DigiNews

Tech Watch by Johan Denoyer

← Back to articles

DPI bypass using eBPF sock_ops and fake TLS ClientHello injection

Quality: 8/10 Relevance: 9/10

Summary

GeCiT is a DPI-bypass tool that uses Linux eBPF sock_ops to inject a fake TLS ClientHello to desynchronize DPI middleboxes, with a built-in DNS-over-HTTPS resolver. The README covers how it works, platform differences (Linux kernel-level injection vs macOS proxy), installation, DoH setup, and TTL considerations, along with a cautionary disclaimer about legality. This is dual-use security research content relevant for IT security news and network defense discussions.

🚀 Service construit par Johan Denoyer