Nooshdaroo
Protocol Shape-Shifting SOCKS Proxy
Nooshdaroo (نوشدارو, Persian for "antidote") disguises encrypted SOCKS5 traffic as legitimate network protocols to bypass censorship and deep packet inspection.
🌐 Website
→ https://nooshdaroo.net/ - Download signed binaries, verify GPG signatures, and learn more about the antidote to censorship.
📘 Complete Documentation
→ NOOSHDAROO TECHNICAL REFERENCE - Everything you need to know about Nooshdaroo: architecture, deployment, API reference, and configuration.
→ QUICK REFERENCE - One-page command cheatsheet and common operations.
Quick Start
Installation
# Clone repository
# Build from source
# Binary at target/release/nooshdaroo
Basic Usage
# 1. Generate keys and configs
# 2. Run server (on VPS)
# 3. Run client (on local machine)
# 4. Use the proxy
Using Preset Profiles
# Corporate network
# Airport/Hotel WiFi
# High-censorship environments
Available profiles: corporate, airport, hotel, china, iran, russia
Features
Core Capabilities
- 9 Validated Protocol Emulations: HTTPS, DNS (with Google variants), TLS 1.3, SSH, QUIC
- Noise Protocol Encryption: ChaCha20-Poly1305 AEAD with X25519 key exchange (forward secrecy)
- Multiple Proxy Modes: SOCKS5, HTTP CONNECT
- Traffic Shaping: Statistical traffic emulation for DPI evasion
- Adaptive Bandwidth: Automatic quality adjustment based on network conditions (4 quality tiers)
- Preset Profiles: 6 environment-specific configurations for different censorship scenarios
- Multi-Port Server: Listen on multiple protocol-appropriate ports simultaneously
- Path Testing: Automatically find the best protocol/port combination for your network
Advanced Features
- Application Profile Emulation: Statistical emulation of 6 popular applications
- State Machine Emulation: Replicate connection lifecycle (handshake → active → teardown)
- Token Bucket Rate Limiting: Smart bandwidth control with smooth quality transitions
- Protocol Wrapper System: PSF (Protocol Signature Format) for accurate protocol mimicry
- Socat-like Relay Mode: Bidirectional traffic relay between endpoints
Architecture Overview
┌──────────────┐
│ Application │ curl, browser, ssh, etc.
└──────┬───────┘
│ SOCKS5/HTTP CONNECT
┌──────▼───────────────────────────────────────┐
│ Nooshdaroo Client │
│ ┌─────────┐ ┌─────────┐ ┌─────────┐ │
│ │ Proxy │ │ Traffic │ │ Shape- │ │
│ │ Engine │ │ Shaper │ │ Shift │ │
│ └────┬────┘ └────┬────┘ └────┬────┘ │
│ └────────────┴────────────┘ │
│ ┌───────────────▼──────────────┐ │
│ │ Protocol Wrapper (PSF) │ │
│ └───────────────┬──────────────┘ │
│ ┌───────────────▼──────────────┐ │
│ │ Noise Protocol Encryption │ │
│ │ (ChaCha20-Poly1305) │ │
│ └───────────────┬──────────────┘ │
└──────────────────┼──────────────────────────┘
│ Encrypted, Protocol-Wrapped
▼
╔═════════════════╗
║ Internet ║
╚═════════════════╝
│
┌──────────────────▼──────────────────────────┐
│ Nooshdaroo Server │
│ ┌───────────────┬──────────────┐ │
│ │ Protocol Unwrapper │ │
│ └───────────────┬──────────────┘ │
│ ┌───────────────▼──────────────┐ │
│ │ Noise Protocol Decryption │ │
│ └───────────────┬──────────────┘ │
│ ┌───────────────▼──────────────┐ │
│ │ Destination Router │ │
│ └───────────────┬──────────────┘ │
└──────────────────┼──────────────────────────┘
│
▼
┌──────────────┐
│ Destination │
│ (Internet) │
└──────────────┘
Documentation
- NOOSHDAROO_TECHNICAL_REFERENCE.md - Complete technical documentation
- QUICK_REFERENCE.md - Command cheatsheet
- CHANGELOG.md - Version history
- CONTRIBUTING.md - Contribution guidelines
Use Cases
1. Censorship Circumvention
Bypass DPI-based blocking in restrictive networks (Great Firewall of China, Iran national firewall, corporate firewalls).
2. Privacy Protection
Hide proxy usage from network surveillance and traffic analysis.
3. Protocol Research
Research and testing of protocol fingerprinting and DPI evasion techniques.
4. Secure Communications
Encrypted tunneling with forward secrecy for sensitive communications.
Performance
- Throughput: ~800 Mbps on modern hardware
- Latency Overhead: <5ms for encryption
- Protocol Switching: <1ms overhead
- Memory Usage: ~50MB baseline, +10MB per concurrent connection
- CPU Usage: <5% on modern CPU for typical loads
See Performance Characteristics for detailed benchmarks.
Security
Cryptographic Guarantees
- Confidentiality: ChaCha20-Poly1305 authenticated encryption (256-bit keys)
- Forward Secrecy: Ephemeral X25519 key exchange
- Authentication: Noise Protocol Framework patterns (NK, XX, KK)
- Integrity: Poly1305 MAC prevents tampering
Limitations
- Cannot defeat offline/airgapped networks
- Requires a server outside the censored network
- Strong adversaries with unlimited resources may still detect/block
- Not a replacement for end-to-end encryption (use HTTPS/TLS)
See Security Analysis for threat model and detailed security properties.
Project Origins
Nooshdaroo builds on the Proteus project (approximately 70% of core TCP proxy architecture). Key enhancements include:
- UDP protocol support with NAT session tracking
- Noise Protocol encryption
- Validated protocol library (9 nDPI-validated protocols)
- Application traffic profile emulation
- Adaptive bandwidth optimization
- Production deployment infrastructure
Development: Orchestrated by Sina Rabbani through context engineering with Claude Code (Anthropic).
License
Dual-licensed under:
- MIT License - See LICENSE-MIT
- Apache 2.0 License - See LICENSE-APACHE
Choose whichever works best for your use case.
Credits
- Author: Sina Rabbani
- Repository: https://github.com/0xinf0/nooshdaroo
- Based on: Proteus by Unblockable
- Inspiration: Rathole for Noise Protocol implementation
Contributing
Contributions welcome! Areas of interest:
- Protocol implementations (add new .psf files)
- Mobile optimizations (iOS/Android FFI bindings)
- Traffic analysis improvements (detection risk calculations)
- Testing (real-world censorship testing)
- Documentation (user guides, tutorials)
See CONTRIBUTING.md for details.
نوشدارو - The Antidote to Network Censorship