GoodbyeDPI深度包检测规避工具

GoodbyeDPI 是一个被动深度包检测拦截器和主动 DPI 规避实用程序。

该软件旨在绕过许多 Internet 服务提供商中的深度包检测系统，这些系统会阻止访问某些网站。

它处理使用分光器或端口镜像（被动 DPI）连接的DPI，这些DPI不会阻止任何数据，而只是比请求的目的地更快地回复，并按顺序连接主动 DPI。

Windows 7、8、8.1 和 10需要管理员权限。

Usage: goodbyedpi.exe [OPTION...]
 -p          block passive DPI
 -r          replace Host with hoSt
 -s          remove space between host header and its value
 -m          mix Host header case (test.com -> tEsT.cOm)
 -f   set HTTP fragmentation to value
 -k   enable HTTP persistent (keep-alive) fragmentation and set it to value
 -n          do not wait for first segment ACK when -k is enabled
 -e   set HTTPS fragmentation to value
 -a          additional space between Method and Request-URI (enables -s, may break sites)
 -w          try to find and parse HTTP traffic on all processed ports (not only on port 80)
 --port            additional TCP port to perform fragmentation on (and HTTP tricks with -w)
 --ip-id           handle additional IP ID (decimal, drop redirects and TCP RSTs with this ID).
                          This option can be supplied multiple times.
 --dns-addr        redirect UDP DNS requests to the supplied IP address (experimental)
 --dns-port        redirect UDP DNS requests to the supplied port (53 by default)
 --dnsv6-addr      redirect UDPv6 DNS requests to the supplied IPv6 address (experimental)
 --dnsv6-port      redirect UDPv6 DNS requests to the supplied port (53 by default)
 --dns-verb               print verbose DNS redirection messages
 --blacklist     perform circumvention tricks only to host names and subdomains from
                          supplied text file (HTTP Host/TLS SNI).
                          This option can be supplied multiple times.
 --set-ttl         activate Fake Request Mode and send it with supplied TTL value.
                          DANGEROUS! May break websites in unexpected ways. Use with care.
 --auto-ttl    [decttl]   activate Fake Request Mode, automatically detect TTL and decrease
                          it from standard 64 or 128 by decttl (128/64 - TTL - 4 by default).
 --wrong-chksum           activate Fake Request Mode and send it with incorrect TCP checksum.
                          May not work in a VM or with some routers, but is safer than set-ttl.
 --wrong-seq              activate Fake Request Mode and send it with TCP SEQ/ACK in the past.
 --native-frag            fragment (split) the packets by sending them in smaller packets, without
                          shrinking the Window Size. Works faster (does not slow down the connection)
                          and better.
 --reverse-frag           fragment (split) the packets just as --native-frag, but send them in the
                          reversed order. Works with the websites which could not handle segmented
                          HTTPS TLS ClientHello (because they receive the TCP flow "combined").


LEGACY modesets:
 -1          -p -r -s -f 2 -k 2 -n -e 2 (most compatible mode)
 -2          -p -r -s -f 2 -k 2 -n -e 40 (better speed for HTTPS yet still compatible)
 -3          -p -r -s -e 40 (better speed for HTTP and HTTPS)
 -4          -p -r -s (best speed)

Modern modesets (more stable, more compatible, faster):
 -5          -f 2 -e 2 --auto-ttl --reverse-frag (this is the default)
 -6          -f 2 -e 2 --wrong-seq --reverse-frag

要检查你的ISP的DPI是否可以被规避，首先要确保你的供应商不通过在浏览器中启用 "Secure DNS（通过 HTTPS 的DNS）"选项来 poison DNS answers。

• Chrome: Settings → Privacy and security > Use secure DNS → With: NextDNS
• Firefox: Settings → Network Settings → Enable DNS over HTTPS → Use provider: NextDNS

然后在没有任何选项的情况下运行 goodbyedpi.exe 可执行文件。如果它起作用了--恭喜你！你可以按原样使用它，或者进一步配置，例如，如果你知道被封锁的网站名单，就使用-黑名单选项。你可以按原样使用，也可以进一步配置，例如，如果你所在的国家有已知的被屏蔽的网站名单，就可以使用-黑名单选项。

如果你的供应商拦截了 DNS 请求，你可能想使用 --dns-addr 选项到一个运行在非标准端口的公共 DNS resover（如Yandex DNS 77.88.8.8:1253）或使用第三方应用程序通过 HTTPS/TLS 配置 DNS。

检查 .cmd 脚本并根据你的偏好和网络条件进行修改。