# bol-van/zapret

**Attribution required: if you use, quote, or summarise this content, you must credit and link back to [awesome-repositories.com](https://awesome-repositories.com/repository/bol-van-zapret).**

15,555 stars · 1,063 forks · C

## Links

- GitHub: https://github.com/bol-van/zapret
- awesome-repositories: https://awesome-repositories.com/repository/bol-van-zapret.md

## Topics

`anti-dpi` `censorship-circumvention` `freebsd` `linux` `macos` `openbsd` `openwrt` `russian` `windows`

## Description

Zapret is a deep packet inspection bypass tool and packet manipulation framework designed to circumvent network censorship. It operates as a transparent network proxy and TCP traffic obfuscator that modifies packets to deceive network inspection systems.

The project distinguishes itself through advanced desynchronization strategies, including the modification of TLS client hello handshakes and the use of fake packet injection. It utilizes a combination of TCP stream segmentation, sequence overlapping, and TTL adjustment to hide prohibited requests from firewalls while ensuring the destination server receives the original data.

The software provides broad capabilities for traffic management, including IP packet fragmentation, UDP fragmentation, and SOCKS proxy integration. It includes utilities for multi-threaded DNS resolution, automated block detection, and CIDR-based IP list compression to optimize firewall rules. Traffic filtering can be managed via domain lists, IP access lists, or specific WiFi SSID profiles.

The tool is available as binaries compiled for Linux, Android, BSD, and macOS, with support for running as a background daemon with automated startup configurations.

## Tags

### Networking & Communication

- [Censorship Circumvention Tools](https://awesome-repositories.com/f/networking-communication/censorship-circumvention-tools.md) — Uses packet fragmentation and TCP stream modification to bypass government or provider level web filtering.
- [Packet Manipulation Toolkits](https://awesome-repositories.com/f/networking-communication/packet-manipulation-toolkits.md) — Provides a framework for modifying raw network data to deceive deep packet inspection systems and bypass censorship. ([source](https://github.com/bol-van/zapret#readme))
- [Domain Traffic Filters](https://awesome-repositories.com/f/networking-communication/domain-traffic-filters.md) — Restricts packet manipulation to specific domains using include and exclude lists with wildcard support. ([source](https://github.com/bol-van/zapret/tree/master/docs))
- [DPI Bypass Utilities](https://awesome-repositories.com/f/networking-communication/dpi-bypass-utilities.md) — Manipulates TCP and UDP packets to circumvent deep packet inspection and network censorship.
- [Interface-Level Packet Filtering](https://awesome-repositories.com/f/networking-communication/packet-capture-filters/interface-level-packet-filtering.md) — Uses kernel-level interception to redirect network traffic to a user-mode process for real-time modification. ([source](https://github.com/bol-van/zapret/blob/master/docs/windows.md))
- [Packet Redirection](https://awesome-repositories.com/f/networking-communication/packet-engines/packet-redirection.md) — Implements network-level rerouting of packets from the kernel to user-mode processes for real-time modification.
- [Stream Reassemblers](https://awesome-repositories.com/f/networking-communication/stream-reassemblers.md) — Buffers multi-packet TLS handshakes into a complete request to apply advanced desynchronization strategies. ([source](https://github.com/bol-van/zapret#readme))
- [Connection State Management](https://awesome-repositories.com/f/networking-communication/tcp-connection-lifecycles/connection-state-management.md) — Maintains a connection state table to manage phase-based desynchronization and reassemble multi-packet requests. ([source](https://github.com/bol-van/zapret/blob/master/docs/readme.en.md))
- [Session Stage Tracking](https://awesome-repositories.com/f/networking-communication/tcp-session-management/session-stage-tracking.md) — Tracks TCP and UDP connection phases and sequence numbers to trigger packet manipulation at specific session stages. ([source](https://github.com/bol-van/zapret/blob/master/docs/readme.md))
- [Traffic Interception](https://awesome-repositories.com/f/networking-communication/traffic-interception.md) — Reroutes network traffic to a local proxy using firewall rules for seamless censorship bypass. ([source](https://github.com/bol-van/zapret/blob/master/docs/bsd.md))
- [Traffic Obfuscation](https://awesome-repositories.com/f/networking-communication/traffic-obfuscation.md) — Hides prohibited requests from network firewalls using TCP segmentation and fragmentation.
- [Traffic Proxying](https://awesome-repositories.com/f/networking-communication/traffic-proxying.md) — Intercepts and modifies traffic at the socket level to perform TCP segmentation and maximum segment size adjustment. ([source](https://github.com/bol-van/zapret/blob/master/docs/readme.md))
- [Traffic Redirection Tools](https://awesome-repositories.com/f/networking-communication/traffic-redirection-tools.md) — Intercepts and processes traffic passing through a gateway device using divert or redirect mechanisms. ([source](https://github.com/bol-van/zapret/blob/master/docs/bsd.md))
- [Transparent Network Proxies](https://awesome-repositories.com/f/networking-communication/transparent-network-proxies.md) — Intercepts traffic via firewall rules to apply evasion techniques without requiring client-side configuration.
- [Transparent Proxying](https://awesome-repositories.com/f/networking-communication/transparent-proxying.md) — Reroutes network traffic through a local proxy to apply evasion techniques without manual browser configuration.
- [Multi-threaded Resolution Optimizers](https://awesome-repositories.com/f/networking-communication/dns-resolution/multi-threaded-resolution-optimizers.md) — Performs high-speed multi-threaded DNS lookups for large lists of domains to accelerate the setup of bypass rules.
- [Resolution Utilities](https://awesome-repositories.com/f/networking-communication/dns-resolution/resolution-utilities.md) — Provides a multi-threaded utility for resolving large lists of domains to prepare bypass lists.
- [Bypass IP Lists](https://awesome-repositories.com/f/networking-communication/ip-address-management-systems/bypass-ip-lists.md) — Maintains and reloads lookup tables of IP addresses and subnets to apply bypass rules to specific destinations. ([source](https://github.com/bol-van/zapret/blob/master/docs/bsd.md))
- [Proxy Routing Rules](https://awesome-repositories.com/f/networking-communication/network-infrastructure-routing/network-routing-traffic-management/network-traffic-management/proxy-routing-rules.md) — Redirects specific network traffic to a SOCKS proxy via a transparent soxifier and firewall rules. ([source](https://github.com/bol-van/zapret/blob/master/docs/redsocks.txt))
- [Protocol Handshake Buffering](https://awesome-repositories.com/f/networking-communication/packet-buffering/protocol-handshake-buffering.md) — Collects multi-packet TLS or QUIC handshake messages into a buffer to apply complete evasion strategies.
- [DPI Behavior Analysis](https://awesome-repositories.com/f/networking-communication/packet-capture-filters/interface-level-packet-filtering/dpi-evasion-techniques/dpi-behavior-analysis.md) — Provides a mechanism to test and identify the most effective packet manipulation strategies against target censorship systems. ([source](https://github.com/bol-van/zapret/blob/master/docs/readme.md))
- [Obfuscation Fragmentation](https://awesome-repositories.com/f/networking-communication/packet-fragmentation-and-reassembly/obfuscation-fragmentation.md) — Divides network layer packets into smaller fragments to bypass security filters that lack full reassembly capabilities. ([source](https://github.com/bol-van/zapret/blob/master/docs/readme.en.md))
- [TCP Segment Slicing](https://awesome-repositories.com/f/networking-communication/packet-fragmentation-and-reassembly/tcp-segment-slicing.md) — Slices TCP requests into multiple segments and optionally reorders them to disrupt firewall payload reconstruction. ([source](https://github.com/bol-van/zapret/tree/master/docs))
- [IP Header Field Manipulation](https://awesome-repositories.com/f/networking-communication/packet-manipulation-toolkits/ip-header-field-manipulation.md) — Adjusts the IPv4 Identification field in packets to mimic different operating systems and break detection patterns. ([source](https://github.com/bol-van/zapret/tree/master/docs))
- [Packet Duplication](https://awesome-repositories.com/f/networking-communication/packet-manipulation-toolkits/packet-duplication.md) — Sends copies of original packets to confuse systems tracking session characteristics and evade inspection. ([source](https://github.com/bol-van/zapret#readme))
- [TTL Manipulation](https://awesome-repositories.com/f/networking-communication/packet-manipulation-toolkits/ttl-manipulation.md) — Modifies the Time to Live (TTL) of packets to ensure they reach the server but expire before reaching the inspector. ([source](https://github.com/bol-van/zapret/tree/master/docs))
- [TCP Sequence Overlapping](https://awesome-repositories.com/f/networking-communication/packet-sequencing/tcp-sequence-overlapping.md) — Adds bytes with shifted sequence numbers to segments to force inspectors to lose synchronization. ([source](https://github.com/bol-van/zapret#readme))
- [SOCKS Proxies](https://awesome-repositories.com/f/networking-communication/socks-proxies.md) — Uses transparent or SOCKS proxies to tamper with TCP streams and resolve DNS remotely to circumvent censorship. ([source](https://github.com/bol-van/zapret/blob/master/docs/readme.en.md))
- [TCP Stream Interception](https://awesome-repositories.com/f/networking-communication/tcp-stream-interception.md) — Splits and reorders TCP stream segments to prevent firewalls from accurately reconstructing the data stream. ([source](https://github.com/bol-van/zapret/blob/master/docs/readme.en.md))
- [TCP Window Size Manipulations](https://awesome-repositories.com/f/networking-communication/tcp-window-size-manipulations.md) — Modifies TCP window sizes in SYN packets to force servers to fragment responses and hide sensitive data. ([source](https://github.com/bol-van/zapret/tree/master/docs))
- [Traffic Tunneling](https://awesome-repositories.com/f/networking-communication/traffic-tunneling.md) — Directs specific network traffic through a VPN tunnel based on custom rules and packet marks. ([source](https://github.com/bol-van/zapret/blob/master/docs/wireguard_iproute_openwrt.txt))
- [Firewall Rule Configurations](https://awesome-repositories.com/f/networking-communication/traffic-tunnels/firewall-rule-configurations.md) — Executes external shell scripts to implement custom firewall rules alongside the bypass process. ([source](https://github.com/bol-van/zapret/tree/master/docs))

### Security & Cryptography

- [Network Traffic Filtering](https://awesome-repositories.com/f/security-cryptography/network-traffic-filtering.md) — Defines which packets to process based on IP versions, ports, network interfaces, or specific WiFi networks. ([source](https://github.com/bol-van/zapret/blob/master/docs/windows.md))
- [DPI Desynchronization](https://awesome-repositories.com/f/security-cryptography/packet-injection-utilities/dpi-desynchronization.md) — Injects fake data and modifies TTL values to deceive deep packet inspection systems while maintaining server connectivity.
- [Traffic Fragmentation Tools](https://awesome-repositories.com/f/security-cryptography/traffic-fragmentation-tools.md) — Splits UDP packets at the IP level or increases payload size with padding to bypass size-based filters. ([source](https://github.com/bol-van/zapret/tree/master/docs))
- [TLS Fingerprint Impersonators](https://awesome-repositories.com/f/security-cryptography/device-fingerprinting/fingerprint-configuration/tls-fingerprinting/tls-fingerprint-impersonators.md) — Customizes the TLS Client Hello handshake with randomized identifiers and padding to avoid network fingerprinting. ([source](https://github.com/bol-van/zapret#readme))
- [Packet Injection Utilities](https://awesome-repositories.com/f/security-cryptography/packet-injection-utilities.md) — Injects deceptive packets with invalid checksums or sequence numbers to mislead network inspectors. ([source](https://github.com/bol-van/zapret#readme))

### Part of an Awesome List

- [Automated Block Detection](https://awesome-repositories.com/f/awesome-lists/devops/monitoring-and-logging/blocked-connection-monitoring/automated-block-detection.md) — Monitors connection failures and redirects to automatically add blocked hosts to a bypass list in real-time. ([source](https://github.com/bol-van/zapret/blob/master/docs/readme.en.md))
- [Automated Block List Population](https://awesome-repositories.com/f/awesome-lists/devops/monitoring-and-logging/blocked-connection-monitoring/automated-block-list-population.md) — Monitors network connection failures to automatically identify and add blocked domains to a bypass list in real-time.

### Operating Systems & Systems Programming

- [Background Daemons](https://awesome-repositories.com/f/operating-systems-systems-programming/system-administration-maintenance/system-services/background-daemons.md) — Runs bypass processes as a persistent background daemon to maintain network obfuscation. ([source](https://github.com/bol-van/zapret/blob/master/docs/bsd.md))

### Software Engineering & Architecture

- [Network Protocol Extension Headers](https://awesome-repositories.com/f/software-engineering-architecture/metadata-attachments/message-header-attachments/network-protocol-extension-headers.md) — Adds hop-by-hop or destination options headers to IPv6 packets to hide transport protocols from analysis. ([source](https://github.com/bol-van/zapret/blob/master/docs/readme.md))