{"id":21863904,"url":"https://github.com/doxx/darkflare","last_synced_at":"2025-07-21T02:31:06.816Z","repository":{"id":263866438,"uuid":"891628186","full_name":"doxx/darkflare","owner":"doxx","description":"DarkFlare Firewall Piercing (TCP over CDN)","archived":false,"fork":false,"pushed_at":"2024-11-27T19:32:53.000Z","size":169354,"stargazers_count":755,"open_issues_count":1,"forks_count":34,"subscribers_count":7,"default_branch":"main","last_synced_at":"2024-11-27T19:44:30.741Z","etag":null,"topics":["censorship-circumvention","firewall-piercing","golang","proxy-server","security","security-tools","tcpocdn","tunnel-client","tunnel-server","tunneling","vpns"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/doxx.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-11-20T17:05:00.000Z","updated_at":"2024-11-27T19:43:21.000Z","dependencies_parsed_at":"2024-11-20T18:40:48.864Z","dependency_job_id":null,"html_url":"https://github.com/doxx/darkflare","commit_stats":null,"previous_names":["doxx/darkflare"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/doxx%2Fdarkflare","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/doxx%2Fdarkflare/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/doxx%2Fdarkflare/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/doxx%2Fdarkflare/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/doxx","download_url":"https://codeload.github.com/doxx/darkflare/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":226857087,"owners_count":17693016,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["censorship-circumvention","firewall-piercing","golang","proxy-server","security","security-tools","tcpocdn","tunnel-client","tunnel-server","tunneling","vpns"],"created_at":"2024-11-28T04:01:46.957Z","updated_at":"2024-11-28T04:02:26.727Z","avatar_url":"https://github.com/doxx.png","language":"Go","funding_links":[],"categories":["Go"],"sub_categories":[],"readme":"# 🌒 DarkFlare\n\nA stealthy TCP-over-CDN tunnel that keeps your connections cozy and comfortable behind Cloudflare's welcoming embrace.\n\n## 🤔 What is this sorcery?\n\nDarkFlare is a clever little tool that disguises your TCP traffic as innocent HTTPS requests, letting them pass through corporate firewalls like a VIP at a nightclub. It's like a tunnel, but with more style and less dirt.\n\nIt has two parts: a client-side proxy (darkflare-client) that encodes TCP data into HTTPS requests and sends it to a Cloudflare-protected domain, and a server-side proxy (darkflare-server) that decodes the requests and forwards the data to a local service (like SSH on port 22). It’s protocol-agnostic, secure, and uses Cloudflare's encrypted infrastructure, making it stealthy and scalable for accessing internal resources or bypassing network restrictions.\n\nWhen using this remember the traffic over the tunnel is only as secure as the Cloudflare protection. Use your own encryption.\n\n## 🧱 Why CDNs?\nServices like Cloudflare, Akamai Technologies, Fastly, and Amazon CloudFront are not only widely accessible but also integral to the global internet infrastructure. In regions with restrictive networks, alternatives such as CDNetworks in Russia, ArvanCloud in Iran, or ChinaCache in China may serve as viable proxies. These CDNs support millions of websites across critical sectors, including government and healthcare, making them indispensable. Blocking them risks significant collateral damage, which inadvertently makes them reliable pathways for bypassing restrictions.\n\n## ⛓️‍💥 Stop Network Censorship\nInternet censorship is a significant issue in many countries, where governments restrict access to information by blocking websites and services. For instance, China employs the \"Great Firewall\" to block platforms like Facebook and Twitter, while Iran restricts access to social media and messaging apps. In Russia, authorities have intensified efforts to control information flow by blocking virtual private networks (VPNs) and other tools that citizens use to bypass censorship.\n\nAP NEWS\n In such environments, a tool that tunnels TCP traffic over HTTP(S) through a Content Delivery Network (CDN) like Cloudflare can be invaluable. By disguising restricted traffic as regular web traffic, this method can effectively circumvent censorship measures, granting users access to blocked content and preserving the free flow of information.\n\n```\n                                FIREWALL/CENSORSHIP\n                                |     |     |     |\n                                v     v     v     v\n\n[Client]──────┐                ┌──────────────────┐                ┌─────────[Target Service]\n              │                │                  │                │       (e.g., SSH Server)\n              │                │   CLOUDFLARE     │                │tcp      localhost:22\n              │tcp             │     NETWORK      │                │\n[darkflare    │                │                  │                │ [darkflare\n client]──────┼───HTTPS───────\u003e│ (looks like      │─-HTTPS-───────\u003e│  server]\nlocalhost:2222│                │  normal traffic) │                │ :8080\n              │                │                  │                │\n              └────────────────┼──────────────────┼────────────────┘\n                               │                  │\n                               └──────────────────┘\n\nFlow:\n1. TCP traffic ──\u003e darkflare-client\n2. Wrapped as HTTPS ──\u003e Cloudflare CDN\n3. Forwarded to ──\u003e darkflare-server\n4. Unwrapped back to TCP ──\u003e Target Service\n```\n\n## ⁇  Usecases\nssh, rdp, or anything tcp to bypass restrictive firewalls or state controled internet.\n\nTunneling ppp or other vpn services that leverage TCP.\n\ndarkflare-server can launch applications like sshd or pppd. Note that there are issues with host keys and certificate validation on sshd if you don't configure it properly.\n\nLinux's popular pppd daemon will also not run as non-root in some cases, which would require a more complex configuration with sudo.\n\nBreaking past blocked sites! \n\n[How to use NordVPN over TCP](https://support.nordvpn.com/hc/en-us/articles/19683394518161-OpenVPN-connection-on-NordVPN#:~:text=With%20NordVPN%2C%20you%20can%20connect,differences%20between%20TCP%20and%20UDP. \"Configure NordVPN over TCP\")\n\n## NordVPN\n\n1. Download the OpenVPN client \n2. Under Manual setup in your NordVPN web account download the .ovpn file for TCP\n3. Also in Manual setup select username and password authentication.\n4. Edit the .ovpn file and change the IP and port to your darkflare server IP and Port.\n5. Configure darkflare-server to use the IP and port defined in the .ovpn file.\n6. Import the .ovpn file to OpenVPN and setup your username and password.\n\nI did provide an ./examples/nordvpn.ovpn for you to use. Also two scrips for up/down to fix some of the routing issues.\n\nSpeed tests were around 30Mbps down and 10Mbps up with latency around 30-100ms. Streaming, etc... all seem to work fine.\n\nNote: OpenVPN does some weird thing with the default gateway/route. For testing purposes I added: pull-filter ignore \"redirect-gateway\" to the .ovpn file. That allows me to force the tunnel to not eat my network. \n\n![OpenVPN on NordVPN over TCPoCDN](https://raw.githubusercontent.com/doxx/darkflare/main/images/openvpn.jpg)\n\n## 🔐 Few Obscureation Techniques\n\nRequests are randomized to look like normal web traffic with jpg, php, etc... with random file names.\n\nClient and server headers are set to look like normal web traffic. \n\nIf you have other ideas please send them my way.\n\n\n## 🌩️ Cloudflare Configuration \nAdd your new proxy hostname into a free Cloudflare account.\n\nSetup your origin rules to send that host to the origin server (darkflare-server) via the proxy port you choose. \n\nI used 8080 with a Cloudflare proxy via HTTP for the firs test. Less overhead.\n\n## ✨ Features\n\n- **Sneaky TCP Tunneling**: Wraps your TCP connections in a fashionable HTTPS outfit\n- **Cloudflare Integration**: Because who doesn't want their traffic to look like it's just visiting Cloudflare?\n- **Debug Mode**: For when things go wrong and you need to know why (spoiler: it's always DNS)\n- **Session Management**: Keeps your connections organized like a Type A personality\n- **TLS Security**: Because we're sneaky, not reckless\n\n## 🚀 Quick Start\n\n### Installation\n\n1. Download the latest release from the releases page or binary from the main branch.\n2. Extract the binaries to your preferred location\n3. Make the binaries executable:\n```bash\nchmod +x darkflare-client darkflare-server\n```\n\n### Running the Client\n```bash\n./darkflare-client -l 2222 -t https://host.domain.net:443 \n```\nAdd `-debug` flag for debug mode\n\n### Notes\nMake the host.domain.net you use is configured in Cloudflare to point to the darkflare-server. If you want to debug and go directly to the psudo server you can use the `-allow-direct` flag on the server.\n\n### Running the Server\n\n```bash\n# HTTPS Server (recommended for production)\n./darkflare-server -o https://0.0.0.0:443 -d localhost:22 -c /path/to/cert.pem -k /path/to/key.pem\n\n# HTTP Server (for testing)\n./darkflare-server -o http://0.0.0.0:8080 -d localhost:22\n```\n\n### Notes\n- You must specify either `-d` (network destination) or `-a` (application) mode, but not both\n- The `-allow-direct` flag allows direct connections without Cloudflare headers (not recommended for production)\n- Debug mode (`-debug`) provides verbose logging of connections and data transfers\n- Under SSL/TLS configuration in Cloudflare you need to set ssl encryption mode to Full.\n\n### SSL/TLS Certificates\n\nFor HTTPS mode, you'll need to obtain origin certificates from Cloudflare:\n\n1. Log into your Cloudflare dashboard\n2. Go to SSL/TLS \u003e Origin Server\n3. Create a new certificate (or use an existing one)\n4. Download both the certificate and private key\n5. When starting the server in HTTPS mode, provide both certificate files:\n\nNote: Keep your private key secure and never share it. The certificate provided by Cloudflare is specifically for securing the connection between Cloudflare and your origin server.\n\n### Testing the Connection\n```bash\nssh user@localhost -p 2222\n```\n\n## ⚠️ Security Considerations\n\n- Always use end-to-end encryption for sensitive traffic\n- The tunnel itself provides obscurity, not security\n- Monitor your Cloudflare logs for suspicious activity\n- Regularly update both client and server components\n\n## ⚠️ Disclaimer\n\nThis tool is for educational purposes only. Please don't use it to bypass your company's firewall - your IT department has enough headaches already.\n\n## 🤝 Contributing\n\nFound a bug? Want to add a feature? PRs are welcome! Just remember:\n- Keep it clean\n- Keep it clever\n\n\n## 📥 Downloads\n\n### Latest Binary Downloads\n\n#### Linux\n- [darkflare-client-linux-amd64](https://raw.githubusercontent.com/blyon/darkflare/main/bin/darkflare-client-linux-amd64)\n- [darkflare-server-linux-amd64](https://raw.githubusercontent.com/blyon/darkflare/main/bin/darkflare-server-linux-amd64)\n\n#### macOS\n- Intel (AMD64):\n  - [darkflare-client-darwin-amd64](https://raw.githubusercontent.com/blyon/darkflare/main/bin/darkflare-client-darwin-amd64)\n  - [darkflare-server-darwin-amd64](https://raw.githubusercontent.com/blyon/darkflare/main/bin/darkflare-server-darwin-amd64)\n- Apple Silicon (ARM64):\n  - [darkflare-client-darwin-arm64](https://raw.githubusercontent.com/blyon/darkflare/main/bin/darkflare-client-darwin-arm64)\n  - [darkflare-server-darwin-arm64](https://raw.githubusercontent.com/blyon/darkflare/main/bin/darkflare-server-darwin-arm64)\n\n#### Windows\n- [darkflare-client-windows-amd64.exe](https://raw.githubusercontent.com/blyon/darkflare/main/bin/darkflare-client-windows-amd64.exe)\n- [darkflare-server-windows-amd64.exe](https://raw.githubusercontent.com/blyon/darkflare/main/bin/darkflare-server-windows-amd64.exe)\n\n### Verifying Binaries\n```bash\n# Download the checksums file\ncurl -O https://raw.githubusercontent.com/blyon/darkflare/main/bin/checksums.txt\n\n# Verify downloads on Linux/macOS\nshasum -a 256 -c checksums.txt\n\n# Verify downloads on Windows PowerShell\nGet-FileHash .\\darkflare-client-windows-amd64.exe | Format-List\n```\n\nNote: All binaries are built automatically from the main branch. The checksums file is generated during the build process to ensure file integrity.\n\n## 📜 License\n\nMIT License - Because sharing is caring, but attribution is nice.\n\n---\n*Built with ❤️ and a healthy dose of mischief*\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdoxx%2Fdarkflare","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdoxx%2Fdarkflare","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdoxx%2Fdarkflare/lists"}