{"id":48355237,"url":"https://github.com/ave-sergeev/omoikane","last_synced_at":"2026-04-19T10:04:47.025Z","repository":{"id":348597368,"uuid":"1111602982","full_name":"Ave-Sergeev/Omoikane","owner":"Ave-Sergeev","description":"Blazing fast explicit proxy written in Rust for network accessibility research under DPI (Rust) (Q2:2026)","archived":false,"fork":false,"pushed_at":"2026-04-14T07:23:42.000Z","size":77,"stargazers_count":8,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-04-14T09:27:13.715Z","etag":null,"topics":["cli","dns-over-https","dns-over-tls","dpi","dpi-bypass","dpi-evasion","linux","macos","network-tools","networking","packet-manipulation","proxy","proxy-server","rust","security","security-research","tcp","tls-handshake","windows"],"latest_commit_sha":null,"homepage":"","language":"Rust","has_issues":false,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Ave-Sergeev.png","metadata":{"files":{"readme":"README.en.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE-APACHE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-12-07T09:27:08.000Z","updated_at":"2026-04-14T07:23:46.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/Ave-Sergeev/Omoikane","commit_stats":null,"previous_names":["ave-sergeev/omoikane"],"tags_count":5,"template":false,"template_full_name":null,"purl":"pkg:github/Ave-Sergeev/Omoikane","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Ave-Sergeev%2FOmoikane","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Ave-Sergeev%2FOmoikane/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Ave-Sergeev%2FOmoikane/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Ave-Sergeev%2FOmoikane/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Ave-Sergeev","download_url":"https://codeload.github.com/Ave-Sergeev/Omoikane/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Ave-Sergeev%2FOmoikane/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31905895,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-16T18:22:33.417Z","status":"ssl_error","status_checked_at":"2026-04-16T18:21:47.142Z","response_time":69,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cli","dns-over-https","dns-over-tls","dpi","dpi-bypass","dpi-evasion","linux","macos","network-tools","networking","packet-manipulation","proxy","proxy-server","rust","security","security-research","tcp","tls-handshake","windows"],"created_at":"2026-04-05T11:01:53.266Z","updated_at":"2026-04-16T22:01:51.074Z","avatar_url":"https://github.com/Ave-Sergeev.png","language":"Rust","funding_links":[],"categories":[],"sub_categories":[],"readme":"## Omoikane\n\n---\n\n[Русский](https://github.com/Ave-Sergeev/Omoikane/blob/main/README.md) | [English](https://github.com/Ave-Sergeev/Omoikane/blob/main/README.en.md)\n\n### Description\n\nThis project is a lightweight `Explicit Proxy` written in `Rust`.  \nDue to the language's architectural features, it ensures minimal latency and low system resource consumption.\n\n- No root or administrator privileges are required to run and use the application.\n- All TCP traffic processing occurs locally on your computer.\n- Support for DoH and DoT protocols protects DNS queries from interception and spoofing, ensuring correct address resolution before a connection is established.\n- The tool only processes the session initialization phase (TLS ClientHello, HTTP headers). The main payload is transmitted transparently without interference, minimizing latency and system load.\n- Dynamic session fingerprinting makes traffic blocking by signatures difficult (this feature is in experimental mode).\n- Changes are applied to all new connections immediately upon startup and automatically cease when the process is terminated.\n\n**Main Objective**:  \nMaintaining the resilience of TCP connections against Deep Packet Inspection (DPI) at intermediate network nodes through TCP stream fragmentation and packet structure manipulation. This includes the implementation of defense mechanisms against DNS Spoofing and Cache Poisoning attacks, as well as dynamic session fingerprinting.\n\nTarget Platform: macOS Apple Silicon (`aarch64-apple-darwin`) \u0026 Intel (`x86_64-apple-darwin`).  \nStatus: Testing and stable operation confirmed on the author's macOS (Apple Silicon).\n\n**Current State**:  \nActive Research \u0026 PoC 🦀  \nDespite its `Proof of Concept` status, the tool is fully functional and ready for use.  \nKey traffic manipulation mechanisms are already implemented and operate stably in the target environment. However, the architecture and individual components are still undergoing active development and optimization.\n\n**Disclaimer**:  \nThis software was developed as part of a Master's thesis and is strictly for research purposes.  \nThe development is presented as a `Proof of Concept` (PoC) to investigate mechanisms for ensuring communication resilience when passing through nodes with Deep Packet Inspection (DPI).\n\nThe software is provided on an `as is` basis. Its use is permitted for educational and informational purposes only.  \nThe author makes no guarantees regarding the tool's performance under specific conditions and bears no responsibility for any direct or indirect damage resulting from the use of this software.\n\n**Development Note**:  \nThis repository does not strictly follow formal industry standards for Git history (Best Practices).  \nCommit history has been intentionally simplified by the author.\n\n**Symbolism**:  \nThe project is named after a Japanese mythological god of intellect, wisdom, and strategy, who restored light to the world by finding a \"clever way\" where direct action had failed.\n\n### Quick Start\n\nThe fastest way to get started is to download the pre-compiled binary for your system:\n1. Go to the [Releases](https://github.com/Ave-Sergeev/Omoikane/releases) page.\n2. Download the version for your macOS architecture (Apple Silicon or Intel).\n3. Extract the archive and move the binary to a location of your choice. Run it from the terminal.\n\n⚠️ Note ⚠️  \nWhen launching the utility for the first time, macOS may display a \"unverified developer\" warning. This is standard macOS behavior for third-party software — simply allow the app to run in the settings (\"Privacy \u0026 Security\" section).\n\n### Building from Source\n\nEnvironment setup and build instructions can be found in the [development notes](https://github.com/Ave-Sergeev/Omoikane/blob/main/DEVELOPMENT.md).\n\n### Configuration\n\nThe service configuration is flexible and supports two priority levels:  \n- CLI Arguments — used for quick startup and overriding key parameters. These have the highest priority.\n- Configuration File (config.yaml) — intended for fine-tuning internal proxy-engine parameters that rarely require immediate changes. A configuration template with example settings (config_example.yaml) is located in the project root.\n\n**Available CLI Arguments**:  \nIf a parameter is not specified, the values from `config.yaml` or default values will be used.\n\n- `APP`\n  - `--addr` - IP address to listen on. (Default: `127.0.0.1`)\n  - `--port` - Port to listen on. (Default: `8080`)\n  - `--config` - Path to the configuration file (YAML). (Default: `not set`)\n  - `--silent` - Hides the banner and informational messages in the terminal: 'true', 'false'. (Default: `false`)\n  - `--log-level` - Logging verbosity level: `off`, `error`, `warn`, `info`, `debug`, `trace`. (Default: `info`)\n- `DNS`\n  - `--dns-mode` - DNS operation mode: `system`, `doh`, `dot`. (Default: `system`)\n  - `--dns-qtype` - DNS record query type: `ipv4`, `ipv6`, `all`. (Default: `ipv4`)\n  - `--dns-provider` - Provider used for DoH/DoT: `google`, `cloudflare`, `quad9`. (Default: `google`)\n- `HTTP`\n  - `--http-split-mode` - HTTP request fragmentation: `none`, `fragment`. (Default: `none`)\n- `HTTPS`\n  - `--https-split-mode` - TLS ClientHello fragmentation: `none`, `fragment`. (Default: `none`)\n  - `--https-fake-ttl-mode` - TTL strategy for fake packets: `none`, `custom`. (Default: `none`)\n  - `--https-fake-ttl-value` - TTL value for `custom` mode. (Default: `1`, range: `1-255`)\n  - `--https-greased-padding` - Dynamic modification of the session fingerprint by increasing TLS handshake entropy (GREASE \u0026 Padding): `true`, `false`. (Default: `false`)\n\n### CLI Usage Examples\n\nAll parameters have default values. If no arguments are provided, the standard settings will be used.  \nNetwork conditions vary by provider. If the default settings do not yield the desired results, you should experiment with CLI arguments and parameters in the config.yaml file to find the optimal combination for your specific case.\n\n- **Silent Mode:** Suppresses banner output and informational messages. Recommended for background processes or service mode.\n  \u003e ./\u003cpath_to_binary_file\u003e --silent\n\n- **Basic Mode:** Traffic passes through without modifications, using the system DNS resolver.\n  Minimalist launch (uses default parameters):\n    \u003e ./\u003cpath_to_binary_file\u003e\n\n  Full command (explicitly defined parameters):\n    \u003e ./\u003cpath_to_binary_file\u003e -a 127.0.0.1 -p 8080 --dns-mode system --log-level info --http-split-mode none --https-split-mode none --https-fake-ttl-mode none\n\n- **Moderate Mode:** Enables packet fragmentation and Google DoT (IPv4) to bypass simple restrictions.\n  \u003e ./\u003cpath_to_binary_file\u003e -a 127.0.0.1 -p 8080 --dns-mode dot --dns-qtype ipv4 --http-split-mode none --https-split-mode fragment\n\n- **Maximum Mode:** Using DNS-over-HTTPS, packet fragmentation, custom TTL adjustment, and fingerprint modification.\n  \u003e ./\u003cpath_to_binary_file\u003e -a 127.0.0.1 -p 8080 --dns-mode doh --dns-provider cloudflare --dns-qtype ipv4 --http-split-mode fragment --https-split-mode fragment --https-fake-ttl-mode custom --https-fake-ttl-value 1 --https-greased-padding true\n\n### Implementation Details\n\nArchitecture description and key project algorithms can be found in the [development notes](https://github.com/Ave-Sergeev/Omoikane/blob/main/DEVELOPMENT.md).\n\n### License\n\nThe source code of this project is distributed under the [Apache License 2.0](https://www.apache.org/licenses/LICENSE-2.0).  \nThis allows for the use, copying, and modification of the code for educational and research purposes.  \n\n### Support the Project\n\nIf you found something interesting or useful in this project, or if you simply liked the code, feel free to give it a ⭐ star as a token of appreciation.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fave-sergeev%2Fomoikane","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fave-sergeev%2Fomoikane","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fave-sergeev%2Fomoikane/lists"}