2gW94/GoodbyeDPI
1
0
Fork 0
mirror of https://github.com/ValdikSS/GoodbyeDPI.git synced 2025-12-17 12:54:36 +03:00
Code Issues Actions Packages Projects Releases Wiki Activity

Compare commits

base: 2gW94:0.0.9
Branches Tags
2gW94:master 2gW94:more-fakes 2gW94:EgorWeders-patch-1 2gW94:quic_block 2gW94:test_windres 2gW94:openvpn 2gW94:windivert2 2gW94:masterv6 2gW94:ipv6 2gW94:windivert-test
2gW94:0.2.3rc3 2gW94:0.2.3rc2 2gW94:0.2.3rc1 2gW94:0.2.2 2gW94:0.2.1 2gW94:0.2.0 2gW94:0.1.8 2gW94:0.1.7 2gW94:0.1.6 2gW94:0.1.5 2gW94:0.1.5rc3 2gW94:0.1.5rc2 2gW94:0.1.5rc1 2gW94:0.1.4 2gW94:0.1.3 2gW94:0.1.2 2gW94:0.1.2rc3 2gW94:0.1.2rc2 2gW94:0.1.2rc1 2gW94:0.1.1 2gW94:0.1.0 2gW94:0.0.9 2gW94:0.0.8 2gW94:0.0.7 2gW94:0.0.6 2gW94:0.0.5 2gW94:0.0.4 2gW94:0.0.3 2gW94:0.0.2 2gW94:0.0.1
...
compare: 2gW94:0.1.1
Branches Tags
2gW94:master 2gW94:more-fakes 2gW94:EgorWeders-patch-1 2gW94:quic_block 2gW94:test_windres 2gW94:openvpn 2gW94:windivert2 2gW94:masterv6 2gW94:ipv6 2gW94:windivert-test
2gW94:0.2.3rc3 2gW94:0.2.3rc2 2gW94:0.2.3rc1 2gW94:0.2.2 2gW94:0.2.1 2gW94:0.2.0 2gW94:0.1.8 2gW94:0.1.7 2gW94:0.1.6 2gW94:0.1.5 2gW94:0.1.5rc3 2gW94:0.1.5rc2 2gW94:0.1.5rc1 2gW94:0.1.4 2gW94:0.1.3 2gW94:0.1.2 2gW94:0.1.2rc3 2gW94:0.1.2rc2 2gW94:0.1.2rc1 2gW94:0.1.1 2gW94:0.1.0 2gW94:0.0.9 2gW94:0.0.8 2gW94:0.0.7 2gW94:0.0.6 2gW94:0.0.5 2gW94:0.0.4 2gW94:0.0.3 2gW94:0.0.2 2gW94:0.0.1

7 Commits
0.0.9 ... 0.1.1

Author SHA1 Message Date
ValdikSS
87c354addf Update Makefile 2017-09-07 17:35:57 +03:00
ValdikSS
9fa2956065 Calculate checksums even there's no packet modifications. 2017-09-07 17:35:25 +03:00
ValdikSS
2f0429027d Small refactoring 2017-09-04 22:14:17 +03:00
ValdikSS
feb03c74c8 Print message of HTTP fragmentation > 2 incompatibility. 
We can't reliably distinguish HTTP data from other data on port 80 when fragmentation is used.
HTTP method code has a special case which tries to find HTTP method when fragmentation = 1 or 2 is used,
but not for other values.
 2017-08-28 11:46:59 +03:00
ValdikSS
4c13435ee3 Handle Host header after User-Agent header in the HTTP packet. Fixes #29. 
Most browsers would put Host header as early as they could, but not Microsoft Edge.
 2017-08-28 11:45:05 +03:00
ValdikSS
ee665ee3bd Search for HTTP methods in fragmented packets with Window Size 1 or 2. Fixes #30. 2017-08-28 11:43:55 +03:00
ValdikSS
00e4964e73 Remove webdav HTTP methods. They are rarely used and less probably filtered. 2017-08-28 11:42:30 +03:00
2 changed files with 71 additions and 38 deletions
Expand all files Collapse all files

3
Makefile
View File

@@ -7,7 +7,8 @@ LIBS = -L $(WINDIVERTLIBS) -lWinDivert -lws2_32
CC = $(CPREFIX)-gcc CC = $(CPREFIX)-gcc
CCWINDRES = $(CPREFIX)-windres CCWINDRES = $(CPREFIX)-windres
CFLAGS = -Wall -I $(WINDIVERTHEADERS) -L $(WINDIVERTLIBS) \ CFLAGS = -Wall -I $(WINDIVERTHEADERS) -L $(WINDIVERTLIBS) \
-O2 -fPIE -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2 -O2 -pie -fPIE -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2
LDFLAGS = -pie
.PHONY: default all clean .PHONY: default all clean

88
goodbyedpi.c
View File

@@ -53,15 +53,6 @@ static const char *http_methods[] = {
"DELETE ", "DELETE ",
"CONNECT ", "CONNECT ",
"OPTIONS ", "OPTIONS ",
"TRACE ",
"PATCH ",
"PROPFIND ",
"PROPPATCH ",
"MKCOL ",
"COPY ",
"MOVE ",
"LOCK ",
"UNLOCK ",
}; };
static char* dumb_memmem(const char* haystack, int hlen, const char* needle, int nlen) { static char* dumb_memmem(const char* haystack, int hlen, const char* needle, int nlen) {
@@ -139,11 +130,19 @@ static void change_window_size(const char *pkt, int size) {
} }
/* HTTP method end without trailing space */ /* HTTP method end without trailing space */
static PVOID find_http_method_end(const char *pkt) { static PVOID find_http_method_end(const char *pkt, int offset) {
int i; int i;
for (i = 0; i<(sizeof(http_methods) / sizeof(*http_methods)); i++) { for (i = 0; i<(sizeof(http_methods) / sizeof(*http_methods)); i++) {
if (memcmp(pkt, http_methods[i], strlen(http_methods[i])) == 0) { if (memcmp(pkt, http_methods[i], strlen(http_methods[i])) == 0) {
return (char*)pkt+strlen(http_methods[i]) - 1; return (char*)pkt + strlen(http_methods[i]) - 1;
}
/* Try to find HTTP method in a second part of fragmented packet */
if ((offset == 1 || offset == 2) &&
memcmp(pkt, http_methods[i] + offset,
strlen(http_methods[i]) - offset) == 0
)
{
return (char*)pkt + strlen(http_methods[i]) - offset - 1;
} }
} }
return NULL; return NULL;
@@ -152,7 +151,7 @@ static PVOID find_http_method_end(const char *pkt) {
int main(int argc, char *argv[]) { int main(int argc, char *argv[]) {
static const char fragment_size_message[] = static const char fragment_size_message[] =
"Fragment size should be in range [0 - 65535]\n"; "Fragment size should be in range [0 - 65535]\n";
int i, should_reinject = 0; int i, should_reinject, should_recalc_checksum = 0;
int opt; int opt;
HANDLE w_filter = NULL; HANDLE w_filter = NULL;
WINDIVERT_ADDRESS addr; WINDIVERT_ADDRESS addr;
@@ -249,6 +248,12 @@ int main(int argc, char *argv[]) {
(do_fragment_https ? https_fragment_size : 0), (do_fragment_https ? https_fragment_size : 0),
do_host, do_host_removespace, do_additional_space); do_host, do_host_removespace, do_additional_space);
if (do_fragment_http && http_fragment_size > 2) {
printf("WARNING: HTTP fragmentation values > 2 are not fully compatible "
"with other options. Please use values <= 2 or disable HTTP fragmentation "
"completely.\n");
}
printf("\nOpening filter\n"); printf("\nOpening filter\n");
filter_num = 0; filter_num = 0;
@@ -294,6 +299,7 @@ int main(int argc, char *argv[]) {
//printf("Got %s packet, len=%d!\n", addr.Direction ? "inbound" : "outbound", //printf("Got %s packet, len=%d!\n", addr.Direction ? "inbound" : "outbound",
// packetLen); // packetLen);
should_reinject = 1; should_reinject = 1;
should_recalc_checksum = 0;
if (WinDivertHelperParsePacket(packet, packetLen, &ppIpHdr, if (WinDivertHelperParsePacket(packet, packetLen, &ppIpHdr,
NULL, NULL, NULL, &ppTcpHdr, NULL, &packet_data, &packet_dataLen)) { NULL, NULL, NULL, &ppTcpHdr, NULL, &packet_data, &packet_dataLen)) {
@@ -313,8 +319,10 @@ int main(int argc, char *argv[]) {
/* Handle OUTBOUND packet, search for Host header */ /* Handle OUTBOUND packet, search for Host header */
else if (addr.Direction == WINDIVERT_DIRECTION_OUTBOUND && else if (addr.Direction == WINDIVERT_DIRECTION_OUTBOUND &&
packet_dataLen > 16 && ppTcpHdr->DstPort == htons(80) && packet_dataLen > 16 && ppTcpHdr->DstPort == htons(80) &&
find_http_method_end(packet_data) && find_http_method_end(packet_data,
(do_host || do_host_removespace)) { (do_fragment_http ? http_fragment_size : 0)) &&
(do_host || do_host_removespace))
{
data_addr = find_host_header(packet_data, packet_dataLen); data_addr = find_host_header(packet_data, packet_dataLen);
if (data_addr) { if (data_addr) {
@@ -322,16 +330,19 @@ int main(int argc, char *argv[]) {
if (do_host) { if (do_host) {
/* Replace "Host: " with "hoSt: " */ /* Replace "Host: " with "hoSt: " */
memcpy(data_addr, http_host_replace, strlen(http_host_replace)); memcpy(data_addr, http_host_replace, strlen(http_host_replace));
should_recalc_checksum = 1;
//printf("Replaced Host header!\n"); //printf("Replaced Host header!\n");
} }
if (do_additional_space && do_host_removespace) { if (do_additional_space && do_host_removespace) {
/* End of "Host:" without trailing space */ /* End of "Host:" without trailing space */
host_addr = data_addr + strlen(http_host_find) - 1; host_addr = data_addr + strlen(http_host_find) - 1;
method_addr = find_http_method_end(packet_data); method_addr = find_http_method_end(packet_data,
(do_fragment_http ? http_fragment_size : 0));
if (method_addr) { if (method_addr) {
memmove(method_addr + 1, method_addr, (PVOID)host_addr - (PVOID)method_addr); memmove(method_addr + 1, method_addr, (PVOID)host_addr - (PVOID)method_addr);
should_recalc_checksum = 1;
} }
} }
else if (do_host_removespace) { else if (do_host_removespace) {
@@ -350,9 +361,7 @@ int main(int argc, char *argv[]) {
*/ */
host_len = data_addr_rn - host_addr; host_len = data_addr_rn - host_addr;
useragent_addr = find_useragent_header(packet_data, packet_dataLen); useragent_addr = find_useragent_header(packet_data, packet_dataLen);
if (host_len <= 253 && useragent_addr && useragent_addr > host_addr) { if (host_len <= 253 && useragent_addr) {
/* Performing action only if User-Agent header goes after Host */
useragent_addr += strlen(http_useragent_find); useragent_addr += strlen(http_useragent_find);
/* useragent_addr is in the beginning of User-Agent value */ /* useragent_addr is in the beginning of User-Agent value */
@@ -362,24 +371,40 @@ int main(int argc, char *argv[]) {
/* data_addr_rn is in the end of User-Agent value */ /* data_addr_rn is in the end of User-Agent value */
if (data_addr_rn) { if (data_addr_rn) {
if (useragent_addr > host_addr) {
/* User-Agent goes AFTER Host header */
data_len = (PVOID)data_addr_rn - (PVOID)host_addr; data_len = (PVOID)data_addr_rn - (PVOID)host_addr;
/* Move one byte to the left from "Host:" /* Move one byte to the LEFT from "Host:"
* to the end of User-Agen * to the end of User-Agent
*/ */
memmove(host_addr - 1, host_addr, data_len); memmove(host_addr - 1, host_addr, data_len);
/* Put space in the end of User-Agent header */ /* Put space in the end of User-Agent header */
*(char*)(data_addr_rn - 1) = ' '; *(char*)(data_addr_rn - 1) = ' ';
should_recalc_checksum = 1;
//printf("Replaced Host header!\n"); //printf("Replaced Host header!\n");
} }
} else {
} /* User-Agent goes BEFORE Host header */
} data_len = (PVOID)host_addr - (PVOID)data_addr_rn - 1;
WinDivertHelperCalcChecksums(packet, packetLen, 0); /* Move one byte to the RIGHT from the end of User-Agent
} * to the "Host:"
} */
memmove(data_addr_rn + 1, data_addr_rn, data_len);
/* Put space in the end of User-Agent header */
*(char*)(data_addr_rn) = ' ';
should_recalc_checksum = 1;
//printf("Replaced Host header!\n");
} }
} /* if (dara_addr_rn) */
} /* if (host_len <= 253 && useragent_addr) */
} /* if (data_addr_rn) */
} /* else if (do_host_removespace) */
} /* if (data_addr) */
} /* Handle OUTBOUND packet with data */
} /* Handle packet with data */
/* Else if we got TCP packet without data */ /* Else if we got TCP packet without data */
else if (WinDivertHelperParsePacket(packet, packetLen, &ppIpHdr, else if (WinDivertHelperParsePacket(packet, packetLen, &ppIpHdr,
NULL, NULL, NULL, &ppTcpHdr, NULL, NULL, NULL)) { NULL, NULL, NULL, &ppTcpHdr, NULL, NULL, NULL)) {
@@ -389,17 +414,24 @@ int main(int argc, char *argv[]) {
//printf("Changing Window Size!\n"); //printf("Changing Window Size!\n");
if (do_fragment_http && ppTcpHdr->SrcPort == htons(80)) { if (do_fragment_http && ppTcpHdr->SrcPort == htons(80)) {
change_window_size(packet, http_fragment_size); change_window_size(packet, http_fragment_size);
WinDivertHelperCalcChecksums(packet, packetLen, 0); should_recalc_checksum = 1;
} }
else if (do_fragment_https && ppTcpHdr->SrcPort != htons(80)) { else if (do_fragment_https && ppTcpHdr->SrcPort != htons(80)) {
change_window_size(packet, https_fragment_size); change_window_size(packet, https_fragment_size);
WinDivertHelperCalcChecksums(packet, packetLen, 0); should_recalc_checksum = 1;
} }
} }
} }
if (should_reinject) { if (should_reinject) {
//printf("Re-injecting!\n"); //printf("Re-injecting!\n");
if (should_recalc_checksum) {
WinDivertHelperCalcChecksums(packet, packetLen, 0);
}
else {
WinDivertHelperCalcChecksums(packet, packetLen,
WINDIVERT_HELPER_NO_REPLACE);
}
WinDivertSend(w_filter, packet, packetLen, &addr, NULL); WinDivertSend(w_filter, packet, packetLen, &addr, NULL);
} }
} }