Skip to content

bypasscore/sni-cloak

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

21 Commits
cmd/sni-cloak
cmd/sni-cloak
 
 
config
config
 
 
docs
docs
 
 
internal/platform
internal/platform
 
 
pkg
pkg
 
 
tests
tests
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 

Repository files navigation

sni-cloak

SNI/TLS ClientHello fragmentation and cloaking tool -- bypass YouTube, Discord, and other SNI-based internet censorship without a VPN.

sni-cloak intercepts outgoing TLS connections and manipulates the ClientHello message to prevent Deep Packet Inspection (DPI) systems from reading the Server Name Indication (SNI). Works on Linux and Windows.

How It Works

When you connect to an HTTPS website, your browser sends a TLS ClientHello containing the server name in plaintext. DPI systems read this field to block specific websites. sni-cloak sits between your browser and the network, applying multiple evasion techniques:

  1. TCP Fragmentation -- Splits the ClientHello so the SNI spans multiple TCP segments. Most DPI cannot reassemble TCP streams in real time.
  2. TCP Desync -- Sends fake packets, out-of-order segments, or uses TTL tricks to confuse the DPI state machine.
  3. TLS Padding -- Adds padding extensions to change the packet size, defeating signature-based detection.
  4. SNI Manipulation -- Applies mixed case, fake entries, or extension reordering to break SNI pattern matching.
  5. JA3/JA4 Spoofing -- Modifies the TLS fingerprint to mimic a specific browser, preventing fingerprint-based blocking.
  6. QUIC Blocking -- Optionally blocks QUIC/UDP to force browsers into TCP mode where evasion works.

For a detailed explanation, see How It Works.

Quick Start

Download

Grab the latest binary from Releases or build from source:

git clone https://github.com/bypasscore/sni-cloak.git
cd sni-cloak
make build

Run

# Unblock YouTube with one command
./sni-cloak --profile youtube

# Unblock Discord
./sni-cloak --profile discord

# Custom evasion settings
./sni-cloak --mode socks5 --listen 127.0.0.1:1080 \
  --fragment multi --desync fake --sni-trick mixed_case --block-quic

Then configure your browser to use the SOCKS5 proxy at 127.0.0.1:1080. See Setup Guide for detailed instructions.

Transparent Mode

No browser configuration needed -- intercepts all HTTPS traffic:

# Linux (requires root)
sudo ./sni-cloak --mode transparent --profile youtube

# Windows (requires Administrator + WinDivert)
sni-cloak.exe --mode transparent --profile youtube

Profiles

Built-in evasion profiles optimized for specific services and network conditions:

Profile Description Best For
youtube Multi-fragment + fake desync + QUIC block YouTube, Google services
discord Random fragment + split desync + QUIC block Discord text, voice, streaming
instagram Random fragment + fake desync Instagram, Facebook
general Balanced settings for most blocked sites General purpose
aggressive Maximum evasion for heavily filtered networks Strict DPI (TSPU, etc.) 
./sni-cloak --list-profiles    # Show all profiles
./sni-cloak --profile youtube  # Use a profile

Custom profiles can be created as YAML files in config/profiles/.

Configuration

sni-cloak can be configured via CLI flags, a YAML config file, or a combination:

./sni-cloak --config config/default.yaml --fragment multi --block-quic

See config/default.yaml for all available options.

CLI Options

--config          Path to configuration file
--mode            Proxy mode: socks5, transparent, listener
--listen          Listen address (e.g., 127.0.0.1:1080)
--profile         Evasion profile: youtube, discord, general, aggressive
--fragment        Fragment strategy: none, fixed, random, multi
--desync          Desync method: none, split, disorder, fake, oob
--sni-trick       SNI trick: none, mixed_case, fake_first, reverse_dots
--ja3             JA3 spoof target: chrome_120, firefox_121, safari_17
--block-quic      Block QUIC to force TCP fallback
--padding         Target padding size
--log-level       Log level: debug, info, warn, error
--version         Show version
--list-profiles   List available profiles

Project Structure

cmd/sni-cloak/       CLI entry point
pkg/proxy/           SOCKS5, transparent, and TCP proxy
pkg/tls/             TLS ClientHello parser, builder, JA3 fingerprinting
pkg/evasion/         Fragmentation, desync, padding, SNI tricks, QUIC
pkg/config/          Configuration loading and built-in profiles
pkg/dns/             DNS resolver with DoH support
pkg/logging/         Structured logging
internal/platform/   Linux (iptables/nftables) and Windows (WinDivert)
config/              Default config and profile YAML files
docs/                Documentation
tests/               Unit tests

Building

make build           # Build for current platform
make build-all       # Cross-compile for all platforms
make test            # Run tests
make test-coverage   # Generate coverage report
make lint            # Run linter

Blog Posts

Contact

Support

If sni-cloak helps you access the free internet, consider supporting development:

Network Address
Ethereum (ETH) 0xd0f38b51496bee61ea5e9e56e2c414b607ab011a
BNB Smart Chain (BNB) 0xd0f38b51496bee61ea5e9e56e2c414b607ab011a
Polygon (MATIC) 0xd0f38b51496bee61ea5e9e56e2c414b607ab011a
Arbitrum (ARB) 0xd0f38b51496bee61ea5e9e56e2c414b607ab011a
Optimism (OP) 0xd0f38b51496bee61ea5e9e56e2c414b607ab011a
Base 0xd0f38b51496bee61ea5e9e56e2c414b607ab011a

License

MIT License. See LICENSE for details.

About

SNI/TLS ClientHello fragmentation and cloaking — bypass YouTube/Discord blocking without VPN

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages