DPI bypass using eBPF sock_ops and fake TLS ClientHello injection
Summary
GeCiT is a DPI-bypass tool that uses Linux eBPF sock_ops to inject a fake TLS ClientHello to desynchronize DPI middleboxes, with a built-in DNS-over-HTTPS resolver. The README covers how it works, platform differences (Linux kernel-level injection vs macOS proxy), installation, DoH setup, and TTL considerations, along with a cautionary disclaimer about legality. This is dual-use security research content relevant for IT security news and network defense discussions.