mirror of
https://github.com/ValdikSS/GoodbyeDPI.git
synced 2025-12-17 21:04:36 +03:00
Compare commits
9 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
87c354addf | ||
|
|
9fa2956065 | ||
|
|
2f0429027d | ||
|
|
feb03c74c8 | ||
|
|
4c13435ee3 | ||
|
|
ee665ee3bd | ||
|
|
00e4964e73 | ||
|
|
2fe377a23f | ||
|
|
b74c974235 |
3
Makefile
3
Makefile
@@ -7,7 +7,8 @@ LIBS = -L $(WINDIVERTLIBS) -lWinDivert -lws2_32
|
|||||||
CC = $(CPREFIX)-gcc
|
CC = $(CPREFIX)-gcc
|
||||||
CCWINDRES = $(CPREFIX)-windres
|
CCWINDRES = $(CPREFIX)-windres
|
||||||
CFLAGS = -Wall -I $(WINDIVERTHEADERS) -L $(WINDIVERTLIBS) \
|
CFLAGS = -Wall -I $(WINDIVERTHEADERS) -L $(WINDIVERTLIBS) \
|
||||||
-O2 -fPIE -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2
|
-O2 -pie -fPIE -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2
|
||||||
|
LDFLAGS = -pie
|
||||||
|
|
||||||
.PHONY: default all clean
|
.PHONY: default all clean
|
||||||
|
|
||||||
|
|||||||
154
goodbyedpi.c
154
goodbyedpi.c
@@ -21,6 +21,21 @@
|
|||||||
#define IPV4_TOTALLEN_OFFSET 2
|
#define IPV4_TOTALLEN_OFFSET 2
|
||||||
#define TCP_WINDOWSIZE_OFFSET 14
|
#define TCP_WINDOWSIZE_OFFSET 14
|
||||||
|
|
||||||
|
#define DIVERT_NO_LOCALNETS_DST "(" \
|
||||||
|
"(ip.DstAddr < 127.0.0.1 or ip.DstAddr > 127.255.255.255) and " \
|
||||||
|
"(ip.DstAddr < 10.0.0.0 or ip.DstAddr > 10.255.255.255) and " \
|
||||||
|
"(ip.DstAddr < 192.168.0.0 or ip.DstAddr > 192.168.255.255) and " \
|
||||||
|
"(ip.DstAddr < 172.16.0.0 or ip.DstAddr > 172.31.255.255) and " \
|
||||||
|
"(ip.DstAddr < 169.254.0.0 or ip.DstAddr > 169.254.255.255)" \
|
||||||
|
")"
|
||||||
|
#define DIVERT_NO_LOCALNETS_SRC "(" \
|
||||||
|
"(ip.SrcAddr < 127.0.0.1 or ip.SrcAddr > 127.255.255.255) and " \
|
||||||
|
"(ip.SrcAddr < 10.0.0.0 or ip.SrcAddr > 10.255.255.255) and " \
|
||||||
|
"(ip.SrcAddr < 192.168.0.0 or ip.SrcAddr > 192.168.255.255) and " \
|
||||||
|
"(ip.SrcAddr < 172.16.0.0 or ip.SrcAddr > 172.31.255.255) and " \
|
||||||
|
"(ip.SrcAddr < 169.254.0.0 or ip.SrcAddr > 169.254.255.255)" \
|
||||||
|
")"
|
||||||
|
|
||||||
static HANDLE filters[MAX_FILTERS];
|
static HANDLE filters[MAX_FILTERS];
|
||||||
static int filter_num = 0;
|
static int filter_num = 0;
|
||||||
static const char *http10_redirect_302 = "HTTP/1.0 302 ";
|
static const char *http10_redirect_302 = "HTTP/1.0 302 ";
|
||||||
@@ -38,15 +53,6 @@ static const char *http_methods[] = {
|
|||||||
"DELETE ",
|
"DELETE ",
|
||||||
"CONNECT ",
|
"CONNECT ",
|
||||||
"OPTIONS ",
|
"OPTIONS ",
|
||||||
"TRACE ",
|
|
||||||
"PATCH ",
|
|
||||||
"PROPFIND ",
|
|
||||||
"PROPPATCH ",
|
|
||||||
"MKCOL ",
|
|
||||||
"COPY ",
|
|
||||||
"MOVE ",
|
|
||||||
"LOCK ",
|
|
||||||
"UNLOCK ",
|
|
||||||
};
|
};
|
||||||
|
|
||||||
static char* dumb_memmem(const char* haystack, int hlen, const char* needle, int nlen) {
|
static char* dumb_memmem(const char* haystack, int hlen, const char* needle, int nlen) {
|
||||||
@@ -62,9 +68,15 @@ static char* dumb_memmem(const char* haystack, int hlen, const char* needle, int
|
|||||||
}
|
}
|
||||||
|
|
||||||
static HANDLE init(char *filter, UINT64 flags) {
|
static HANDLE init(char *filter, UINT64 flags) {
|
||||||
|
LPTSTR errormessage = NULL;
|
||||||
filter = WinDivertOpen(filter, WINDIVERT_LAYER_NETWORK, 0, flags);
|
filter = WinDivertOpen(filter, WINDIVERT_LAYER_NETWORK, 0, flags);
|
||||||
if (filter != INVALID_HANDLE_VALUE)
|
if (filter != INVALID_HANDLE_VALUE)
|
||||||
return filter;
|
return filter;
|
||||||
|
FormatMessage(FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM |
|
||||||
|
FORMAT_MESSAGE_IGNORE_INSERTS,
|
||||||
|
NULL, GetLastError(), MAKELANGID(LANG_ENGLISH, SUBLANG_DEFAULT),
|
||||||
|
(LPTSTR)&errormessage, 0, NULL);
|
||||||
|
printf("%s", errormessage);
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -118,11 +130,19 @@ static void change_window_size(const char *pkt, int size) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
/* HTTP method end without trailing space */
|
/* HTTP method end without trailing space */
|
||||||
static PVOID find_http_method_end(const char *pkt) {
|
static PVOID find_http_method_end(const char *pkt, int offset) {
|
||||||
int i;
|
int i;
|
||||||
for (i = 0; i<(sizeof(http_methods) / sizeof(*http_methods)); i++) {
|
for (i = 0; i<(sizeof(http_methods) / sizeof(*http_methods)); i++) {
|
||||||
if (memcmp(pkt, http_methods[i], strlen(http_methods[i])) == 0) {
|
if (memcmp(pkt, http_methods[i], strlen(http_methods[i])) == 0) {
|
||||||
return (char*)pkt+strlen(http_methods[i]) - 1;
|
return (char*)pkt + strlen(http_methods[i]) - 1;
|
||||||
|
}
|
||||||
|
/* Try to find HTTP method in a second part of fragmented packet */
|
||||||
|
if ((offset == 1 || offset == 2) &&
|
||||||
|
memcmp(pkt, http_methods[i] + offset,
|
||||||
|
strlen(http_methods[i]) - offset) == 0
|
||||||
|
)
|
||||||
|
{
|
||||||
|
return (char*)pkt + strlen(http_methods[i]) - offset - 1;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return NULL;
|
return NULL;
|
||||||
@@ -131,7 +151,7 @@ static PVOID find_http_method_end(const char *pkt) {
|
|||||||
int main(int argc, char *argv[]) {
|
int main(int argc, char *argv[]) {
|
||||||
static const char fragment_size_message[] =
|
static const char fragment_size_message[] =
|
||||||
"Fragment size should be in range [0 - 65535]\n";
|
"Fragment size should be in range [0 - 65535]\n";
|
||||||
int i, should_reinject = 0;
|
int i, should_reinject, should_recalc_checksum = 0;
|
||||||
int opt;
|
int opt;
|
||||||
HANDLE w_filter = NULL;
|
HANDLE w_filter = NULL;
|
||||||
WINDIVERT_ADDRESS addr;
|
WINDIVERT_ADDRESS addr;
|
||||||
@@ -228,25 +248,40 @@ int main(int argc, char *argv[]) {
|
|||||||
(do_fragment_https ? https_fragment_size : 0),
|
(do_fragment_https ? https_fragment_size : 0),
|
||||||
do_host, do_host_removespace, do_additional_space);
|
do_host, do_host_removespace, do_additional_space);
|
||||||
|
|
||||||
|
if (do_fragment_http && http_fragment_size > 2) {
|
||||||
|
printf("WARNING: HTTP fragmentation values > 2 are not fully compatible "
|
||||||
|
"with other options. Please use values <= 2 or disable HTTP fragmentation "
|
||||||
|
"completely.\n");
|
||||||
|
}
|
||||||
|
|
||||||
printf("\nOpening filter\n");
|
printf("\nOpening filter\n");
|
||||||
filter_num = 0;
|
filter_num = 0;
|
||||||
|
|
||||||
if (do_passivedpi) {
|
if (do_passivedpi) {
|
||||||
/* Filter for inbound RST packets with ID = 0 or 1 */
|
/* IPv4 filter for inbound RST packets with ID = 0 or 1 */
|
||||||
filters[filter_num] = init("inbound and (ip.Id == 0x0001 or ip.Id == 0x0000) and "
|
filters[filter_num] = init(
|
||||||
"(tcp.SrcPort == 443 or tcp.SrcPort == 80) and tcp.Rst",
|
"inbound and ip and tcp and "
|
||||||
WINDIVERT_FLAG_DROP);
|
"(ip.Id == 0x0001 or ip.Id == 0x0000) and "
|
||||||
|
"(tcp.SrcPort == 443 or tcp.SrcPort == 80) and tcp.Rst and "
|
||||||
|
DIVERT_NO_LOCALNETS_SRC,
|
||||||
|
WINDIVERT_FLAG_DROP);
|
||||||
filter_num++;
|
filter_num++;
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Filter for inbound HTTP redirection packets and
|
* IPv4 filter for inbound HTTP redirection packets and
|
||||||
* active DPI circumvention
|
* active DPI circumvention
|
||||||
*/
|
*/
|
||||||
filters[filter_num] = init("(inbound and (ip.Id == 0x0001 or ip.Id == 0x0000) and tcp.SrcPort == 80 and tcp.Ack) "
|
filters[filter_num] = init("ip and tcp and "
|
||||||
"or (inbound and (tcp.SrcPort == 80 or tcp.SrcPort == 443) and tcp.Ack and tcp.Syn) "
|
"(inbound and (("
|
||||||
"or (outbound and (tcp.DstPort == 80 or tcp.DstPort == 443) and tcp.Ack)",
|
"((ip.Id == 0x0001 or ip.Id == 0x0000) and tcp.SrcPort == 80 and tcp.Ack) or "
|
||||||
0);
|
"((tcp.SrcPort == 80 or tcp.SrcPort == 443) and tcp.Ack and tcp.Syn)"
|
||||||
|
") and " DIVERT_NO_LOCALNETS_SRC ") or "
|
||||||
|
"(outbound and "
|
||||||
|
"(tcp.DstPort == 80 or tcp.DstPort == 443) and tcp.Ack and "
|
||||||
|
DIVERT_NO_LOCALNETS_DST ")"
|
||||||
|
")",
|
||||||
|
0);
|
||||||
|
|
||||||
w_filter = filters[filter_num];
|
w_filter = filters[filter_num];
|
||||||
filter_num++;
|
filter_num++;
|
||||||
@@ -264,6 +299,7 @@ int main(int argc, char *argv[]) {
|
|||||||
//printf("Got %s packet, len=%d!\n", addr.Direction ? "inbound" : "outbound",
|
//printf("Got %s packet, len=%d!\n", addr.Direction ? "inbound" : "outbound",
|
||||||
// packetLen);
|
// packetLen);
|
||||||
should_reinject = 1;
|
should_reinject = 1;
|
||||||
|
should_recalc_checksum = 0;
|
||||||
|
|
||||||
if (WinDivertHelperParsePacket(packet, packetLen, &ppIpHdr,
|
if (WinDivertHelperParsePacket(packet, packetLen, &ppIpHdr,
|
||||||
NULL, NULL, NULL, &ppTcpHdr, NULL, &packet_data, &packet_dataLen)) {
|
NULL, NULL, NULL, &ppTcpHdr, NULL, &packet_data, &packet_dataLen)) {
|
||||||
@@ -283,8 +319,10 @@ int main(int argc, char *argv[]) {
|
|||||||
/* Handle OUTBOUND packet, search for Host header */
|
/* Handle OUTBOUND packet, search for Host header */
|
||||||
else if (addr.Direction == WINDIVERT_DIRECTION_OUTBOUND &&
|
else if (addr.Direction == WINDIVERT_DIRECTION_OUTBOUND &&
|
||||||
packet_dataLen > 16 && ppTcpHdr->DstPort == htons(80) &&
|
packet_dataLen > 16 && ppTcpHdr->DstPort == htons(80) &&
|
||||||
find_http_method_end(packet_data) &&
|
find_http_method_end(packet_data,
|
||||||
(do_host || do_host_removespace)) {
|
(do_fragment_http ? http_fragment_size : 0)) &&
|
||||||
|
(do_host || do_host_removespace))
|
||||||
|
{
|
||||||
|
|
||||||
data_addr = find_host_header(packet_data, packet_dataLen);
|
data_addr = find_host_header(packet_data, packet_dataLen);
|
||||||
if (data_addr) {
|
if (data_addr) {
|
||||||
@@ -292,16 +330,19 @@ int main(int argc, char *argv[]) {
|
|||||||
if (do_host) {
|
if (do_host) {
|
||||||
/* Replace "Host: " with "hoSt: " */
|
/* Replace "Host: " with "hoSt: " */
|
||||||
memcpy(data_addr, http_host_replace, strlen(http_host_replace));
|
memcpy(data_addr, http_host_replace, strlen(http_host_replace));
|
||||||
|
should_recalc_checksum = 1;
|
||||||
//printf("Replaced Host header!\n");
|
//printf("Replaced Host header!\n");
|
||||||
}
|
}
|
||||||
|
|
||||||
if (do_additional_space && do_host_removespace) {
|
if (do_additional_space && do_host_removespace) {
|
||||||
/* End of "Host:" without trailing space */
|
/* End of "Host:" without trailing space */
|
||||||
host_addr = data_addr + strlen(http_host_find) - 1;
|
host_addr = data_addr + strlen(http_host_find) - 1;
|
||||||
method_addr = find_http_method_end(packet_data);
|
method_addr = find_http_method_end(packet_data,
|
||||||
|
(do_fragment_http ? http_fragment_size : 0));
|
||||||
|
|
||||||
if (method_addr) {
|
if (method_addr) {
|
||||||
memmove(method_addr + 1, method_addr, (PVOID)host_addr - (PVOID)method_addr);
|
memmove(method_addr + 1, method_addr, (PVOID)host_addr - (PVOID)method_addr);
|
||||||
|
should_recalc_checksum = 1;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
else if (do_host_removespace) {
|
else if (do_host_removespace) {
|
||||||
@@ -320,36 +361,50 @@ int main(int argc, char *argv[]) {
|
|||||||
*/
|
*/
|
||||||
host_len = data_addr_rn - host_addr;
|
host_len = data_addr_rn - host_addr;
|
||||||
useragent_addr = find_useragent_header(packet_data, packet_dataLen);
|
useragent_addr = find_useragent_header(packet_data, packet_dataLen);
|
||||||
if (host_len <= 253 && useragent_addr && useragent_addr > host_addr) {
|
if (host_len <= 253 && useragent_addr) {
|
||||||
/* Performing action only if User-Agent header goes after Host */
|
|
||||||
|
|
||||||
useragent_addr += strlen(http_useragent_find);
|
useragent_addr += strlen(http_useragent_find);
|
||||||
/* useragent_addr is in the beginning of User-Agent value */
|
/* useragent_addr is in the beginning of User-Agent value */
|
||||||
|
|
||||||
data_len = packet_dataLen - ((PVOID)useragent_addr - packet_data);
|
data_len = packet_dataLen - ((PVOID)useragent_addr - packet_data);
|
||||||
data_addr_rn = dumb_memmem(useragent_addr,
|
data_addr_rn = dumb_memmem(useragent_addr,
|
||||||
data_len, "\r\n", 2);
|
data_len, "\r\n", 2);
|
||||||
/* data_addr_rn is in the end of User-Agent value */
|
/* data_addr_rn is in the end of User-Agent value */
|
||||||
|
|
||||||
if (data_addr_rn) {
|
if (data_addr_rn) {
|
||||||
data_len = (PVOID)data_addr_rn - (PVOID)host_addr;
|
if (useragent_addr > host_addr) {
|
||||||
|
/* User-Agent goes AFTER Host header */
|
||||||
|
data_len = (PVOID)data_addr_rn - (PVOID)host_addr;
|
||||||
|
|
||||||
/* Move one byte to the left from "Host:"
|
/* Move one byte to the LEFT from "Host:"
|
||||||
* to the end of User-Agen
|
* to the end of User-Agent
|
||||||
*/
|
*/
|
||||||
memmove(host_addr - 1, host_addr, data_len);
|
memmove(host_addr - 1, host_addr, data_len);
|
||||||
/* Put space in the end of User-Agent header */
|
/* Put space in the end of User-Agent header */
|
||||||
*(char*)(data_addr_rn - 1) = ' ';
|
*(char*)(data_addr_rn - 1) = ' ';
|
||||||
//printf("Replaced Host header!\n");
|
should_recalc_checksum = 1;
|
||||||
}
|
//printf("Replaced Host header!\n");
|
||||||
}
|
}
|
||||||
}
|
else {
|
||||||
}
|
/* User-Agent goes BEFORE Host header */
|
||||||
|
data_len = (PVOID)host_addr - (PVOID)data_addr_rn - 1;
|
||||||
|
|
||||||
|
/* Move one byte to the RIGHT from the end of User-Agent
|
||||||
|
* to the "Host:"
|
||||||
|
*/
|
||||||
|
memmove(data_addr_rn + 1, data_addr_rn, data_len);
|
||||||
|
/* Put space in the end of User-Agent header */
|
||||||
|
*(char*)(data_addr_rn) = ' ';
|
||||||
|
should_recalc_checksum = 1;
|
||||||
|
//printf("Replaced Host header!\n");
|
||||||
|
}
|
||||||
|
} /* if (dara_addr_rn) */
|
||||||
|
} /* if (host_len <= 253 && useragent_addr) */
|
||||||
|
} /* if (data_addr_rn) */
|
||||||
|
} /* else if (do_host_removespace) */
|
||||||
|
} /* if (data_addr) */
|
||||||
|
} /* Handle OUTBOUND packet with data */
|
||||||
|
} /* Handle packet with data */
|
||||||
|
|
||||||
WinDivertHelperCalcChecksums(packet, packetLen, 0);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
/* Else if we got TCP packet without data */
|
/* Else if we got TCP packet without data */
|
||||||
else if (WinDivertHelperParsePacket(packet, packetLen, &ppIpHdr,
|
else if (WinDivertHelperParsePacket(packet, packetLen, &ppIpHdr,
|
||||||
NULL, NULL, NULL, &ppTcpHdr, NULL, NULL, NULL)) {
|
NULL, NULL, NULL, &ppTcpHdr, NULL, NULL, NULL)) {
|
||||||
@@ -359,17 +414,24 @@ int main(int argc, char *argv[]) {
|
|||||||
//printf("Changing Window Size!\n");
|
//printf("Changing Window Size!\n");
|
||||||
if (do_fragment_http && ppTcpHdr->SrcPort == htons(80)) {
|
if (do_fragment_http && ppTcpHdr->SrcPort == htons(80)) {
|
||||||
change_window_size(packet, http_fragment_size);
|
change_window_size(packet, http_fragment_size);
|
||||||
WinDivertHelperCalcChecksums(packet, packetLen, 0);
|
should_recalc_checksum = 1;
|
||||||
}
|
}
|
||||||
else if (do_fragment_https && ppTcpHdr->SrcPort != htons(80)) {
|
else if (do_fragment_https && ppTcpHdr->SrcPort != htons(80)) {
|
||||||
change_window_size(packet, https_fragment_size);
|
change_window_size(packet, https_fragment_size);
|
||||||
WinDivertHelperCalcChecksums(packet, packetLen, 0);
|
should_recalc_checksum = 1;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (should_reinject) {
|
if (should_reinject) {
|
||||||
//printf("Re-injecting!\n");
|
//printf("Re-injecting!\n");
|
||||||
|
if (should_recalc_checksum) {
|
||||||
|
WinDivertHelperCalcChecksums(packet, packetLen, 0);
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
WinDivertHelperCalcChecksums(packet, packetLen,
|
||||||
|
WINDIVERT_HELPER_NO_REPLACE);
|
||||||
|
}
|
||||||
WinDivertSend(w_filter, packet, packetLen, &addr, NULL);
|
WinDivertSend(w_filter, packet, packetLen, &addr, NULL);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user