This is a simple obfuscator for WireGuard. It is designed to make it harder to detect WireGuard traffic by making it look like something else.
It does this by wrapping WireGuard packets in a layer of obfuscation using a simple XOR cipher. Usefull for bypassing DPI (Deep Packet Inspection) firewalls, e.g. if your ISP/government blocks WireGuard traffic.
+----------------+
| WireGuard peer |
+----------------+
^
|
v
+----------------+
| Obfuscator |
+----------------+
^
|
v
+----------------+
| Internet |
+----------------+
^
|
v
+----------------+
| Obfuscator |
+----------------+
^
|
v
+----------------+
| WireGuard peer |
+----------------+Since the obfuscator is a simple XOR cipher, it is totally simmetric. You need to install this application on the same network as the WireGuard peer you want to obfuscate, you need to do this on the other peer too.
The obfuscator will then obfuscate the WireGuard packets and send them to the Internet. On the other side the obfuscator will deobfuscate the packets and send them to the WireGuard peer.
It can be used even if one of the peers is behind a NAT or has a dynamic IP address. The obfuscator will keep track of the IP address of the peer after handshake and will send the packets to the correct IP address.
You can pass parameters to the obfuscator using a configuration file or command line arguments. Available parameters are:
source-if – source interface to listen on. Optional, default is 0.0.0.0, e.g. all interfaces. Can be used to listen only on a specific interface.source – source client address and port in address:port format. Optional. By default any address and port is accepted but server replies will be sent to the last successfully handshake address, so it can work over NAT. If specified, only packets from this address will be accepted and all server replies will be sent to this address, in such case target side cat initiate connections to the source side too.source-lport – source port to listen. Source client should connect to this port. Required.target-if – target interface to listen on. Optional, default is 0.0.0.0, e.g. all interfaces. Can be used to listen only on a specific interface.target – target address and port in address:port format. Obfuscated data will be sent to this address. Required.target-lport – target port to listen. Optional. Default is auto (assigned by the OS). If specified, target can initiate connections to the source side too.key – obfuscation key. Just string. Longer – better. Required.verbose – verbosity level, 0-4. Optional, default is 2.You can use configuration file with those parameters in key=value format. For example:
# Port to listen for the source client (real client or client obfuscator)
source-lport = 13255
# Host and port of the target to forward to (server obfuscator or real server)
target = 10.13.1.100:13255
# Obfuscation key, must be the same on both sides
key = testFor more information click here.
Playwright-MCP (Model Context Protocol) is a cutting-edge tool designed to bridge the gap between AI…
JBDev is a specialized development tool designed to streamline the creation and debugging of jailbreak…
The Kereva LLM Code Scanner is an innovative static analysis tool tailored for Python applications…
Nuclei-Templates-Labs is a dynamic and comprehensive repository designed for security researchers, learners, and organizations to…
SSH-Stealer and RunAs-Stealer are malicious tools designed to stealthily harvest SSH credentials, enabling attackers to…
Control flow flattening is a common obfuscation technique used by OLLVM (Obfuscator-LLVM) to transform executable…