2gW94/GoodbyeDPI
1
0
Fork 0
mirror of https://github.com/ValdikSS/GoodbyeDPI.git synced 2025-12-17 12:54:36 +03:00
Code Issues Actions Packages Projects Releases Wiki Activity

Compare commits

base: 2gW94:0.0.9
Branches Tags
2gW94:master 2gW94:more-fakes 2gW94:EgorWeders-patch-1 2gW94:quic_block 2gW94:test_windres 2gW94:openvpn 2gW94:windivert2 2gW94:masterv6 2gW94:ipv6 2gW94:windivert-test
2gW94:0.2.3rc3 2gW94:0.2.3rc2 2gW94:0.2.3rc1 2gW94:0.2.2 2gW94:0.2.1 2gW94:0.2.0 2gW94:0.1.8 2gW94:0.1.7 2gW94:0.1.6 2gW94:0.1.5 2gW94:0.1.5rc3 2gW94:0.1.5rc2 2gW94:0.1.5rc1 2gW94:0.1.4 2gW94:0.1.3 2gW94:0.1.2 2gW94:0.1.2rc3 2gW94:0.1.2rc2 2gW94:0.1.2rc1 2gW94:0.1.1 2gW94:0.1.0 2gW94:0.0.9 2gW94:0.0.8 2gW94:0.0.7 2gW94:0.0.6 2gW94:0.0.5 2gW94:0.0.4 2gW94:0.0.3 2gW94:0.0.2 2gW94:0.0.1
...
compare: 2gW94:0.1.0
Branches Tags
2gW94:master 2gW94:more-fakes 2gW94:EgorWeders-patch-1 2gW94:quic_block 2gW94:test_windres 2gW94:openvpn 2gW94:windivert2 2gW94:masterv6 2gW94:ipv6 2gW94:windivert-test
2gW94:0.2.3rc3 2gW94:0.2.3rc2 2gW94:0.2.3rc1 2gW94:0.2.2 2gW94:0.2.1 2gW94:0.2.0 2gW94:0.1.8 2gW94:0.1.7 2gW94:0.1.6 2gW94:0.1.5 2gW94:0.1.5rc3 2gW94:0.1.5rc2 2gW94:0.1.5rc1 2gW94:0.1.4 2gW94:0.1.3 2gW94:0.1.2 2gW94:0.1.2rc3 2gW94:0.1.2rc2 2gW94:0.1.2rc1 2gW94:0.1.1 2gW94:0.1.0 2gW94:0.0.9 2gW94:0.0.8 2gW94:0.0.7 2gW94:0.0.6 2gW94:0.0.5 2gW94:0.0.4 2gW94:0.0.3 2gW94:0.0.2 2gW94:0.0.1

4 Commits
0.0.9 ... 0.1.0

Author SHA1 Message Date
ValdikSS
feb03c74c8 Print message of HTTP fragmentation > 2 incompatibility. 
We can't reliably distinguish HTTP data from other data on port 80 when fragmentation is used.
HTTP method code has a special case which tries to find HTTP method when fragmentation = 1 or 2 is used,
but not for other values.
 2017-08-28 11:46:59 +03:00
ValdikSS
4c13435ee3 Handle Host header after User-Agent header in the HTTP packet. Fixes #29. 
Most browsers would put Host header as early as they could, but not Microsoft Edge.
 2017-08-28 11:45:05 +03:00
ValdikSS
ee665ee3bd Search for HTTP methods in fragmented packets with Window Size 1 or 2. Fixes #30. 2017-08-28 11:43:55 +03:00
ValdikSS
00e4964e73 Remove webdav HTTP methods. They are rarely used and less probably filtered. 2017-08-28 11:42:30 +03:00
1 changed files with 47 additions and 26 deletions
Expand all files Collapse all files

57
goodbyedpi.c
View File

@@ -53,15 +53,6 @@ static const char *http_methods[] = {
"DELETE ",
"CONNECT ",
"OPTIONS ",
"TRACE ",
"PATCH ",
"PROPFIND ",
"PROPPATCH ",
"MKCOL ",
"COPY ",
"MOVE ",
"LOCK ",
"UNLOCK ",
};
static char* dumb_memmem(const char* haystack, int hlen, const char* needle, int nlen) {
@@ -139,12 +130,20 @@ static void change_window_size(const char *pkt, int size) {
}
/* HTTP method end without trailing space */
static PVOID find_http_method_end(const char *pkt) {
static PVOID find_http_method_end(const char *pkt, int offset) {
int i;
for (i = 0; i<(sizeof(http_methods) / sizeof(*http_methods)); i++) {
if (memcmp(pkt, http_methods[i], strlen(http_methods[i])) == 0) {
return (char*)pkt + strlen(http_methods[i]) - 1;
}
/* Try to find HTTP method in a second part of fragmented packet */
if ((offset == 1 || offset == 2) &&
memcmp(pkt, http_methods[i] + offset,
strlen(http_methods[i]) - offset) == 0
)
{
return (char*)pkt + strlen(http_methods[i]) - offset - 1;
}
}
return NULL;
}
@@ -249,6 +248,12 @@ int main(int argc, char *argv[]) {
(do_fragment_https ? https_fragment_size : 0),
do_host, do_host_removespace, do_additional_space);
if (do_fragment_http && http_fragment_size > 2) {
printf("WARNING: HTTP fragmentation values > 2 are not fully compatible "
"with other options. Please use values <= 2 or disable HTTP fragmentation "
"completely.\n");
}
printf("\nOpening filter\n");
filter_num = 0;
@@ -313,8 +318,10 @@ int main(int argc, char *argv[]) {
/* Handle OUTBOUND packet, search for Host header */
else if (addr.Direction == WINDIVERT_DIRECTION_OUTBOUND &&
packet_dataLen > 16 && ppTcpHdr->DstPort == htons(80) &&
find_http_method_end(packet_data) &&
(do_host || do_host_removespace)) {
find_http_method_end(packet_data,
(do_fragment_http ? http_fragment_size : 0)) &&
(do_host || do_host_removespace))
{
data_addr = find_host_header(packet_data, packet_dataLen);
if (data_addr) {
@@ -328,7 +335,8 @@ int main(int argc, char *argv[]) {
if (do_additional_space && do_host_removespace) {
/* End of "Host:" without trailing space */
host_addr = data_addr + strlen(http_host_find) - 1;
method_addr = find_http_method_end(packet_data);
method_addr = find_http_method_end(packet_data,
(do_fragment_http ? http_fragment_size : 0));
if (method_addr) {
memmove(method_addr + 1, method_addr, (PVOID)host_addr - (PVOID)method_addr);
@@ -350,9 +358,7 @@ int main(int argc, char *argv[]) {
*/
host_len = data_addr_rn - host_addr;
useragent_addr = find_useragent_header(packet_data, packet_dataLen);
if (host_len <= 253 && useragent_addr && useragent_addr > host_addr) {
/* Performing action only if User-Agent header goes after Host */
if (host_len <= 253 && useragent_addr) {
useragent_addr += strlen(http_useragent_find);
/* useragent_addr is in the beginning of User-Agent value */
@@ -362,16 +368,31 @@ int main(int argc, char *argv[]) {
/* data_addr_rn is in the end of User-Agent value */
if (data_addr_rn) {
if (useragent_addr > host_addr) {
/* User-Agent goes AFTER Host header */
data_len = (PVOID)data_addr_rn - (PVOID)host_addr;
/* Move one byte to the left from "Host:"
* to the end of User-Agen
/* Move one byte to the LEFT from "Host:"
* to the end of User-Agent
*/
memmove(host_addr - 1, host_addr, data_len);
/* Put space in the end of User-Agent header */
*(char*)(data_addr_rn - 1) = ' ';
//printf("Replaced Host header!\n");
}
else {
/* User-Agent goes BEFORE Host header */
data_len = (PVOID)host_addr - (PVOID)data_addr_rn - 1;
/* Move one byte to the RIGHT from the end of User-Agent
* to the "Host:"
*/
memmove(data_addr_rn + 1, data_addr_rn, data_len);
/* Put space in the end of User-Agent header */
*(char*)(data_addr_rn) = ' ';
//printf("Replaced Host header!\n");
}
}
}
}
}