:56510
DEBU[2022-06-06T21:25:34+03:00] [HTTPS] Error reading from 127.0.0.1:57186 timed out
DEBU[2022-06-06T21:25:34+03:00] [HTTPS] Closing server Connection.. meduza.io 192.168.1.127:56512
DEBU[2022-06-06T21:25:34+03:00] [HTTPS] Error reading from 127.0.0.1:57192 timed out
DEBU[2022-06-06T21:25:34+03:00] [HTTPS] Closing client Connection.. 127.0.0.1:57192
DEBU[2022-06-06T21:25:34+03:00] [HTTPS] Error reading from 127.0.0.1:57186 timed out
DEBU[2022-06-06T21:25:34+03:00] [HTTPS] Closing client Connection.. 127.0.0.1:57186

It looks like it's timing out, but I don't know why.

Originally posted by @da-the-dev in #25 (comment)

Hi,
I am trying to use it with opnsense router to enable DPI spoofing network wide. (Just Like GoodbyeDPI)
When using it via firewall Although All http traffic working correctly, the problem is with HTTPS traffic.
Websites are not opening correctly. it ended up with "Unsupported method:" error.

Will it be possible to port this project to account for this use case?
Firewall:

Error:

got this error running on openwrt arm64 :

/usr/bin/spoof-dpi: line 1: �ELF����: not found
/usr/bin/spoof-dpi: line 5: syntax error: unexpected word (expecting ")")

perhaps it related to the colored banner like in screenshoot ?

macOS 12.2.1

➜ ~ spoof-dpi -debug
███████ ██████ ██████ ██████ ███████ ██████ ██████ ██
██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██
███████ ██████ ██ ██ ██ ██ █████ ██ ██ ██████ ██
██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██
███████ ██ ██████ ██████ ██ ██████ ██ ██

• PORT : 8080
• DNS : 8.8.8.8
• DEBUG : true

FATA[2022-03-14T05:22:41+03:00] exit status 4

I've downloaded and launched spoof-dpi. Then, in my Firefox settings I've set in Network Settings => Automatic proxy configuration URL = http://127.0.0.1:8080/. After that I get this error message:

INFO[2022-06-04T22:28:42+03:00] Created a listener on : 8080
FATA[2022-06-04T22:28:51+03:00] Error accepting connection: accept tcp 127.0.0.1:8080: accept4: too many open files

I'm on Arch Linux x86_64. Am I doing it correctly?

Well as the title says; I thought it'll be nice to have SpoofDPI config file that allow us to use it in iPhone's since most of the passive DPI blocker wont work in iOS (for Countries ofc but what about your shitty local company decides to build a goddamn China Wall over your internet which blocks almost every VPN or any bypass method you have used prior to the entering that shitty sweatshop job, you know...)

Which cames into my mind FoXray app atm (It's the most stable one in iOS imho). But due to being newbie I could create it with a little bit of help.
Here is the built in parameters for any config file on that app:

1-Outbound Protocols (Vless/Vmess/Shadowsocks/Trojan/Socks), adress, port,uuid,flow,password etc.. (depends on protocol)
2-Stream Transport(tcp/kcp/ws/http/quic/grpc), Header (none/http)
3-Security (none/tls/reality) Servername, Allowinsecure (on/off), ALPN, Fingerprint
4-Mux (on/off)
5-Fragment (if enabled) packests,length, interval
If someone could help me to fill that config parameters we could copy this project Directly to the iOS if I'm not wrong.

Also another suggestion: In-Built AdBlocker Blocks Option for the main project (switchable ofc).