Active DPI circumvention utility for Linux
Bypass the blocking of http and https web-sites in countries like Russia, Iran.
DPI rules written for standart software omitting all possible cases that are acceptable by standards, there are some gaps in deep packet inspection. For instance some DPI stumbles, when the "Host:" header is written in a case-insensetive manner. (RFC 2616) This software simply exploits some of that gaps.
Note: You may need DnsCrypt.
iptables -A INPUT -p tcp --tcp-flags SYN,ACK SYN,ACK --sport 443 -j NFQUEUE --queue-num 200 --queue-bypass
iptables -t raw -I PREROUTING -p tcp --sport 80 --tcp-flags SYN,ACK SYN,ACK -j NFQUEUE --queue-num 200 --queue-bypass
--queue-bypass
may not work below Linux kernel 2.6.39 and 3.10 to 3.12
sudo pacman -S libnetfilter_queue
sudo apt-get install libnetfilter-queue-dev libc6-dev
git clone https://github.com/farukuzun/notsodeep.git
cd notsodeep
make
sudo ./notsodeep
Note: If you don't want to run the binary with root privileges: sudo setcap cap_net_admin=ep ./notsodeep
cd /tmp
git clone https://github.com/farukuzun/notsodeep.git
cd notsodeep
make
cd ..
sudo su
cp -R notsodeep /opt
cp /opt/notsodeep/notsodeep.service /etc/systemd/system/
systemctl enable notsodeep.service
iptables -A INPUT -p tcp --tcp-flags SYN,ACK SYN,ACK --sport 443 -j NFQUEUE --queue-num 200 --queue-bypass
iptables -t raw -I PREROUTING -p tcp --sport 80 --tcp-flags SYN,ACK SYN,ACK -j NFQUEUE --queue-num 200 --queue-bypass
iptables-save > /etc/iptables/iptables.rules
systemctl enable iptables
systemctl start iptables
systemctl start notsodeep.service
mail[at]notsodeep.farukuzun.com