gsd
/
GoodbyeDPI
mirror of https://github.com/ValdikSS/GoodbyeDPI
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Merge d9955d78aa into f593a276f9

pull/843/merge
Tarık 2 weeks ago
committed by GitHub
parent
f593a276f9 d9955d78aa
commit
41adc659af
No known key found for this signature in database GPG Key ID: B5690EEEBB952194
4 changed files with 93 additions and 30 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 3
      README.md
  2. 52
      src/blackwhitelist.c
  3. 6
      src/blackwhitelist.h
  4. 62
      src/goodbyedpi.c

3
README.md
View File

@ -45,6 +45,9 @@ Usage: goodbyedpi.exe [OPTION...]
--blacklist <txtfile> perform circumvention tricks only to host names and subdomains from
supplied text file (HTTP Host/TLS SNI).
This option can be supplied multiple times.
--whitelist <txtfile> do not perform circumvention tricks to host names and subdomains from
supplied text file.
This option can be supplied multiple times.
--allow-no-sni perform circumvention if TLS SNI can't be detected with --blacklist enabled.
--frag-by-sni if SNI is detected in TLS packet, fragment the packet right before SNI value.
--set-ttl <value> activate Fake Request Mode and send it with supplied TTL value.

52
src/blackwhitelist.c
View File

@ -1,5 +1,5 @@
/*
* Blacklist for GoodbyeDPI HTTP DPI circumvention tricks
* Blacklist and whitelist for GoodbyeDPI HTTP DPI circumvention tricks
*
* This is a simple domain hash table.
* Domain records are added from a text file, where every
@ -16,13 +16,14 @@ typedef struct blackwhitelist_record {
UT_hash_handle hh; /* makes this structure hashable */
} blackwhitelist_record_t;
static blackwhitelist_record_t *blackwhitelist = NULL;
static blackwhitelist_record_t *blacklist = NULL;
static blackwhitelist_record_t *whitelist = NULL;
static int check_get_hostname(const char *host) {
static int check_get_hostname(const char *host, blackwhitelist_record_t **list) {
blackwhitelist_record_t *tmp_record = NULL;
if (!blackwhitelist) return FALSE;
if (!*list) return FALSE;
HASH_FIND_STR(blackwhitelist, host, tmp_record);
HASH_FIND_STR(*list, host, tmp_record);
if (tmp_record) {
debug("check_get_hostname found host\n");
return TRUE;
@ -31,17 +32,17 @@ static int check_get_hostname(const char *host) {
return FALSE;
}
static int add_hostname(const char *host) {
static int add_hostname(const char *host, blackwhitelist_record_t **list) {
if (!host)
return FALSE;
blackwhitelist_record_t *tmp_record = malloc(sizeof(blackwhitelist_record_t));
char *host_c = NULL;
if (!check_get_hostname(host)) {
if (!check_get_hostname(host, list)) {
host_c = strdup(host);
tmp_record->host = host_c;
HASH_ADD_KEYPTR(hh, blackwhitelist, tmp_record->host,
HASH_ADD_KEYPTR(hh, *list, tmp_record->host,
strlen(tmp_record->host), tmp_record);
debug("Added host %s\n", host_c);
return TRUE;
@ -53,7 +54,7 @@ static int add_hostname(const char *host) {
return FALSE;
}
int blackwhitelist_load_list(const char *filename) {
static int blackwhitelist_load_list(const char *filename, blackwhitelist_record_t **list) {
char *line = malloc(HOST_MAXLEN + 1);
size_t linelen = HOST_MAXLEN + 1;
int cnt = 0;
@ -70,21 +71,32 @@ int blackwhitelist_load_list(const char *filename) {
line);
continue;
}
if (strlen(line) < 2) {
printf("WARNING: host %s is less than 2 characters, skipping\n", line);
if (strlen(line) < 3) {
printf("WARNING: host %s is less than 3 bytes, skipping\n", line);
continue;
}
if (add_hostname(line))
if (add_hostname(line, list))
cnt++;
}
free(line);
if (!blackwhitelist) return FALSE;
if (!*list) {
fclose(fp);
return FALSE;
}
printf("Loaded %d hosts from file %s\n", cnt, filename);
fclose(fp);
return TRUE;
}
int blackwhitelist_check_hostname(const char *host_addr, size_t host_len) {
int blackwhitelist_load_blacklist(const char *filename) {
return blackwhitelist_load_list(filename, &blacklist);
}
int blackwhitelist_load_whitelist(const char *filename) {
return blackwhitelist_load_list(filename, &whitelist);
}
static int blackwhitelist_check_hostname(const char *host_addr, size_t host_len, blackwhitelist_record_t **list) {
char current_host[HOST_MAXLEN + 1];
char *tokenized_host = NULL;
@ -94,12 +106,12 @@ int blackwhitelist_check_hostname(const char *host_addr, size_t host_len) {
current_host[host_len] = '\0';
}
if (check_get_hostname(current_host))
if (check_get_hostname(current_host, list))
return TRUE;
tokenized_host = strchr(current_host, '.');
while (tokenized_host != NULL && tokenized_host < (current_host + HOST_MAXLEN)) {
if (check_get_hostname(tokenized_host + 1))
if (strchr(tokenized_host + 1, '.') && check_get_hostname(tokenized_host + 1, list))
return TRUE;
tokenized_host = strchr(tokenized_host + 1, '.');
}
@ -107,3 +119,11 @@ int blackwhitelist_check_hostname(const char *host_addr, size_t host_len) {
debug("____blackwhitelist_check_hostname FALSE: host %s\n", current_host);
return FALSE;
}
int blackwhitelist_check_hostname_blacklist(const char *host_addr, size_t host_len) {
return blackwhitelist_check_hostname(host_addr, host_len, &blacklist);
}
int blackwhitelist_check_hostname_whitelist(const char *host_addr, size_t host_len) {
return blackwhitelist_check_hostname(host_addr, host_len, &whitelist);
}

6
src/blackwhitelist.h
View File

@ -1,2 +1,4 @@
int blackwhitelist_load_list(const char *filename);
int blackwhitelist_check_hostname(const char *host_addr, size_t host_len);
int blackwhitelist_load_blacklist(const char *filename);
int blackwhitelist_load_whitelist(const char *filename);
int blackwhitelist_check_hostname_blacklist(const char *host_addr, size_t host_len);
int blackwhitelist_check_hostname_whitelist(const char *host_addr, size_t host_len);

62
src/goodbyedpi.c
View File

@ -177,6 +177,7 @@ static struct option long_options[] = {
{"dnsv6-port", required_argument, 0, '@' },
{"dns-verb", no_argument, 0, 'v' },
{"blacklist", required_argument, 0, 'b' },
{"whitelist", required_argument, 0, 'W' },
{"allow-no-sni",no_argument, 0, ']' },
{"frag-by-sni", no_argument, 0, '>' },
{"ip-id", required_argument, 0, 'i' },
@ -266,6 +267,36 @@ static void finalize_filter_strings() {
filter_passive_string = newstr;
}
static int host_is_circumvented(int do_blacklist, int do_whitelist, int do_allow_no_sni,
int sni_ok, const char *host_addr, size_t host_len) {
int host_blacklisted = 1;
int host_whitelisted = 0;
if (do_blacklist || do_whitelist) {
if (sni_ok) {
if (do_blacklist)
host_blacklisted = blackwhitelist_check_hostname_blacklist(host_addr, host_len);
if (do_whitelist)
host_whitelisted = blackwhitelist_check_hostname_whitelist(host_addr, host_len);
} else {
host_blacklisted = 0;
}
if (do_blacklist) {
if (!sni_ok)
return do_allow_no_sni;
return host_blacklisted && !host_whitelisted;
}
if (!sni_ok)
return 0;
return !host_whitelisted;
}
return 1;
}
static char* dumb_memmem(const char* haystack, unsigned int hlen,
const char* needle, unsigned int nlen)
{
@ -610,7 +641,8 @@ int main(int argc, char *argv[]) {
do_http_allports = 0,
do_host_mixedcase = 0,
do_dnsv4_redirect = 0, do_dnsv6_redirect = 0,
do_dns_verb = 0, do_tcp_verb = 0, do_blacklist = 0,
do_dns_verb = 0, do_tcp_verb = 0,
do_blacklist = 0, do_whitelist = 0,
do_allow_no_sni = 0,
do_fragment_by_sni = 0,
do_fake_packet = 0,
@ -686,7 +718,7 @@ int main(int argc, char *argv[]) {
max_payload_size = 1200;
}
while ((opt = getopt_long(argc, argv, "123456789pqrsaf:e:mwk:n", long_options, NULL)) != -1) {
while ((opt = getopt_long(argc, argv, "123456789pqrsaf:e:mwk:nW", long_options, NULL)) != -1) {
switch (opt) {
case '1':
do_passivedpi = do_host = do_host_removespace \
@ -863,11 +895,18 @@ int main(int argc, char *argv[]) {
break;
case 'b': // --blacklist
do_blacklist = 1;
if (!blackwhitelist_load_list(optarg)) {
if (!blackwhitelist_load_blacklist(optarg)) {
printf("Can't load blacklist from file!\n");
exit(ERROR_BLACKLIST_LOAD);
}
break;
case 'W': // --whitelist
do_whitelist = 1;
if (!blackwhitelist_load_whitelist(optarg)) {
printf("Can't load whitelist from file!\n");
exit(ERROR_BLACKLIST_LOAD);
}
break;
case ']': // --allow-no-sni
do_allow_no_sni = 1;
break;
@ -994,6 +1033,9 @@ int main(int argc, char *argv[]) {
" --blacklist <txtfile> perform circumvention tricks only to host names and subdomains from\n"
" supplied text file (HTTP Host/TLS SNI).\n"
" This option can be supplied multiple times.\n"
" --whitelist <txtfile> do not perform circumvention tricks to host names and subdomains from\n"
" supplied text file.\n"
" This option can be supplied multiple times.\n"
" --allow-no-sni perform circumvention if TLS SNI can't be detected with --blacklist enabled.\n"
" --frag-by-sni if SNI is detected in TLS packet, fragment the packet right before SNI value.\n"
" --set-ttl <value> activate Fake Request Mode and send it with supplied TTL value.\n"
@ -1264,17 +1306,12 @@ int main(int argc, char *argv[]) {
if ((packet_dataLen == 2 && memcmp(packet_data, "\x16\x03", 2) == 0) ||
(packet_dataLen >= 3 && ( memcmp(packet_data, "\x16\x03\x01", 3) == 0 || memcmp(packet_data, "\x16\x03\x03", 3) == 0 )))
{
if (do_blacklist || do_fragment_by_sni) {
if (do_blacklist || do_whitelist || do_fragment_by_sni) {
sni_ok = extract_sni(packet_data, packet_dataLen,
&host_addr, &host_len);
}
if (
(do_blacklist && sni_ok &&
blackwhitelist_check_hostname(host_addr, host_len)
) ||
(do_blacklist && !sni_ok && do_allow_no_sni) ||
(!do_blacklist)
)
if (host_is_circumvented(do_blacklist, do_whitelist, do_allow_no_sni,
sni_ok, host_addr, host_len))
{
#ifdef DEBUG
char lsni[HOST_MAXLEN + 1] = {0};
@ -1309,7 +1346,8 @@ int main(int argc, char *argv[]) {
if (find_header_and_get_info(packet_data, packet_dataLen,
http_host_find, &hdr_name_addr, &hdr_value_addr, &hdr_value_len) &&
hdr_value_len > 0 && hdr_value_len <= HOST_MAXLEN &&
(do_blacklist ? blackwhitelist_check_hostname(hdr_value_addr, hdr_value_len) : 1))
host_is_circumvented(do_blacklist, do_whitelist, 1,
1, hdr_value_addr, hdr_value_len))
{
host_addr = hdr_value_addr;
host_len = hdr_value_len;

Write Preview
Loading…
Cancel
Save