2gW94/GoodbyeDPI
1
0
Fork 0
mirror of https://github.com/ValdikSS/GoodbyeDPI.git synced 2025-12-17 12:54:36 +03:00
Code Issues Actions Packages Projects Releases Wiki Activity

Compare commits

base: 2gW94:0.0.9
Branches Tags
2gW94:master 2gW94:more-fakes 2gW94:EgorWeders-patch-1 2gW94:quic_block 2gW94:test_windres 2gW94:openvpn 2gW94:windivert2 2gW94:masterv6 2gW94:ipv6 2gW94:windivert-test
2gW94:0.2.3rc3 2gW94:0.2.3rc2 2gW94:0.2.3rc1 2gW94:0.2.2 2gW94:0.2.1 2gW94:0.2.0 2gW94:0.1.8 2gW94:0.1.7 2gW94:0.1.6 2gW94:0.1.5 2gW94:0.1.5rc3 2gW94:0.1.5rc2 2gW94:0.1.5rc1 2gW94:0.1.4 2gW94:0.1.3 2gW94:0.1.2 2gW94:0.1.2rc3 2gW94:0.1.2rc2 2gW94:0.1.2rc1 2gW94:0.1.1 2gW94:0.1.0 2gW94:0.0.9 2gW94:0.0.8 2gW94:0.0.7 2gW94:0.0.6 2gW94:0.0.5 2gW94:0.0.4 2gW94:0.0.3 2gW94:0.0.2 2gW94:0.0.1
...
compare: 2gW94:0.1.1
Branches Tags
2gW94:master 2gW94:more-fakes 2gW94:EgorWeders-patch-1 2gW94:quic_block 2gW94:test_windres 2gW94:openvpn 2gW94:windivert2 2gW94:masterv6 2gW94:ipv6 2gW94:windivert-test
2gW94:0.2.3rc3 2gW94:0.2.3rc2 2gW94:0.2.3rc1 2gW94:0.2.2 2gW94:0.2.1 2gW94:0.2.0 2gW94:0.1.8 2gW94:0.1.7 2gW94:0.1.6 2gW94:0.1.5 2gW94:0.1.5rc3 2gW94:0.1.5rc2 2gW94:0.1.5rc1 2gW94:0.1.4 2gW94:0.1.3 2gW94:0.1.2 2gW94:0.1.2rc3 2gW94:0.1.2rc2 2gW94:0.1.2rc1 2gW94:0.1.1 2gW94:0.1.0 2gW94:0.0.9 2gW94:0.0.8 2gW94:0.0.7 2gW94:0.0.6 2gW94:0.0.5 2gW94:0.0.4 2gW94:0.0.3 2gW94:0.0.2 2gW94:0.0.1

7 Commits
0.0.9 ... 0.1.1

Author SHA1 Message Date
ValdikSS
87c354addf Update Makefile 2017-09-07 17:35:57 +03:00
ValdikSS
9fa2956065 Calculate checksums even there's no packet modifications. 2017-09-07 17:35:25 +03:00
ValdikSS
2f0429027d Small refactoring 2017-09-04 22:14:17 +03:00
ValdikSS
feb03c74c8 Print message of HTTP fragmentation > 2 incompatibility. 
We can't reliably distinguish HTTP data from other data on port 80 when fragmentation is used.
HTTP method code has a special case which tries to find HTTP method when fragmentation = 1 or 2 is used,
but not for other values.
 2017-08-28 11:46:59 +03:00
ValdikSS
4c13435ee3 Handle Host header after User-Agent header in the HTTP packet. Fixes #29. 
Most browsers would put Host header as early as they could, but not Microsoft Edge.
 2017-08-28 11:45:05 +03:00
ValdikSS
ee665ee3bd Search for HTTP methods in fragmented packets with Window Size 1 or 2. Fixes #30. 2017-08-28 11:43:55 +03:00
ValdikSS
00e4964e73 Remove webdav HTTP methods. They are rarely used and less probably filtered. 2017-08-28 11:42:30 +03:00
2 changed files with 71 additions and 38 deletions
Expand all files Collapse all files

3
Makefile
View File

@@ -7,7 +7,8 @@ LIBS = -L $(WINDIVERTLIBS) -lWinDivert -lws2_32
CC = $(CPREFIX)-gcc
CCWINDRES = $(CPREFIX)-windres
CFLAGS = -Wall -I $(WINDIVERTHEADERS) -L $(WINDIVERTLIBS) \
-O2 -fPIE -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2
-O2 -pie -fPIE -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2
LDFLAGS = -pie
.PHONY: default all clean

106
goodbyedpi.c
View File

@@ -53,15 +53,6 @@ static const char *http_methods[] = {
"DELETE ",
"CONNECT ",
"OPTIONS ",
"TRACE ",
"PATCH ",
"PROPFIND ",
"PROPPATCH ",
"MKCOL ",
"COPY ",
"MOVE ",
"LOCK ",
"UNLOCK ",
};
static char* dumb_memmem(const char* haystack, int hlen, const char* needle, int nlen) {
@@ -139,11 +130,19 @@ static void change_window_size(const char *pkt, int size) {
}
/* HTTP method end without trailing space */
static PVOID find_http_method_end(const char *pkt) {
static PVOID find_http_method_end(const char *pkt, int offset) {
int i;
for (i = 0; i<(sizeof(http_methods) / sizeof(*http_methods)); i++) {
if (memcmp(pkt, http_methods[i], strlen(http_methods[i])) == 0) {
return (char*)pkt+strlen(http_methods[i]) - 1;
return (char*)pkt + strlen(http_methods[i]) - 1;
}
/* Try to find HTTP method in a second part of fragmented packet */
if ((offset == 1 || offset == 2) &&
memcmp(pkt, http_methods[i] + offset,
strlen(http_methods[i]) - offset) == 0
)
{
return (char*)pkt + strlen(http_methods[i]) - offset - 1;
}
}
return NULL;
@@ -152,7 +151,7 @@ static PVOID find_http_method_end(const char *pkt) {
int main(int argc, char *argv[]) {
static const char fragment_size_message[] =
"Fragment size should be in range [0 - 65535]\n";
int i, should_reinject = 0;
int i, should_reinject, should_recalc_checksum = 0;
int opt;
HANDLE w_filter = NULL;
WINDIVERT_ADDRESS addr;
@@ -249,6 +248,12 @@ int main(int argc, char *argv[]) {
(do_fragment_https ? https_fragment_size : 0),
do_host, do_host_removespace, do_additional_space);
if (do_fragment_http && http_fragment_size > 2) {
printf("WARNING: HTTP fragmentation values > 2 are not fully compatible "
"with other options. Please use values <= 2 or disable HTTP fragmentation "
"completely.\n");
}
printf("\nOpening filter\n");
filter_num = 0;
@@ -294,6 +299,7 @@ int main(int argc, char *argv[]) {
//printf("Got %s packet, len=%d!\n", addr.Direction ? "inbound" : "outbound",
// packetLen);
should_reinject = 1;
should_recalc_checksum = 0;
if (WinDivertHelperParsePacket(packet, packetLen, &ppIpHdr,
NULL, NULL, NULL, &ppTcpHdr, NULL, &packet_data, &packet_dataLen)) {
@@ -313,8 +319,10 @@ int main(int argc, char *argv[]) {
/* Handle OUTBOUND packet, search for Host header */
else if (addr.Direction == WINDIVERT_DIRECTION_OUTBOUND &&
packet_dataLen > 16 && ppTcpHdr->DstPort == htons(80) &&
find_http_method_end(packet_data) &&
(do_host || do_host_removespace)) {
find_http_method_end(packet_data,
(do_fragment_http ? http_fragment_size : 0)) &&
(do_host || do_host_removespace))
{
data_addr = find_host_header(packet_data, packet_dataLen);
if (data_addr) {
@@ -322,16 +330,19 @@ int main(int argc, char *argv[]) {
if (do_host) {
/* Replace "Host: " with "hoSt: " */
memcpy(data_addr, http_host_replace, strlen(http_host_replace));
should_recalc_checksum = 1;
//printf("Replaced Host header!\n");
}
if (do_additional_space && do_host_removespace) {
/* End of "Host:" without trailing space */
host_addr = data_addr + strlen(http_host_find) - 1;
method_addr = find_http_method_end(packet_data);
method_addr = find_http_method_end(packet_data,
(do_fragment_http ? http_fragment_size : 0));
if (method_addr) {
memmove(method_addr + 1, method_addr, (PVOID)host_addr - (PVOID)method_addr);
should_recalc_checksum = 1;
}
}
else if (do_host_removespace) {
@@ -350,36 +361,50 @@ int main(int argc, char *argv[]) {
*/
host_len = data_addr_rn - host_addr;
useragent_addr = find_useragent_header(packet_data, packet_dataLen);
if (host_len <= 253 && useragent_addr && useragent_addr > host_addr) {
/* Performing action only if User-Agent header goes after Host */
if (host_len <= 253 && useragent_addr) {
useragent_addr += strlen(http_useragent_find);
/* useragent_addr is in the beginning of User-Agent value */
data_len = packet_dataLen - ((PVOID)useragent_addr - packet_data);
data_addr_rn = dumb_memmem(useragent_addr,
data_len, "\r\n", 2);
data_len, "\r\n", 2);
/* data_addr_rn is in the end of User-Agent value */
if (data_addr_rn) {
data_len = (PVOID)data_addr_rn - (PVOID)host_addr;
if (useragent_addr > host_addr) {
/* User-Agent goes AFTER Host header */
data_len = (PVOID)data_addr_rn - (PVOID)host_addr;
/* Move one byte to the left from "Host:"
* to the end of User-Agen
*/
memmove(host_addr - 1, host_addr, data_len);
/* Put space in the end of User-Agent header */
*(char*)(data_addr_rn - 1) = ' ';
//printf("Replaced Host header!\n");
}
}
}
}
/* Move one byte to the LEFT from "Host:"
* to the end of User-Agent
*/
memmove(host_addr - 1, host_addr, data_len);
/* Put space in the end of User-Agent header */
*(char*)(data_addr_rn - 1) = ' ';
should_recalc_checksum = 1;
//printf("Replaced Host header!\n");
}
else {
/* User-Agent goes BEFORE Host header */
data_len = (PVOID)host_addr - (PVOID)data_addr_rn - 1;
/* Move one byte to the RIGHT from the end of User-Agent
* to the "Host:"
*/
memmove(data_addr_rn + 1, data_addr_rn, data_len);
/* Put space in the end of User-Agent header */
*(char*)(data_addr_rn) = ' ';
should_recalc_checksum = 1;
//printf("Replaced Host header!\n");
}
} /* if (dara_addr_rn) */
} /* if (host_len <= 253 && useragent_addr) */
} /* if (data_addr_rn) */
} /* else if (do_host_removespace) */
} /* if (data_addr) */
} /* Handle OUTBOUND packet with data */
} /* Handle packet with data */
WinDivertHelperCalcChecksums(packet, packetLen, 0);
}
}
}
/* Else if we got TCP packet without data */
else if (WinDivertHelperParsePacket(packet, packetLen, &ppIpHdr,
NULL, NULL, NULL, &ppTcpHdr, NULL, NULL, NULL)) {
@@ -389,17 +414,24 @@ int main(int argc, char *argv[]) {
//printf("Changing Window Size!\n");
if (do_fragment_http && ppTcpHdr->SrcPort == htons(80)) {
change_window_size(packet, http_fragment_size);
WinDivertHelperCalcChecksums(packet, packetLen, 0);
should_recalc_checksum = 1;
}
else if (do_fragment_https && ppTcpHdr->SrcPort != htons(80)) {
change_window_size(packet, https_fragment_size);
WinDivertHelperCalcChecksums(packet, packetLen, 0);
should_recalc_checksum = 1;
}
}
}
if (should_reinject) {
//printf("Re-injecting!\n");
if (should_recalc_checksum) {
WinDivertHelperCalcChecksums(packet, packetLen, 0);
}
else {
WinDivertHelperCalcChecksums(packet, packetLen,
WINDIVERT_HELPER_NO_REPLACE);
}
WinDivertSend(w_filter, packet, packetLen, &addr, NULL);
}
}