NoTMCT

About

NoTMCT is a DPI bypasser that useful for black lists in Russia. Isn’t working while CIDR blocks active. Recommended for some SNI bypass testing.

• Dist Instructions
• Download NoTMCT
• Arguments Templates

Argument Description

-i, –ip Listening IP, allowing connections from the LAN by default (0.0.0.0)

-p, –port Listening port, default 31337 if not specified

-D, –daemon Run in daemon mode (Linux/BSD only)

-w, –pidfile Write PID process to file

-E, –transparent Transparent proxy mode (Linux only)

-c, –max-conn Maximum number of client connections, default 512

-N, –no-domain Delete domains from their existence on the world (drop domain requests)

-U, –no-udp TCP only mode, decline any UDP users

-I, –conn-ip Connection binded IP, using IPv6 by default (::)

-b, –buf-size Buffer feet size, default 16384 bytes

-x, –debug Print logs, 0 (none), 1 (basic), or 2 (verbose)

-g, –def-ttl TTL for all outgoing connections

-F, –tfo Allow TCP Fast Open if you’re sure about that (Linux 4.11+)

-A, –auto <t,r,s,n,k,c> Try desync parameters after this option Detect events: torst (timeout/reset), redirect (HTTP redirect), ssl_err (SSL error), none (skip), conn (connection event), keep (keep-alive), pri= (priority)

-L, –auto-mode Sort mode for automatic parameter selection

-T, –timeout <s[:p:c:b]> Timeout waiting for response, after which trigger auto because someone isn’t patient enough Format: seconds[:probes:count:backoff]

-y, –cache-file <path|-> Dump cache to file or stdout

-u, –cache-ttl Lifetime of cached desync parameters for IP, default 100800 (28 hours)

-K, –proto <t,h,u,i> Protocol whitelist: tls, http, udp, ipv4

-H, –hosts <file|:str> Hosts whitelist, filename or :string with space-separated domains

-j, –ipset <file|:str> IP whitelist, filename or :string with IPs/subnets

-V, –pf <port[-portr]> Ports range whitelist

-R, –round <num[-numr]> Number of request to which desync will be applied, default 1

-s, –split Position format: offset[:repeats:skip][+flag1[flag2]] Flags: +s - SNI offset, +h - HTTP host offset, +n - null Additional flags: +e - end, +m - middle

-d, –disorder Split and send in reverse order

-o, –oob Split and send as OOB data (urgent pointer)

-q, –disoob Split and send reverse order as OOB data

-f, –fake Split and send fake packet (send fake data first)

-S, –md5sig Add MD5 Signature option for fake packets (Linux only)

-n, –fake-sni Change SNI in fake packet Replacements: ? - random letter, # - random number, * - random letter/number

-t, –ttl TTL of fake packets, default 8

-O, –fake-offset Fake data start offset

-l, –fake-data <f|:str> Set custom fake packet from file or string (with escapes like \n, \0, \x10)

-Q, –fake-tls-mod Modify fake TLS ClientHello: rand - randomize fields, orig - use original ClientHello as fake, msize= - maximum fake size

-e, –oob-data Set custom OOB data byte, default 'a'

-M, –mod-http <h,d,r> Modify HTTP packet: hcsmix - randomize Host case (Host -> hOsT), dcsmix - randomize domain case in Host, rmspace - remove space after colon (Host: name -> Host:name)

-r, –tlsrec Make TLS record at position (split TLS record)

-m, –tlsminor Change minor version of TLS (third byte in TLS record)

-a, –udp-fake UDP fakes count, default 0

-Y, –drop-sack Drop packets with SACK extension (Linux only)

Parameter Position Format (pos_t)

The position parameter (pos_t) used in many options has the format:

offset[:repeats:skip][+flag1[flag2]]

• offset: Position in the packet where to apply the operation
  • Negative values are calculated from the end of the packet
• repeats: How many times to repeat (default 1)
• skip: Skip bytes between repeats (default 0)
• flags:
  • +s: Add SNI (Server Name Indication) offset to the position
  • +h: Add HTTP Host header offset to the position
  • +n: Use null offset (0)
  • +e: Use end of packet as position
  • +m: Use middle of packet as position

Examples:

• 3+s: Position at SNI + 3 bytes
• 0+sm: Split in the middle of SNI
• 1:3:5: Split at positions 1, 6, and 11
• -10: 10 bytes from the end

Auto Events

The --auto option supports the following detection events:

• torst: Timeout or connection reset after first request
• redirect: HTTP redirect to a different domain
• ssl_err: SSL/TLS error (no ServerHello or invalid session_id)
• none: Skip this group (e.g., due to host/protocol restrictions)
• conn: Connection-related events
• keep: Keep-alive events
• pri=number_here: Priority for this group

Building

Requirements: make, gcc/clang for Linux, mingw for Windows

• Linux: make
• Windows: make windows CC=x86_64-w64-mingw32-gcc

Docker

Docker images are available on DockerHub.

Example container configuration can be found in dist/docker.

This site is open source. Improve this page.