DarkFlare: Stealthy TCP-over-CDN Tunnel for Firewall Piercing

DarkFlare: Stealthy TCP-over-CDN Tunnel for Firewall Piercing

Summary

DarkFlare is a stealthy command-line tool designed to create TCP-over-CDN tunnels, effectively disguising TCP traffic as innocent HTTPS requests. This enables users to bypass restrictive firewalls and network censorship by leveraging widely accessible CDN infrastructure like Cloudflare. It operates with both client and server components, ensuring secure and scalable access to blocked content or internal resources.

Repository Info

Updated on November 15, 2025
View on GitHub

Tags

Censorship CircumventionFirewall PiercingTCP TunnelCDN ProxyGoLangNetwork SecurityVPN BypassProxy Server

Click on any tag to explore related repositories

Introduction

DarkFlare is a sophisticated command-line tool that establishes TCP-over-CDN (Content Delivery Network) tunnels. It cleverly disguises your TCP traffic as standard HTTPS requests, allowing it to bypass corporate firewalls and network censorship with ease. This innovative approach makes your connections appear as normal web traffic to services like Cloudflare, effectively creating a stealthy pathway through restricted networks.

The tool comprises two main components: darkflare-client and darkflare-server. The client-side proxy encodes TCP data into HTTPS requests and directs them to a Cloudflare-protected domain. The server-side proxy, conversely, decodes these requests and forwards the data to a specified local service, such as an SSH server on port 22. DarkFlare is protocol-agnostic, secure, and leverages Cloudflare's encrypted infrastructure, making it a robust solution for accessing internal resources or circumventing network restrictions.

Installation

To get started with DarkFlare, follow these steps:

  1. Download the latest release: Visit the official GitHub Releases page and download the appropriate binary for your operating system.
    • darkflare-client-darwin-arm64 - macOS Apple Silicon
    • darkflare-client-darwin-amd64 - macOS Intel
    • darkflare-client-linux-amd64 - Linux x64
    • darkflare-client-windows-amd64.exe - Windows x64
    • Corresponding darkflare-server-* binaries are also available.
  2. Verify checksums: It is recommended to verify the downloaded binaries against the checksums.txt file provided in the release.
  3. Make binaries executable (for Unix-like systems): 
    chmod +x darkflare-client-* darkflare-server-*

Examples

DarkFlare offers flexible deployment options for both client and server.

Running the Client

Basic port forwarding:

./darkflare-client -l 2222 -t https://cdn.miami.us.doxx.net:443 -d <my ssh server>:22

Direct mode (for debugging/testing):

./darkflare-client -l 2222 -t https://direct.miami.us.doxx.net:443 -d <my ssh server>:22

SSH ProxyCommand mode (no local port binding):

ssh -o ProxyCommand="darkflare-client -l stdin:stdout -t cdn.example.com -d localhost:22" user@remote-server

Running the Server

HTTPS Server (recommended for production):

./darkflare-server -o https://0.0.0.0:443 -c /path/to/cert.pem -k /path/to/key.pem

HTTP Server (for testing):

./darkflare-server -o http://0.0.0.0:8080 -allow-direct

Testing the Connection

Once the client is running, you can connect to your target service:

ssh user@localhost -p 2222

Why Use DarkFlare?

DarkFlare provides a powerful solution for navigating restrictive network environments, offering several key advantages:

  • Bypass Firewalls and Censorship: By encapsulating TCP traffic within HTTPS, DarkFlare can circumvent deep packet inspection and firewall rules that block direct connections. This is particularly useful in countries with strict internet censorship, like China's Great Firewall or similar restrictions in Iran and Russia.
  • Leverage CDN Infrastructure: Services like Cloudflare, Akamai, and Fastly are integral to the global internet. Blocking them would cause significant collateral damage, making them reliable and often unblockable pathways for bypassing restrictions. DarkFlare utilizes this inherent resilience.
  • Versatile Use Cases: It can tunnel various TCP services, including SSH, RDP, and even other VPN protocols like OpenVPN over TCP, allowing users to maintain connectivity and access resources that would otherwise be inaccessible.
  • Obfuscation Techniques: DarkFlare employs several techniques to make traffic appear normal, such as randomizing requests to look like common web traffic (e.g., JPG, PHP with random filenames) and setting client/server headers to mimic regular web browsing.
  • Advanced SSH Integration: Its stdin:stdout client mode allows seamless integration with SSH's ProxyCommand, avoiding local port binding issues and working effectively with existing corporate proxies (SOCKS5, HTTP, HTTPS).
  • Windows Fileless Execution: For specific scenarios, DarkFlare offers DLL variants that can be loaded directly into memory on Windows systems, enabling fileless operation and avoiding disk writes.

Links