2gW94/GoodbyeDPI
1
0
Fork 0
mirror of https://github.com/ValdikSS/GoodbyeDPI.git synced 2025-12-17 21:04:36 +03:00
Code Issues Actions Packages Projects Releases Wiki Activity

Compare commits

base: 2gW94:0.0.8
Branches Tags
2gW94:master 2gW94:more-fakes 2gW94:EgorWeders-patch-1 2gW94:quic_block 2gW94:test_windres 2gW94:openvpn 2gW94:windivert2 2gW94:masterv6 2gW94:ipv6 2gW94:windivert-test
2gW94:0.2.3rc3 2gW94:0.2.3rc2 2gW94:0.2.3rc1 2gW94:0.2.2 2gW94:0.2.1 2gW94:0.2.0 2gW94:0.1.8 2gW94:0.1.7 2gW94:0.1.6 2gW94:0.1.5 2gW94:0.1.5rc3 2gW94:0.1.5rc2 2gW94:0.1.5rc1 2gW94:0.1.4 2gW94:0.1.3 2gW94:0.1.2 2gW94:0.1.2rc3 2gW94:0.1.2rc2 2gW94:0.1.2rc1 2gW94:0.1.1 2gW94:0.1.0 2gW94:0.0.9 2gW94:0.0.8 2gW94:0.0.7 2gW94:0.0.6 2gW94:0.0.5 2gW94:0.0.4 2gW94:0.0.3 2gW94:0.0.2 2gW94:0.0.1
..
compare: 2gW94:windivert-test
Branches Tags
2gW94:master 2gW94:more-fakes 2gW94:EgorWeders-patch-1 2gW94:quic_block 2gW94:test_windres 2gW94:openvpn 2gW94:windivert2 2gW94:masterv6 2gW94:ipv6 2gW94:windivert-test
2gW94:0.2.3rc3 2gW94:0.2.3rc2 2gW94:0.2.3rc1 2gW94:0.2.2 2gW94:0.2.1 2gW94:0.2.0 2gW94:0.1.8 2gW94:0.1.7 2gW94:0.1.6 2gW94:0.1.5 2gW94:0.1.5rc3 2gW94:0.1.5rc2 2gW94:0.1.5rc1 2gW94:0.1.4 2gW94:0.1.3 2gW94:0.1.2 2gW94:0.1.2rc3 2gW94:0.1.2rc2 2gW94:0.1.2rc1 2gW94:0.1.1 2gW94:0.1.0 2gW94:0.0.9 2gW94:0.0.8 2gW94:0.0.7 2gW94:0.0.6 2gW94:0.0.5 2gW94:0.0.4 2gW94:0.0.3 2gW94:0.0.2 2gW94:0.0.1

8 Commits
0.0.8 ... windivert-

Author SHA1 Message Date
ValdikSS
64c93d29de Test 2017-09-07 16:01:19 +03:00
ValdikSS
2f0429027d Small refactoring 2017-09-04 22:14:17 +03:00
ValdikSS
feb03c74c8 Print message of HTTP fragmentation > 2 incompatibility. 
We can't reliably distinguish HTTP data from other data on port 80 when fragmentation is used.
HTTP method code has a special case which tries to find HTTP method when fragmentation = 1 or 2 is used,
but not for other values.
 2017-08-28 11:46:59 +03:00
ValdikSS
4c13435ee3 Handle Host header after User-Agent header in the HTTP packet. Fixes #29. 
Most browsers would put Host header as early as they could, but not Microsoft Edge.
 2017-08-28 11:45:05 +03:00
ValdikSS
ee665ee3bd Search for HTTP methods in fragmented packets with Window Size 1 or 2. Fixes #30. 2017-08-28 11:43:55 +03:00
ValdikSS
00e4964e73 Remove webdav HTTP methods. They are rarely used and less probably filtered. 2017-08-28 11:42:30 +03:00
ValdikSS
2fe377a23f Do not handle traffic from private IP ranges 2017-08-15 14:09:47 +03:00
ValdikSS
b74c974235 Print error message if filter initialization fails 2017-08-15 14:09:06 +03:00
1 changed files with 66 additions and 114 deletions
Expand all files Collapse all files

180
goodbyedpi.c
View File

@@ -20,6 +20,21 @@
#define TCP_HDR_LEN 20
#define IPV4_TOTALLEN_OFFSET 2
#define TCP_WINDOWSIZE_OFFSET 14
#define DIVERT_NO_LOCALNETS_DST "(" \
"(ip.DstAddr < 127.0.0.1 or ip.DstAddr > 127.255.255.255) and " \
"(ip.DstAddr < 10.0.0.0 or ip.DstAddr > 10.255.255.255) and " \
"(ip.DstAddr < 192.168.0.0 or ip.DstAddr > 192.168.255.255) and " \
"(ip.DstAddr < 172.16.0.0 or ip.DstAddr > 172.31.255.255) and " \
"(ip.DstAddr < 169.254.0.0 or ip.DstAddr > 169.254.255.255)" \
")"
#define DIVERT_NO_LOCALNETS_SRC "(" \
"(ip.SrcAddr < 127.0.0.1 or ip.SrcAddr > 127.255.255.255) and " \
"(ip.SrcAddr < 10.0.0.0 or ip.SrcAddr > 10.255.255.255) and " \
"(ip.SrcAddr < 192.168.0.0 or ip.SrcAddr > 192.168.255.255) and " \
"(ip.SrcAddr < 172.16.0.0 or ip.SrcAddr > 172.31.255.255) and " \
"(ip.SrcAddr < 169.254.0.0 or ip.SrcAddr > 169.254.255.255)" \
")"
static HANDLE filters[MAX_FILTERS];
static int filter_num = 0;
@@ -38,15 +53,6 @@ static const char *http_methods[] = {
"DELETE ",
"CONNECT ",
"OPTIONS ",
"TRACE ",
"PATCH ",
"PROPFIND ",
"PROPPATCH ",
"MKCOL ",
"COPY ",
"MOVE ",
"LOCK ",
"UNLOCK ",
};
static char* dumb_memmem(const char* haystack, int hlen, const char* needle, int nlen) {
@@ -62,9 +68,15 @@ static char* dumb_memmem(const char* haystack, int hlen, const char* needle, int
}
static HANDLE init(char *filter, UINT64 flags) {
LPTSTR errormessage = NULL;
filter = WinDivertOpen(filter, WINDIVERT_LAYER_NETWORK, 0, flags);
if (filter != INVALID_HANDLE_VALUE)
return filter;
FormatMessage(FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM |
FORMAT_MESSAGE_IGNORE_INSERTS,
NULL, GetLastError(), MAKELANGID(LANG_ENGLISH, SUBLANG_DEFAULT),
(LPTSTR)&errormessage, 0, NULL);
printf("%s", errormessage);
return NULL;
}
@@ -118,11 +130,19 @@ static void change_window_size(const char *pkt, int size) {
}
/* HTTP method end without trailing space */
static PVOID find_http_method_end(const char *pkt) {
static PVOID find_http_method_end(const char *pkt, int offset) {
int i;
for (i = 0; i<(sizeof(http_methods) / sizeof(*http_methods)); i++) {
if (memcmp(pkt, http_methods[i], strlen(http_methods[i])) == 0) {
return (char*)pkt+strlen(http_methods[i]) - 1;
return (char*)pkt + strlen(http_methods[i]) - 1;
}
/* Try to find HTTP method in a second part of fragmented packet */
if ((offset == 1 || offset == 2) &&
memcmp(pkt, http_methods[i] + offset,
strlen(http_methods[i]) - offset) == 0
)
{
return (char*)pkt + strlen(http_methods[i]) - offset - 1;
}
}
return NULL;
@@ -131,7 +151,7 @@ static PVOID find_http_method_end(const char *pkt) {
int main(int argc, char *argv[]) {
static const char fragment_size_message[] =
"Fragment size should be in range [0 - 65535]\n";
int i, should_reinject = 0;
int i, should_reinject, should_recalc_checksum = 0;
int opt;
HANDLE w_filter = NULL;
WINDIVERT_ADDRESS addr;
@@ -228,25 +248,40 @@ int main(int argc, char *argv[]) {
(do_fragment_https ? https_fragment_size : 0),
do_host, do_host_removespace, do_additional_space);
if (do_fragment_http && http_fragment_size > 2) {
printf("WARNING: HTTP fragmentation values > 2 are not fully compatible "
"with other options. Please use values <= 2 or disable HTTP fragmentation "
"completely.\n");
}
printf("\nOpening filter\n");
filter_num = 0;
if (do_passivedpi) {
/* Filter for inbound RST packets with ID = 0 or 1 */
filters[filter_num] = init("inbound and (ip.Id == 0x0001 or ip.Id == 0x0000) and "
"(tcp.SrcPort == 443 or tcp.SrcPort == 80) and tcp.Rst",
WINDIVERT_FLAG_DROP);
/* IPv4 filter for inbound RST packets with ID = 0 or 1 */
filters[filter_num] = init(
"inbound and ip and tcp and "
"(ip.Id == 0x0001 or ip.Id == 0x0000) and "
"(tcp.SrcPort == 443 or tcp.SrcPort == 80) and tcp.Rst and "
DIVERT_NO_LOCALNETS_SRC,
WINDIVERT_FLAG_DROP);
filter_num++;
}
/*
* Filter for inbound HTTP redirection packets and
* IPv4 filter for inbound HTTP redirection packets and
* active DPI circumvention
*/
filters[filter_num] = init("(inbound and (ip.Id == 0x0001 or ip.Id == 0x0000) and tcp.SrcPort == 80 and tcp.Ack) "
"or (inbound and (tcp.SrcPort == 80 or tcp.SrcPort == 443) and tcp.Ack and tcp.Syn) "
"or (outbound and (tcp.DstPort == 80 or tcp.DstPort == 443) and tcp.Ack)",
0);
filters[filter_num] = init("ip and tcp and "
"(inbound and (("
"((ip.Id == 0x0001 or ip.Id == 0x0000) and tcp.SrcPort == 80 and tcp.Ack) or "
"((tcp.SrcPort == 80 or tcp.SrcPort == 443) and tcp.Ack and tcp.Syn)"
") and " DIVERT_NO_LOCALNETS_SRC ") or "
"(outbound and "
"(tcp.DstPort == 80 or tcp.DstPort == 443) and tcp.Ack and "
DIVERT_NO_LOCALNETS_DST ")"
")",
0);
w_filter = filters[filter_num];
filter_num++;
@@ -260,103 +295,22 @@ int main(int argc, char *argv[]) {
signal(SIGINT, sigint_handler);
while (1) {
if (WinDivertRecv(w_filter, packet, sizeof(packet), &addr, &packetLen)) {
//printf("Got %s packet, len=%d!\n", addr.Direction ? "inbound" : "outbound",
// packetLen);
should_reinject = 1;
if (WinDivertRecv(w_filter, packet, sizeof(packet), &addr, &packetLen)) {
printf("Got %s packet, len=%d!\n", addr.Direction ? "inbound" : "outbound",
packetLen);
// do nothing for DATA packet
if (WinDivertHelperParsePacket(packet, packetLen, &ppIpHdr,
NULL, NULL, NULL, &ppTcpHdr, NULL, &packet_data, &packet_dataLen)) {
//printf("Got parsed packet, len=%d!\n", packet_dataLen);
/* Got a packet WITH DATA */
/* Handle INBOUND packet with data and find HTTP REDIRECT in there */
if (addr.Direction == WINDIVERT_DIRECTION_INBOUND && packet_dataLen > 16) {
/* If INBOUND packet with DATA (tcp.Ack) */
/* Drop packets from filter with HTTP 30x Redirect */
if (do_passivedpi && is_passivedpi_redirect(packet_data, packet_dataLen)) {
//printf("Dropping HTTP Redirect packet!\n");
should_reinject = 0;
}
}
/* Handle OUTBOUND packet, search for Host header */
else if (addr.Direction == WINDIVERT_DIRECTION_OUTBOUND &&
packet_dataLen > 16 && ppTcpHdr->DstPort == htons(80) &&
find_http_method_end(packet_data) &&
(do_host || do_host_removespace)) {
data_addr = find_host_header(packet_data, packet_dataLen);
if (data_addr) {
if (do_host) {
/* Replace "Host: " with "hoSt: " */
memcpy(data_addr, http_host_replace, strlen(http_host_replace));
//printf("Replaced Host header!\n");
}
if (do_additional_space && do_host_removespace) {
/* End of "Host:" without trailing space */
host_addr = data_addr + strlen(http_host_find) - 1;
method_addr = find_http_method_end(packet_data);
if (method_addr) {
memmove(method_addr + 1, method_addr, (PVOID)host_addr - (PVOID)method_addr);
}
}
else if (do_host_removespace) {
host_addr = data_addr + strlen(http_host_find);
data_addr_rn = dumb_memmem(host_addr,
packet_dataLen - ((PVOID)host_addr - packet_data),
"\r\n", 2);
if (data_addr_rn) {
/* We move Host header value by one byte to the left and then
* "insert" stolen space to the end of User-Agent value because
* some web servers are not tolerant to additional space in the
* end of Host header.
*
* Nothing is done if User-Agent header is missing.
*/
host_len = data_addr_rn - host_addr;
useragent_addr = find_useragent_header(packet_data, packet_dataLen);
if (host_len <= 253 && useragent_addr && useragent_addr > host_addr) {
/* Performing action only if User-Agent header goes after Host */
useragent_addr += strlen(http_useragent_find);
/* useragent_addr is in the beginning of User-Agent value */
data_len = packet_dataLen - ((PVOID)useragent_addr - packet_data);
data_addr_rn = dumb_memmem(useragent_addr,
data_len, "\r\n", 2);
/* data_addr_rn is in the end of User-Agent value */
if (data_addr_rn) {
data_len = (PVOID)data_addr_rn - (PVOID)host_addr;
/* Move one byte to the left from "Host:"
* to the end of User-Agen
*/
memmove(host_addr - 1, host_addr, data_len);
/* Put space in the end of User-Agent header */
*(char*)(data_addr_rn - 1) = ' ';
//printf("Replaced Host header!\n");
}
}
}
}
WinDivertHelperCalcChecksums(packet, packetLen, 0);
}
}
}
/* Else if we got TCP packet without data */
// reduce window size on non-data packet
else if (WinDivertHelperParsePacket(packet, packetLen, &ppIpHdr,
NULL, NULL, NULL, &ppTcpHdr, NULL, NULL, NULL)) {
/* If we got SYN+ACK packet */
if (addr.Direction == WINDIVERT_DIRECTION_INBOUND &&
ppTcpHdr->Syn == 1) {
//printf("Changing Window Size!\n");
printf("Changing Window Size!\n");
if (do_fragment_http && ppTcpHdr->SrcPort == htons(80)) {
change_window_size(packet, http_fragment_size);
WinDivertHelperCalcChecksums(packet, packetLen, 0);
@@ -367,11 +321,9 @@ int main(int argc, char *argv[]) {
}
}
}
if (should_reinject) {
//printf("Re-injecting!\n");
WinDivertSend(w_filter, packet, packetLen, &addr, NULL);
}
// uncomment this to make it work
//WinDivertHelperCalcChecksums(packet, packetLen, 0);
WinDivertSend(w_filter, packet, packetLen, &addr, NULL);
}
else {
// error, ignore