Green Tunnel Bypasses ISP Filters or Sensors
Green Tunnel is an anti-censorship tool designed to bypass DPI (Deep Packet Inspection) systems commonly used by ISPs to block or filter certain websites. According to the Green Tunnel GitHub page, it uses three ports:
- HTTP
Some DPIs can't recognize HTTP requests if the HTTP request is split into multiple TCP segments. For example:
GET / HTTP/1.0
Host: www.youtube.com
...
Green Tunnel splits this into two parts. The first part sends GET / HTTP/1.0 \n Host: www.you. And the second part sends tube.com \n ...
This way, the ISP can't search for "youtube" and filter it out, as it is split in transmission. - HTTPS
Server Name Indication (SNI) is an extension to TLS (Transport Layer Security) that shows which hostname the client is trying to reach over HTTPS. For web filtering, the SNI hostname information is used to block access to certain sites over HTTPS. If an administrator chooses to block "youtube" using this feature, all HTTPS web access attempts containing "youtube" (like www.youtube.com) in the SNI will be blocked. However, access to the same hostname over HTTP won't be blocked by this feature. Green Tunnel tries to split the first CLIENT-HELLO packet into smaller pieces, so the ISP can't parse the packet and find the SNI field, thus bypassing the block. - DNS
When you enter a URL in the web browser, the first thing it does is ask the DNS server for the IP address corresponding to that domain name. If the DNS server is configured to block access, it will check the blacklist for banned domain names. When the browser requests the IP address for one of these domains, the DNS server provides an incorrect answer or no answer at all. Green Tunnel uses DNS over HTTPS and DNS over TLS to get the original IP address and bypass DNS spoofing.
Installation:
Using a deb file: Download the deb file from the Green Tunnel GitHub page https://github.com/SadeghHayeri/GreenTunnel/releases. Select the Linux (deb) version if you use a Debian-based distro and extract it. Double-click or run the command below if you don't have a deb package manager:
sudo dpkg -i <filename>
Using Snap: If the above method doesn't work, use Snap. Type:
sudo snap install green-tunnel --edge --devmode
For other platforms like Docker and npm, check out the installation methods on the GitHub page.
Usage
Simply open the Green Tunnel application. If it's green, it's active; if it's red, it's inactive.
However, if you use Snap or the second method, then usage involves opening a terminal and typing:
green-tunnel
Don't forget to press CTRL+C if you want to stop the program. If you forget and directly close the terminal, there will likely be an error with regular internet access because Green Tunnel manages the proxy. Open proxy settings and set it to disable/no proxy.
