KPN Tunnel: Payload Injection Method
Learn how to configure KPN Tunnel using the payload injection method to bypass network restrictions.
Payload injection works by modifying the HTTP headers in your connection requests. This can trick mobile carriers into thinking you're accessing allowed content when you're actually accessing the wider internet.
This method is often combined with SSH tunneling for encryption, but can sometimes work on its own for certain carriers.
Important: The effectiveness of payload injection varies by carrier and region. What works for one person might not work for another.
How Payload Injection Works
Modifies HTTP headers like Host, X-Online-Host, and X-Forwarded-Host to make traffic appear to be going to an allowed domain.
Takes advantage of "zero-rated" domains (websites that don't count against your data plan) by making your traffic appear to be going to these domains.
When combined with SSH or other tunneling protocols, your actual internet traffic is encrypted and hidden inside these modified HTTP requests.
Download and Install KPN Tunnel
If you haven't already, download and install the latest version of KPN Tunnel from a trusted source.
Open KPN Tunnel and Create a New Configuration
Launch the app and tap the "+" button to create a new configuration.
Configure Basic Settings
Enter a name for your configuration and select the connection type:
- For SSH + Payload: Select "SSH" as the connection type
- For Direct Payload: Select "Direct" as the connection type
SSH Server Settings (if using SSH)
If you selected SSH as your connection type, enter your SSH server details:
- Server: Your SSH server address (IP or domain)
- Port: Usually 22, 80, or 443
- Username: Your SSH account username
- Password: Your SSH account password
Configure Payload Settings
This is the most important part for the payload injection method:
- Tap on "Payload Settings" or "Advanced Settings"
- Enable "Custom Payload" or "HTTP Headers"
- Enter your payload in the text field (see examples below)
- Set the payload port (usually 80 for HTTP or 443 for HTTPS)
Additional Settings
Configure these optional settings for better performance:
- DNS: Set to 1.1.1.1 or 8.8.8.8 for reliable DNS resolution
- Connection Timeout: 60 seconds is recommended
- Enable "Auto Reconnect" for better stability
Save and Connect
Save your configuration and tap the "Connect" button to start the connection.
Test Your Connection
Open your browser and try accessing a website to verify your connection is working.
Basic HTTP GET
Simple HTTP GET request with basic headers
GET / HTTP/1.1 Host: example.com Connection: keep-alive Upgrade-Insecure-Requests: 1
HTTP with SNI Spoofing
Uses multiple host headers to bypass inspection
GET / HTTP/1.1 Host: cdn.example.com X-Online-Host: cdn.example.com X-Forward-Host: cdn.example.com Connection: keep-alive
Zero-rated Domain
Uses a zero-rated domain that doesn't count against data
GET / HTTP/1.1 Host: free.example.com X-Online-Host: free.example.com Connection: keep-alive Upgrade-Insecure-Requests: 1
Advanced Multi-line
Template for a more complex payload with placeholders
CONNECT [host_port] [protocol] Host: [host_port] X-Online-Host: [host_port] X-Forward-Host: [host_port] Connection: Keep-Alive User-Agent: [ua]
Connection Fails Immediately
If your connection fails as soon as you try to connect:
- Check that your payload format is correct (including \r\n line endings)
- Try a different payload port (switch between 80 and 443)
- Make sure you have an active internet connection
Connected But No Internet
If KPN Tunnel shows connected but you can't access websites:
- Try a different Host domain in your payload
- Check if your carrier has blocked this method
- Try adding more headers to your payload
- Change your DNS settings to 1.1.1.1 or 8.8.8.8
Slow Connection
If your connection is very slow:
- Try a different SSH server if you're using SSH
- Simplify your payload to reduce overhead
- Check your signal strength
Pro Tip: Create multiple configurations with different payloads. If one stops working, you can quickly switch to another.