How does WARP encrypt all traffic on Windows?

Hey all!

I was searching online to get insights on how WARP is able to “take over” networking (on Windows at least) and intercept all traffic the system generates (if it does that).

Could anybody shed some light, give some pointers how flicking the enable WARP button manages to do this on Windows?

Registry hack? Does any system setting change?

  • I do checked whether the my system’s routing table changes (route print -4 in cmd.exe), but no, no change there (at least ot my :eyes:)
  • No new adapter created, my Wi-Fi adapter’s address don’t change
  • I didn’t see any change in the adapter settings either, DNS settings, IP settings aren’t modified
  • I use and know how WireGuard works, understand what it does, but can’t seem to comprehend how WARP does … “things”

(Mentioning WireGuard here, since WARP is based on BoringTun, which in turn is using the WireGuard protocol as I understood.)

Any pointers on what I could be missing? Thanks in advance folks!

I think it uses WinDivert

Ah, there exists such a thing? Wow, awesome. Thanks!
I can confirm that there are two .dlls in WARP’s program directory called WinDivert.dll and WinDivert64.dll