⚠ WARNING: This is an EXPERIMENTAL Project, use it at your own risk!
This is a simple tool that utilizes tls client hello splitting attack in order to bypass the iran's dpi system. It won't work if the target machine's ip is blocked(Yet ?!)
It also allow you to deploy a free and fast vless like proxy in cloudflare workers, just copy the worker.js to your worker and fill configs accordingly it will do the rest
- Supports all Iran's network careers with some tweaks in tls hello packet length
- DOH support
- SDNS support
- Cross platform
You can build CLI debug and release version as:
git clone https://github.com/uoosef/bepass.git
cd bepass/bepass
make # For CLI debug version
make release # For CLI Release versionYou can build GUI debug and release version as:
git clone https://github.com/uoosef/bepass.git
cd bepass/bepass
make gui # For GUI debug version
make gui-release # For GUI release versionYou can download the latest build from release or Just install go 1.19+ and run:
git clone https://github.com/uoosef/bepass.git
cd bepass/bepass
go build ./cmd/cli/main.goIt should give you an executable file, or you can simply run it in place.
git clone https://github.com/uoosef/bepass.git
cd bepass/bepass
go run ./cmd/cli/main.go -c config.jsonIn order to deploy this project, you should first find a "DOH" or "SDNS" link that works on your ISP, then edit config.json and fill the "RemoteDNSAddr" field with the dns link that you found!
For example, the following configuration will most likely work on IR-MCI:
{
"TLSHeaderLength": 5,
"RemoteDNSAddr": "https://1.1.1.1/dns-query",
"DnsCacheTTL": 30,
"BindAddress": "127.0.0.1:8085",
"ChunksLengthBeforeSni": [1, 5],
"SniChunksLength": [1, 5],
"ChunksLengthAfterSni": [1, 5],
"DelayBetweenChunks": [1, 10],
"WorkerAddress": "https://<YOUR_WORKER_ADDRESS>/dns-query",
"WorkerIPPortAddress": "<CLEAN_CLOUDFLARE_IP>:443",
"WorkerEnabled": true,
"WorkerDNSOnly": true
}If you cant find any working DOH Servers you can deploy worker.js code to your CF worker and change config.json accordingly
If you just want to use the DOH over worker set WorkerDNSOnly, true
{
"WorkerDNSOnly": true
}But if you want a full-fledged tcp socks5 proxy over worker set WorkerDNSOnly, false. please consider that your udp traffic wouldn't go through worker because cf doesn't support udp outgoing sockets currently
{
"WorkerDNSOnly": false
}- Self-Hosted DOH (DONE)
- TCP PROXY Over Worker (DONE)
- A GUI Version (WIP)
- An Android version (WIP)
- Finding a way to bypass the blocked ips
MIT go nuts!