WinDivert

Windows Packet Divert (WinDivert) is a user-mode packet capture-and-divert package for Windows 2008, Windows 7, Windows 8, Windows 10 and Windows 2016.

WinDivert allows user-mode applications to capture/modify/drop network packets sent to/from the Windows network stack. In summary, WinDivert can:

• capture network packets
• filter/drop network packets
• sniff network packets
• (re)inject network packets
• modify network packets

WinDivert can be used to implement user-mode packet filters, packet sniffers, firewalls, NAT, VPNs, tunneling applications, etc.

The main features of WinDivert include:

• packet interception, sniffing, or dropping modes
• supports loopback (localhost) traffic
• full IPv6 support
• network layer
• simple yet powerful API
• high-level filtering language
• filter priorities
• silent installation
• freely available under the terms of the GNU Lesser General Public License (LGPL)

• WinDivert Reference Manual:
  • WinDivert 2.2
  • WinDivert 1.4
• WinDivert README.
• WinDivert ChangeLog.
• WinDivert FAQ.
• WinDivert 2.2 sample applications including:
  • flowtrack.c: A network flow tracking application.
  • netdump.c: A simple packet capture and dump application.
  • netfilter.c: A simple firewall application.
  • passthru.c: A skeleton WinDivert application with multi-threading.
  • socketdump.c: Dumps socket operations.
  • streamdump.c: Redirects TCP streams to a local proxy server.
  • webfilter.c: A simple URL blacklist filter.

The source code for WinDivert is hosted on GitHub:

• https://github.com/basil00/Divert

Note that the repository version of WinDivert should generally be considered unstable.

The following source packages for WinDivert are available:

• WinDivert-2.2.0-Source.zip (Source zipfile)
• WinDivert-1.4.3-Source.zip (Source zipfile)

The following binary packages for WinDivert are available.

• WinDivert-2.2.0-A.zip, WinDivert-2.2.0-B.zip, or WinDivert-2.2.0-C.zip
• WinDivert-1.4.3-A.zip or WinDivert-1.4.3-B.zip

NOTES:

1. The WinDivert A/B/C variants are identical except for the driver signature. For most applications it does not matter which variant is used.
2. We would like to thank our sponsors who helped sign the drivers:
   • ParentsDansLesParages (Ars Nova Systems, also see here for the English site), and
   • Preempt Security
   Commercial users of WinDivert ought to sign the driver with their own certificate if possible.
3. The WinDivert 1.4.X and 2.X APIs are different, so please consult the documentation. The newer 2.X API offers several new features over the older 1.4.X API, including new layers, process IDs, filter language extensions, batch mode, and reflection capabilities. The older 1.4.X API will eventually be retired.
4. To use WinDivert please ensure that the application has Administrator privileges, else the WinDivert will fail to load.
5. The current driver signature(s) have some caveats:
   • Windows 7 systems must be up-to-date or at least have KB3033929 installed.
   • Windows Server 2016 systems must have secure boot disabled.

The following projects use WinDivert:

• ReQrypt: A HTTP request tunneling tool.
• TcpCrypt (github): Encrypt (almost) all of your network traffic.
• Suricata (github): Network threat detection engine.
• GoodbyeDPI: Deep Packet Inspection (DPI) circumvention utility.
• BarbaTunnel (old link): Tunnel VPN traffic through HTTP.
• PyDivert: A WinDivert Python binding.
• jdivert: A WinDivert Java binding.
• Stahp It: HTTP/S content filter (see also HttpFilteringEngine).
• WinDivertSharp: A WinDivert C# binding.
• Tallow (github): Transparent Tor for Windows.
• Clumsy (github): A utility for simulating a broken network for Windows.
• Inssidious (github): A mobile app network testing tool.
• LumoGate: A captive web portal solution.
• SnoopSpy (github): A packet capturing/manipulation tool.
• mitmproxy (dev version): An interactive SSL-capable intercepting HTTP proxy.
• PureBasic interface to WinDivert (webpage).
• WinDivertTool: A tool for managing WinDivert applications.

Disclaimer: Links provided for information only---there is no endorsement nor guarantee regarding software quality and/or fitness for purpose, etc., nor do we accept liability for loss or damages, etc.

Contact basil if you want to add a link to your WinDivert-related project.

Send feedback and/or questions to: basil@reqrypt.org