Skip to main content

Overview

The bypass command starts a lightweight HTTP proxy server with built-in DPI (Deep Packet Inspection) bypass capabilities. It’s designed for quick deployment without requiring configuration files. This mode:
  • Runs a local HTTP proxy with SNI and HTTP Host fragmentation
  • Supports ISP-specific presets for Turkey’s major providers
  • Uses DNS-over-HTTPS to bypass DNS blocking
  • Automatically detects and fragments TLS ClientHello and HTTP requests

Usage

turkeydpi bypass [OPTIONS]

Options

--listen
string
default:"127.0.0.1:8844"
Proxy server listen address and port.Examples:
  • 127.0.0.1:8844 - localhost only
  • 0.0.0.0:8844 - listen on all interfaces
  • [::]:8844 - IPv6 all interfaces
--preset
enum
default:"aggressive"
ISP-specific bypass configuration preset.Available Presets:
  • aggressive - Maximum fragmentation, works for most cases
    • TLS split: at SNI midpoint
    • HTTP split: at position 1
    • Fragment delay: 10ms
    • Max segment size: 5 bytes
  • turk-telekom - Optimized for Türk Telekom
    • TLS split: at position 2
    • HTTP split: at position 2
    • Max segment size: 20 bytes
  • vodafone - Optimized for Vodafone Turkey
    • TLS split: at position 3
    • HTTP split: at position 3
    • Fragment delay: 100μs
    • Max segment size: 30 bytes
  • superonline - Optimized for Superonline
    • TLS split: at position 1
    • HTTP split: at position 1
    • Max segment size: 15 bytes
--verbose
boolean
default:"false"
Enable verbose logging output. Shows detailed connection information including:
  • Each connection’s protocol detection
  • Hostname extraction from SNI/Host headers
  • Fragment application status
  • DNS resolution details
When enabled, sets log level to debug.
--config
path
Path to configuration file (global option).Note: The bypass command ignores this option as it uses preset configurations.
--log-level
string
default:"info"
Logging level (global option). Overridden by --verbose flag.Levels: trace, debug, info, warn, error
--json-logs
boolean
default:"false"
Output logs in JSON format (global option).
--socket
path
default:"/tmp/turkeydpi.sock"
Control socket path (global option, not used in bypass mode).

Examples

Start with default settings

turkeydpi bypass
Output: 
╔══════════════════════════════════════════════════════════════╗
║            TurkeyDPI -  Bypass Proxy Started                 ║
╠══════════════════════════════════════════════════════════════╣
║  Listening on: http://127.0.0.1:8844                         ║
║  SNI Fragmentation: ENABLED ✓                                ║
║  HTTP Host Fragmentation: ENABLED ✓                          ║
║  DNS-over-HTTPS: ENABLED ✓ (bypasses DNS blocking)           ║
╠══════════════════════════════════════════════════════════════╣
║  Configure your browser HTTP proxy to: 127.0.0.1:8844        ║
║  Press Ctrl+C to stop                                        ║
╚══════════════════════════════════════════════════════════════╝

Start on custom port with Türk Telekom preset

turkeydpi bypass --listen 127.0.0.1:9090 --preset turk-telekom

Run with verbose logging

turkeydpi bypass --verbose
Sample verbose output: 
🔒 discord.com [SNI fragmented]
🔒 twitter.com [SNI fragmented]
🌐 example.com [Host fragmented]

Listen on all interfaces (for LAN access)

turkeydpi bypass --listen 0.0.0.0:8844 --preset aggressive

How It Works

  1. Protocol Detection: Analyzes outgoing traffic to detect:
    • TLS ClientHello messages (HTTPS)
    • HTTP requests
    • Unknown protocols (passed through unchanged)
  2. Smart Fragmentation:
    • TLS: Splits ClientHello at SNI (Server Name Indication) field
    • HTTP: Splits requests at Host header
    • Fragments are sent with configurable delays
  3. DNS-over-HTTPS: All DNS queries use DoH to bypass DNS-based blocking
  4. Statistics: On shutdown (Ctrl+C), displays:
    • Total and active connections
    • TLS vs HTTP connection counts
    • Bypass application count
    • Data transferred
    • Error count

When to Use Each Preset

aggressive

Best for: Most blocking scenarios, maximum evasionTrade-off: May be slower due to heavy fragmentation

turk-telekom

Best for: Türk Telekom connectionsTrade-off: Balanced performance

vodafone

Best for: Vodafone Turkey connectionsTrade-off: Faster with moderate fragmentation

superonline

Best for: Superonline connectionsTrade-off: Aggressive fragmentation, smaller segments

Configuration Details

The bypass command uses the following fixed configuration:
  • Buffer Size: 64KB
  • Connect Timeout: 30 seconds
  • DNS Provider: Cloudflare DoH (1.1.1.1)
  • TCP Options: TCP_NODELAY enabled for both client and server connections

Browser Configuration

  1. Settings → Network Settings → Settings
  2. Select “Manual proxy configuration”
  3. HTTP Proxy: 127.0.0.1, Port: 8844
  4. Check “Also use this proxy for HTTPS”

Troubleshooting

Ensure TurkeyDPI is running and listening on the correct address:
turkeydpi bypass --listen 0.0.0.0:8844
Try different presets or check if your ISP uses different blocking methods.
Use a less aggressive preset like vodafone or adjust your ISP-specific preset.
DoH is built-in. If failing, check firewall rules for outbound HTTPS (443) to 1.1.1.1.

See Also

Build docs developers (and LLMs) love

Get started for freeTalk to us