DPI evasion testing and benchmarking toolkit — test bypass techniques against real censorship systems.
DPI-Bench is a framework for evaluating DPI (Deep Packet Inspection) bypass techniques against real ISP censorship infrastructure. It automates testing of different evasion strategies and produces reports on which techniques work against specific DPI implementations.
- TCP Fragmentation — Split TLS ClientHello at configurable offsets to bypass stream inspection
- TCP Desync Attacks — Fake RST, fake SYN+ACK, out-of-order delivery, split with OOB data
- TTL-Based Evasion — Send fake packets with low TTL that expire before reaching the server
- TLS Fingerprint Spoofing — JA3 randomization, extension shuffling, GREASE values, browser mimicry
- SNI Manipulation — Fragmented SNI, fake SNI, empty SNI, SNI replacement, SNI omission
- QUIC/UDP Evasion — Initial packet corruption, version negotiation spoofing, connection ID manipulation
- DPI Detection — Fingerprint the DPI system by analyzing RST timing, block pages, and DNS behavior
- Reporting — Console output with pass/fail matrix, HTML reports, JSON/CSV export
# Install
pip install -e .
# Run a full scan against a target
dpi-bench scan youtube.com
# Test a specific technique
dpi-bench test youtube.com --technique tcp_fragment
# Run a benchmark with all reports
dpi-bench bench youtube.com --format console --format json --format html
# Detect the DPI system
dpi-bench detect youtube.com
# List available techniques
dpi-bench list-techniquesDPI-Bench uses YAML configuration files. The default configuration is in config/default.yaml.
# Use custom config
dpi-bench scan youtube.com --config config/default.yaml
# Load additional targets
dpi-bench scan youtube.com --targets config/targets-youtube.yamlname: "my-targets"
targets:
- domain: "example.com"
port: 443
protocol: https
expected_status: 200| Technique | Description | Effectiveness |
|---|---|---|
| TCP Fragment | Split ClientHello across TCP segments | High against TSPU, GFW |
| Desync (Fake RST) | Send fake RST with low TTL before real data | High against TSPU |
| Desync (Disorder) | Send TCP segments out of order | Medium |
| TTL Evasion | Fake packets that expire before the server | High when DPI hop is known |
| TLS Spoof | Randomize JA3 fingerprint | Medium against JA3-based blocking |
| SNI Fragment | Split ClientHello at SNI boundary | High against SNI-based DPI |
| SNI Fake | Send fake SNI before real ClientHello | Medium |
| QUIC Corruption | Corrupt QUIC initial packets | Low-Medium |
- Testing Methodology — How tests are structured and scored
- DPI Fingerprints — Known DPI system signatures
- Python 3.9+
- Root/administrator privileges (for raw socket operations)
- Linux recommended (raw sockets work best on Linux)
- Email: contact@bypasscore.com
- Telegram: @bypasscore
- Web: bypasscore.com
If you find DPI-Bench useful, consider supporting development:
| Network | Address |
|---|---|
| Ethereum (ETH) | 0xd0f38b51496bee61ea5e9e56e2c414b607ab011a |
| BNB Smart Chain (BSC) | 0xd0f38b51496bee61ea5e9e56e2c414b607ab011a |
| Polygon (MATIC) | 0xd0f38b51496bee61ea5e9e56e2c414b607ab011a |
| Arbitrum (ARB) | 0xd0f38b51496bee61ea5e9e56e2c414b607ab011a |
| Optimism (OP) | 0xd0f38b51496bee61ea5e9e56e2c414b607ab011a |
| Avalanche (AVAX) | 0xd0f38b51496bee61ea5e9e56e2c414b607ab011a |
MIT License. See LICENSE for details.