Named after Inception's deepest dream layer β where DPI gets lost.
Limbo is a next-generation DPI (Deep Packet Inspection) bypass engine featuring:
- Per-Domain Profiles β Different bypass strategies for different sites
- 7 Bypass Strategies β TCP Fragmentation, Smart Fragmentation, Desync, Fake TTL, UDP Fake, ECH, QUIC Fake
- π ECH (Encrypted Client Hello) β Encrypts SNI so DPI cannot see target domain
- π° Radar System β Auto-detects blocked domains and creates bypass profiles automatically
- ISP Behavior Analysis β Detects RST injection, silent drops, DNS poisoning
- Automatic Calibration β Finds the best bypass method per domain
- SIMD Optimization β AVX2-accelerated packet parsing
- DNS over HTTPS β Bypass ISP DNS blocking
- Modern GUI β Dark/Light theme WPF application with real-time stats
- Full CLI β All features available from the command line
Limbo includes an automatic blocking detection system called Radar:
Packet Analysis
β
IspBehaviorAnalyzer ConnectionTracker
(RST injection) + (3s silent drop)
β β
BlacklistManager (Auto-Blacklist.txt)
β
Auto Adaptive profile created
β
GUI / CLI reflects new domain
When Limbo detects that your ISP is blocking a domain, it automatically:
- Adds it to the radar blacklist
- Creates an Adaptive bypass profile for it
- Starts applying bypass immediately
| Strategy | Priority | Mechanism | Best For |
|---|---|---|---|
| ECH | 200 | Encrypts SNI completely via HPKE | Cloudflare sites |
| QuicFake | 150 | Fake datagram injection for QUIC | HTTP/3, Discord Voice |
| TcpFragmentation | 100 | Splits TCP payload into small segments | General DPI |
| SmartFragmentation | 90 | Splits at exact SNI offset (SIMD) | Minimal packets |
| Desync | 80 | Sends packets out of order | State-based DPI |
| FakeTtl | 70 | Decoy packets with low TTL | Passive DPI |
| UdpFake | 60 | Fake packets for UDP/QUIC traffic | Voice/Video |
| Adaptive | β | Tests all strategies, saves the best | Unknown sites |
Limbo/
βββ src/
β βββ Limbo.Console/ # CLI application
β βββ Limbo.GUI/ # WPF Desktop Application
β βββ Limbo.Core/ # Main business logic
β β βββ Analysis/ # Radar: ISP behavior detection, blacklist
β β βββ Bypass/ # 7 DPI bypass strategies
β β βββ Config/ # JSON configuration system
β β βββ Detection/ # SIMD packet inspection
β β βββ Dns/ # DNS over HTTPS + cache
β β βββ Ech/ # ECH (X25519 + AES-GCM)
β β βββ Engine/ # Orchestration + Calibration
β β βββ Logging/ # Thread-safe structured logging
β β βββ Monitoring/ # Real-time bandwidth monitor
β β βββ Profiles/ # Per-domain wildcard profiles
β βββ Limbo.Driver/ # WinDivert P/Invoke wrapper
βββ tests/
βββ Limbo.Tests/ # xUnit unit tests (48 tests)
Pre-built binaries are available on the Releases page.
| Package | Description |
|---|---|
Limbo-Console-v1.0-win-x64.zip |
CLI application (self-contained, no .NET install needed) |
Limbo-GUI-v1.0-win-x64.zip |
WPF desktop application (self-contained, no .NET install needed) |
After downloading: Place
WinDivert.dllandWinDivert64.sysnext to the executable before running. See WinDivert Setup below.
SHA-256 checksums are listed in each release's description for verification.
- Windows 10/11 64-bit
- .NET 10.0 Runtime
- Administrator privileges required
- WinDivert 2.2.2 (see below)
Limbo uses WinDivert for low-level packet interception via P/Invoke. WinDivert is licensed separately (LGPL v3 / GPL v2) and is not included in this repository or release ZIP β you must obtain and place the files manually in both cases.
Building from source? Place
WinDivert.dllandWinDivert64.sysintosrc/Limbo.Driver/runtimes/win-x64/native/before building. MSBuild will automatically copy them to the output directory.
Step 1 β Download WinDivert 2.2.2:
Download WinDivert-2.2.2-A.zip and extract it.
Step 2 β Copy the files next to the executable:
From the extracted ZIP, copy the x64 variants:
WinDivert-2.2.2-A/
βββ x64/
βββ WinDivert.dll β copy this
βββ WinDivert64.sys β copy this
Place both files in the same folder as Limbo.Console.exe or Limbo.GUI.exe:
# Console (extracted ZIP):
Limbo.Console.exe
WinDivert.dll β here
WinDivert64.sys β here
# GUI (extracted ZIP):
Limbo.GUI.exe
WinDivert.dll β here
WinDivert64.sys β here
Why 2.2.2 specifically? Limbo's P/Invoke declarations (
WinDivertNative.cs) target the WinDivert 2.2 API. Older versions (1.x, 2.0) have different function signatures and will not work. Newer minor versions (2.2.x) should be compatible.
git clone https://github.com/umitkrkmz/Limbo.git
cd Limbo
dotnet build -c Release# Run as Administrator
dotnet run --project src/Limbo.GUI# Run as Administrator
dotnet run --project src/Limbo.Console -- --helpUsage: limbo [command] [options]
Commands:
run Start DPI bypass engine
calibrate <domain> Find best bypass method for a domain
test <domain> Test DNS, DoH, TCP connectivity
add-profile <domain> <method> [opts] Add a domain profile
remove-profile <domain> Remove a domain profile
radar Show auto-detected blocked domains
radar-import <file> Import a radar blacklist
radar-export <file> Export radar blacklist
radar-clear Clear all radar entries
Options for add-profile:
--frag <n> Fragment size (TcpFragmentation / SmartFragmentation)
--ttl <n> Fake TTL value (FakeTtl / UdpFake)
--split <n> Split position (Desync)
--offset <n> SNI split offset (SmartFragmentation)
--ech-name <s> ECH public name (Ech)
--quic-size <n> Fake packet size (QuicFake)
Global options:
-v, --verbose Verbose logging
-c, --config Custom config file path
--list-profiles List all profiles
--list-methods List bypass methods with priorities
--show-config Show current configuration
--version Version info
Examples:
# Start bypass engine with verbose output
limbo run -v
# Find best method for a domain
limbo calibrate discord.com
# Add a profile manually
limbo add-profile "*.discord.com" TcpFragmentation --frag 2
# Test if a domain is blocked
limbo test twitter.com
# Show radar-detected blocked domains
limbo radar
# Import a community blocklist
limbo radar-import blocked.txt- Add Profile β Domain pattern + bypass method + all parameters
- Edit Profile β Right-click or double-click to modify
- Delete Profile β X button or right-click context menu
- Import/Export β JSON profile sharing
- Radar Import/Export β Share auto-detected blocked domain lists
- Packets captured / matched / modified
- Data processed
- Live download / upload rate + peak rates
- Color-coded live log (green = success, red = error)
- Radar events (auto-detected blocks, silent drops)
- DNS over HTTPS toggle + server URL
- Theme: System / Light / Dark
- System tray: minimize to tray, close to tray, start minimized
Config file: %LOCALAPPDATA%\Limbo\config.json
{
"filter": "tcp or udp",
"verbose": false,
"dns": {
"useDoH": true,
"doHServer": "https://1.1.1.1/dns-query"
},
"theme": "System",
"minimizeToTray": true,
"closeToTray": true,
"profiles": [
{
"domain": "*.discord.com",
"method": "TcpFragmentation",
"fragmentSize": 2
},
{
"domain": "*.twitter.com",
"method": "Ech"
}
]
}Data files:
- Profiles:
%LOCALAPPDATA%\Limbo\profiles\*.json - Radar blacklist:
%LOCALAPPDATA%\Limbo\Auto-Blacklist.txt
Supported servers:
- Cloudflare:
https://1.1.1.1/dns-query - Google:
https://dns.google/dns-query - Quad9:
https://dns.quad9.net/dns-query
Limbo runs parallel A + AAAA queries and prioritizes IPv6 addresses.
| Feature | GoodbyeDPI | Limbo |
|---|---|---|
| Target | All traffic, global options | Per-domain profiles |
| ECH Support | β Full X25519 HPKE (real ECH) | |
| Profile System | No (global flags only) | β Wildcard patterns per domain |
| Radar (auto-detect) | No | β Yes |
| ISP Behavior Analysis | No | β RST injection, silent drops |
| Automatic Calibration | No | β Per domain |
| Bandwidth Monitoring | No | β Real-time |
| DNS Bypass | β DNS over HTTPS (DoH) | |
| SIMD Acceleration | No | β AVX2 |
| GUI | No | β Dark/Light WPF |
| CLI | β Yes | β Yes |
| Language | C (C99) | C# (.NET 10) |
| Platform | Windows | Windows |
| License | Apache 2.0 | GPL v2 |
Limbo is inspired by GoodbyeDPI but approaches the problem differently: instead of one global configuration, it uses per-domain strategies with automatic detection and adaptive calibration.
- 7 bypass strategies + Adaptive mode
- ECH (Encrypted Client Hello) β full X25519 HPKE
- QUIC / HTTP3 bypass
- Radar system β auto-detect + auto-blacklist
- ISP behavior analysis (RST injection, silent drops)
- Per-domain profiles with wildcard support
- Automatic calibration per domain
- Profile import / export (JSON)
- System tray support
- Real-time bandwidth monitoring
- DNS over HTTPS (parallel A + AAAA)
- SIMD (AVX2) packet parsing
- Dark / Light / System theme
- Full CLI (run, calibrate, test, radar, add/remove-profile)
- 48 unit tests
Contributions are welcome! Here's how:
- Fork this repository
- Create a branch β
git checkout -b feature/my-feature - Commit your changes β
git commit -m "Add: my feature" - Push β
git push origin feature/my-feature - Open a Pull Request
Good first issues:
- ISP fingerprint database entries
- New bypass strategy ideas
- Test coverage improvements
- Documentation / translations
Please open an Issue before working on large changes so we can discuss the approach first.
This software is for educational and research purposes only. Usage is at your own risk. Check your local laws before use. The authors are not responsible for any misuse.
- basil00/WinDivert β Windows network packet capture and modification driver. Limbo uses WinDivert for low-level packet interception. Licensed under LGPL v3 / GPL v2.
- ValdikSS/GoodbyeDPI β Original inspiration for DPI bypass techniques. Limbo takes a different architectural approach (per-domain adaptive profiles, Radar system, ECH) but the foundational ideas come from GoodbyeDPI's excellent work. Licensed under Apache 2.0.
Have a question, idea, or want to share how you're using Limbo?
- GitHub Discussions β Questions, ideas, show & tell
- GitHub Issues β Bug reports and feature requests
This project is licensed under the GNU General Public License v2.0.
Because Limbo uses WinDivert which is dual-licensed under LGPL v3 / GPL v2, Limbo is distributed under GPL v2 to maintain license compatibility.
See LICENSE for the full license text.
β Star this repo if you find it useful!
Designed & Engineered by Umit Korkmaz