Skip to content
This repository contains android app to bypass DPI
C Java C++ CMake
Branch: master
Clone or download

Latest commit

zhenyolka * Add support of VPN mode
* Change app notification
Latest commit 6744419 Mar 31, 2020

Files

Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
app * Add support of VPN mode Mar 31, 2020
assets Change preview gif to correct Feb 17, 2020
metadata F-Droid metadata update Feb 16, 2020
.gitmodules Add metadata for F-Droid Jan 30, 2020
LICENSE Add license Jan 25, 2020
README.md Let user specify location of hostlist file Mar 6, 2020
build.gradle Add mini-browser, fix build, add "good" README Jan 26, 2020
gradlew Add mini-browser, fix build, add "good" README Jan 26, 2020
gradlew.bat Add mini-browser, fix build, add "good" README Jan 26, 2020
settings.gradle Fix broken build Feb 17, 2020

README.md

DPI Tunnel

DPI Tunnel logo

DPI Tunnel is an application for Android that uses various techniques to bypass DPI (Deep Packet Inspection) systems, which are used to block some sites.

DPI Tunnel demo

How to use

Just open the application and press the on / off button, after the local http proxy will start on the port specified in the settings. You need to set this http proxy in the settings of your browser or system, or you can choose the "Set DPITunnel proxy globally" option in the settings and DPI Tunnel do it automatically (requires root). Also, if you do not want to set http proxy in the settings, just click 🌐 button and enter the address of the site you need in the mini-browser.

How it works

First of all, DPI Tunnel need to manipulate traffic to bypass DPI, so DPI Tunnel starts local http proxy server and you need to use it.

How DPI works and some methods to bypass it

DNS

When you enter a URL in a Web browser, the first thing the Web browser does is to ask a DNS (Domain Name System) server, at a known numeric address, to look up the domain name referenced in the URL and supply the corresponding IP address. If the DNS server is configured to block access, it consults a blacklist of banned domain names. When a browser requests the IP address for one of these domain names, the DNS server gives a wrong answer or no answer at all. To overcome this problem DPI Tunnel uses DNS-Over-HTTPS technology, that sends DNS request in HTTPS packets.

HTTPS

DPI systems look for the Server Name Indication (SNI) field in the Client Hello packet. To bypass DPI we can send HTTPS request by parts, because MOST DPIs can't reconstruct TCP session.

HTTP

There is a lot of methods. First, we can split request in packets. Second, we can modify HTTP packet, because most DPIs can extract site address only from standard HTTP packet. For example: we can replace Host: header with hOsT: or replace DOS end of line with UNIX. Don't worry, this modifications shouldn't break any website as they're fully compatible with TCP and HTTP standards.

Links

4PDA (Russian forum) F-Droid (Open source app store) Xda labs (Xda app store) @DPITunnelOFFICIAL (Telegram group) You may ask for help there.

License

Licensed under the MIT license. See LICENSE.

You can’t perform that action at this time.