DPI Checkers

🚀 This repository contains checkers that allow you to determine if your "home" ISP has DPI, as well as the specific methods (and their parameters) the censor uses for limitations.

Warning

All content in this repository is provided for research and educational purposes only.
You are solely responsible for ensuring that your use of any code, data, or information from this repository complies with all applicable laws and regulations in your jurisdiction.
The authors and contributors assume no liability for any misuse or violations arising from the use of this materials.

Checkers list

• RU :: IPv4 Whitelisted Subnets => https://hyperion-cs.github.io/dpi-checkers/ru/ipv4-whitelisted-subnets
  Allows to detect IPv4 subnets from the so-called "whitelist" in cases where a censor restricts TCP/UDP/etc connections by IP subnets (aka CIDR censorship). There are three control buttons:
  

  • Cache — fetch and cache suitable IPv4 subnets in the client browser (local storage) for further tests. They are saved even after reloading the checker's web page, exiting a browser, etc. This process uses services that are almost certainly not on the whitelist, so it is wise to run it when your provider does not use whitelists (e.g., your "home" ISP's Wi-Fi). This process can only be repeated when you want to update the list of testable subnets of suitable ASes (and they change quite rarely);
  • Check — check suitable subnets if they are on the whitelist;
  • Save — save the check results to a .csv file.

  This checker has optional GET parameters:

  name	type	default	description
  timeout	int	5000	Timeout for connecting/fetching data from host (in ms).
  sn_sample_size	int	25	The number of random unique hosts that will be checked for each suitable subnet.
  sn_alive_min	int	3	The minimum number of "alive" hosts in a subnet to declare it as whitelisted.
  sn_only_24_prefix	bool	true	Check only subnets with the /24 prefix in each AS (this is usually preferable, as a censor is unlikely to allow larger subnets).

  ⚠️ There are some nuances to be noted:

  • Not all subnets on the Internet are tested, only those AS subnets that could potentially be on the whitelist and that could potentially be available to the "customer";
  • There may be false negative results, as selective checks are used for performance reasons + a test HTTP(S) HEAD request is sent to port 443 for selected hosts in each subnet;
  • This checker will not work if a censor, in addition to subnet restrictions, also restricts TLS SNI (unfortunately, the browser sandbox is unable to spoof this parameter);
  • If you are using mobile internet, don't worry about large traffic usage (it will use a couple of megabytes at maximum);
  • It is prohibited to minimize the browser or lock the screen on phones during the check (however, you can share Wi-Fi from your phone to your computer — this is more convenient);
  • Even with performance optimizations, the checker can take quite a while to run (several tens of minutes). In the worst case, the time ≈ "number of suitable subnets" × timeout (see above).

• RU :: TCP 16-20 => https://hyperion-cs.github.io/dpi-checkers/ru/tcp-16-20
  Allows to detect TCP 16-20 blocking method in Russia. The tests use publicly available APIs of popular services hosted by providers whose subnets are potentially subject to limitations. The testing process runs right in your browser and the source code is available. VPN should be disabled during the check.
  This checker has optional GET parameters:

  name	type	default	description
  timeout	int	5000	Timeout for connecting/fetching data from endpoint (in ms).
  url	string	—	A custom endpoint to check in addition to the default ones (e.g. your steal-oneself server). The testing endpoint should allow cross-origin requests and provide at least 64KB of data (over the network, including compression, etc.). When not specified, the times and provider options are ignored.
  times	int	1	How many times to access the endpoint in a single HTTP connection (keep-alived).
  provider	string	Custom	Provider name (you can set any name).

  See here for details on this blocking method.

• RU :: TCP 16-20 DWC (domain whitelist checker)
  Allows to find out whitelisted items on DPIs where TCP 16-20 blocking method is applied. This kind of information can be interesting in its own right as well as useful for bypassing limitations.
  A list of domains is required as input. Also requires Python 3, the curl utility, and a specially configured server on "limited" networks. See here for details (ready-to-use results are also available for download there).

Contributing

We would be happy if you could help us improve our checkers through PR or by creating issues. Also you can star the repository so you don't lose the checkers. The repository is available here.