WinDivert 1.4: Windows Packet Divert
Windows Packet Divert (WinDivert) is a user-mode packet capture-and-divert package for Windows 2008, Windows 7, Windows 8, Windows 10 and Windows 2016.
WinDivert allows user-mode applications to capture/modify/drop network packets sent to/from the Windows network stack. In summary, WinDivert can:
- capture network packets
- filter/drop network packets
- sniff network packets
- (re)inject network packets
- modify network packets
WinDivert can be used to implement user-mode packet filters, packet sniffers, firewalls, NAT, VPNs, tunneling applications, etc.
The main features of WinDivert include:
- packet interception, sniffing, or dropping modes
- supports loopback (localhost) traffic
- full IPv6 support
- network layer
- simple yet powerful API
- high-level filtering language
- filter priorities
- silent installation
- freely available under the terms of the GNU Lesser General Public License (LGPL)
➢ Documentation and Samples
- WinDivert Documentation: The WinDivert manual.
- WinDivert README.
- WinDivert ChangeLog.
- WinDivert FAQ.
- WinDivert sample applications including:
➢ Source Repository
The source code for WinDivert is hosted on GitHub:
Note that the repository version of WinDivert should generally be considered unstable.
The following stable source packages for WinDivert are available:
- WinDivert-1.4.3-Source.zip (Source zipfile)
The following stable binary packages for WinDivert are available.
- The WinDivert 1.4 API differs from older versions.
Compared to the WinDivert 1.3 API:
- The WINDIVERT_ADDRESS layout has changed.
- The WinDivertHelperCalcChecksums interface has changed.
- It is no longer necessary to calculate checksums when re-injecting unmodified packets.
- To use WinDivert please ensure that you use the correct version (i.e. 32-bit WinDivert for 32-bit system, etc.) and that you are running with Administrator privileges, otherwise WinDivert will fail to load.
- As of version 1.0.4, the binary WinDivert drivers are signed by
one or more of our sponsors.
We would like to thank
(Ars Nova Systems, also see here
for the English site) for their support.
Commercial users of WinDivert should sign the
driver with their own certificate if possible.
Note that the current driver signature has some caveats:
- Windows 7 systems must be up-to-date or at least have KB3033929 installed.
- Windows Server 2016 systems must have secure boot disabled.
- The WinDivert A and B variants are identical aside from the driver signatures. For most applications it does not matter which variant is used.
The following projects use WinDivert:
- ReQrypt: A HTTP request tunneling tool.
- TcpCrypt (github): Encrypt (almost) all of your network traffic.
- Suricata (github): Network threat detection engine.
- GoodbyeDPI: Deep Packet Inspection (DPI) circumvention utility.
- BarbaTunnel (old link): Tunnel VPN traffic through HTTP.
- PyDivert: A WinDivert Python binding.
- jdivert: A WinDivert Java binding.
- Stahp It: HTTP/S content filter (see also HttpFilteringEngine).
- WinDivertSharp: A WinDivert C# binding.
- Tallow (github): Transparent Tor for Windows.
- Clumsy (github): A utility for simulating a broken network for Windows.
- Inssidious (github): A mobile app network testing tool.
- LumoGate: A captive web portal solution.
- SnoopSpy (github): A packet capturing/manipulation tool.
- mitmproxy (dev version): An interactive SSL-capable intercepting HTTP proxy.
- PureBasic interface to WinDivert (webpage).
Contact basil if you want to add a link to your WinDivert-related project.
Send feedback and/or questions to: