Download the latest release from the Releases page.
Requirements: Go 1.22 or later.
git clone https://github.com/bypasscore/sni-cloak.git
cd sni-cloak
make buildThe binary will be in bin/sni-cloak.
# Linux
make build-linux
# Windows
make build-windows
# All platforms
make build-allThe simplest way to use sni-cloak. It runs a local SOCKS5 proxy that intercepts TLS connections.
# Start with YouTube profile
./sni-cloak --profile youtube
# Start with custom settings
./sni-cloak --mode socks5 --listen 127.0.0.1:1080 --fragment random --desync splitThen configure your browser to use the SOCKS5 proxy at 127.0.0.1:1080.
Firefox:
- Go to Settings > Network Settings
- Select "Manual proxy configuration"
- SOCKS Host:
127.0.0.1, Port:1080 - Select "SOCKS v5"
- Check "Proxy DNS when using SOCKS v5"
Chrome/Chromium:
chrome --proxy-server="socks5://127.0.0.1:1080"System-wide (Linux):
export ALL_PROXY=socks5://127.0.0.1:1080Transparent mode intercepts all HTTPS traffic without requiring browser configuration.
# Start in transparent mode (requires root)
sudo ./sni-cloak --mode transparent --listen 0.0.0.0:8443 --profile youtube
# The tool will set up iptables rules automatically.
# To set up rules manually:
sudo iptables -t nat -A OUTPUT -p tcp --dport 443 -j REDIRECT --to-port 8443
sudo iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-port 8443On Windows, transparent mode uses WinDivert to intercept packets at the kernel level.
- Download WinDivert and place
WinDivert.dllandWinDivert64.sysin the same directory assni-cloak.exe. - Run as Administrator:
.\sni-cloak.exe --mode transparent --profile youtubeCreate a YAML configuration file:
mode: socks5
listen:
address: "127.0.0.1"
port: 1080
socks5: true
max_connections: 1024
evasion:
fragment:
enabled: true
strategy: "random"
count: 3
delay_ms: 50
desync:
enabled: true
method: "split"
delay_ms: 100
padding:
enabled: true
strategy: "to_size"
target_size: 517
sni:
enabled: true
trick: "mixed_case"
dns:
use_doh: true
doh_url: "https://1.1.1.1/dns-query"
logging:
level: "info"Run with:
./sni-cloak --config config.yamlsni-cloak includes built-in profiles optimized for specific services:
# List available profiles
./sni-cloak --list-profiles
# Use a profile
./sni-cloak --profile youtube
./sni-cloak --profile discord
./sni-cloak --profile aggressiveYou can also create custom profiles as YAML files in config/profiles/.
CLI flags override configuration file settings:
./sni-cloak --config config.yaml --fragment multi --desync fake --block-quic- Make sure QUIC is blocked:
--block-quic - Try the aggressive profile:
--profile aggressive - Enable debug logging:
--log-level debug - Try different desync methods:
--desync fakeor--desync disorder
- Increase the fragment delay: configure
delay_msto 100-200 - Try fewer fragments: set count to 2
- Check if your ISP uses TCP reassembly (may need
desyncinstead offragment)
- Discord voice uses UDP/QUIC. Make sure to block QUIC so it falls back to TCP.
- Use the discord profile which is optimized for this.
# Start with debug logging
./sni-cloak --profile youtube --log-level debug
# In another terminal, test with curl
curl -x socks5://127.0.0.1:1080 https://www.youtube.com -vCreate /etc/systemd/system/sni-cloak.service:
[Unit]
Description=sni-cloak DPI bypass
After=network.target
[Service]
Type=simple
ExecStart=/usr/local/bin/sni-cloak --config /etc/sni-cloak/config.yaml
Restart=always
RestartSec=5
[Install]
WantedBy=multi-user.targetsudo systemctl enable sni-cloak
sudo systemctl start sni-cloak- Open Task Scheduler
- Create Basic Task
- Trigger: "When the computer starts"
- Action: Start a Program
- Program: path to
sni-cloak.exe - Arguments:
--config C:\sni-cloak\config.yaml - Check "Run with highest privileges"