[GreenTunnel] is an anti-censorship utility designed to bypass the DPI systems

Sadegh Hayeri — Mon, 06 Apr 2020 20:30:55 +0000

GreenTunnel bypasses DPI (Deep Packet Inspection) systems without changing IP or server endpoints. (Linux, macOS, and Windows + docker)

The entire project is open source and you can check out the source code on my sadeghhayeri/greentunnel repo.

How does it work?

There are gaps in providers in DPI. They happen from what the DPI rules write for ordinary user programs, omitting all possible cases that are permissible by standards. This is done for simplicity and speed.
Some DPIs cannot recognize the HTTP request if it is divided into TCP segments. For example, a request of the form

GET / HTTP/1.0 Host: www.youtube.com ...

we send it in 2 parts: first comes GET / HTTP/1.0 \n Host: www.you and second sends as tube.com \n .... In this example, ISP cannot find blocked word youtube in packets and you can bypass it!

Or for HTTPS, Server Name Indication (SNI) is an extension to TLS (Transport Layer Security) that indicates the actual destination hostname a client is attempting to access over HTTPS. For this Web Filter feature, SNI hostname information is used for blocking access to specific sites over HTTPS. For example, if the administrator chooses to block the hostname youtube using this feature, all Website access attempts over HTTPS that contain youtube like www.youtube.com in the SNI would be blocked. However, access to the same hostname over HTTP would not be blocked by this feature. GreenTunnel tries to split first CLIENT-HELLO packet into small chunks and ISPs can't parse packet and found SNI field so bypass traffic!

We'd love to hear what you think about GreenTunnel, ideas for improvement, and features you want to see! Please, don't hesitate to open an issue.

DEV Community: Sadegh Hayeri

[GreenTunnel] is an anti-censorship utility designed to bypass the DPI systems

How does it work?