gsd
/
GoodbyeDPI
mirror of https://github.com/ValdikSS/GoodbyeDPI
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Merge a650e55ffe into 4c846c712d

pull/305/merge
jimraynor2470 1 year ago
committed by GitHub
parent
4c846c712d a650e55ffe
commit
a96fd70ecc
No known key found for this signature in database GPG Key ID: B5690EEEBB952194
4 changed files with 58 additions and 22 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 3
      README.md
  2. 43
      src/blackwhitelist.c
  3. 6
      src/blackwhitelist.h
  4. 28
      src/goodbyedpi.c

3
README.md
View File

@ -42,6 +42,9 @@ Usage: goodbyedpi.exe [OPTION...]
--blacklist <txtfile> perform circumvention tricks only to host names and subdomains from --blacklist <txtfile> perform circumvention tricks only to host names and subdomains from
supplied text file (HTTP Host/TLS SNI). supplied text file (HTTP Host/TLS SNI).
This option can be supplied multiple times. This option can be supplied multiple times.
--whitelist <txtfile> does not perform circumvention tricks to host names and subdomains from
supplied text file.
This option can be supplied multiple times.
--allow-no-sni perform circumvention if TLS SNI can't be detected with --blacklist enabled. --allow-no-sni perform circumvention if TLS SNI can't be detected with --blacklist enabled.
--set-ttl <value> activate Fake Request Mode and send it with supplied TTL value. --set-ttl <value> activate Fake Request Mode and send it with supplied TTL value.
DANGEROUS! May break websites in unexpected ways. Use with care (or --blacklist). DANGEROUS! May break websites in unexpected ways. Use with care (or --blacklist).

43
src/blackwhitelist.c
View File

@ -16,13 +16,14 @@ typedef struct blackwhitelist_record {
UT_hash_handle hh; /* makes this structure hashable */ UT_hash_handle hh; /* makes this structure hashable */
} blackwhitelist_record_t; } blackwhitelist_record_t;
static blackwhitelist_record_t *blackwhitelist = NULL; static blackwhitelist_record_t *blacklist = NULL;
static blackwhitelist_record_t *whitelist = NULL;
static int check_get_hostname(const char *host) { static int check_get_hostname(const char *host, blackwhitelist_record_t **list) {
blackwhitelist_record_t *tmp_record = NULL; blackwhitelist_record_t *tmp_record = NULL;
if (!blackwhitelist) return FALSE; if (!*list) return FALSE;
HASH_FIND_STR(blackwhitelist, host, tmp_record); HASH_FIND_STR(*list, host, tmp_record);
if (tmp_record) { if (tmp_record) {
debug("check_get_hostname found host\n"); debug("check_get_hostname found host\n");
return TRUE; return TRUE;
@ -31,17 +32,17 @@ static int check_get_hostname(const char *host) {
return FALSE; return FALSE;
} }
static int add_hostname(const char *host) { static int add_hostname(const char *host, blackwhitelist_record_t **list) {
if (!host) if (!host)
return FALSE; return FALSE;
blackwhitelist_record_t *tmp_record = malloc(sizeof(blackwhitelist_record_t)); blackwhitelist_record_t *tmp_record = malloc(sizeof(blackwhitelist_record_t));
char *host_c = NULL; char *host_c = NULL;
if (!check_get_hostname(host)) { if (!check_get_hostname(host, list)) {
host_c = strdup(host); host_c = strdup(host);
tmp_record->host = host_c; tmp_record->host = host_c;
HASH_ADD_KEYPTR(hh, blackwhitelist, tmp_record->host, HASH_ADD_KEYPTR(hh, *list, tmp_record->host,
strlen(tmp_record->host), tmp_record); strlen(tmp_record->host), tmp_record);
debug("Added host %s\n", host_c); debug("Added host %s\n", host_c);
return TRUE; return TRUE;
@ -53,7 +54,7 @@ static int add_hostname(const char *host) {
return FALSE; return FALSE;
} }
int blackwhitelist_load_list(const char *filename) { static int blackwhitelist_load_list(const char *filename, blackwhitelist_record_t **list) {
char *line = malloc(HOST_MAXLEN + 1); char *line = malloc(HOST_MAXLEN + 1);
size_t linelen = HOST_MAXLEN + 1; size_t linelen = HOST_MAXLEN + 1;
int cnt = 0; int cnt = 0;
@ -74,17 +75,25 @@ int blackwhitelist_load_list(const char *filename) {
printf("WARNING: host %s is less than 3 bytes, skipping\n", line); printf("WARNING: host %s is less than 3 bytes, skipping\n", line);
continue; continue;
} }
if (add_hostname(line)) if (add_hostname(line, list))
cnt++; cnt++;
} }
free(line); free(line);
if (!blackwhitelist) return FALSE; if (!*list) return FALSE;
printf("Loaded %d hosts from file %s\n", cnt, filename); printf("Loaded %d hosts from file %s\n", cnt, filename);
fclose(fp); fclose(fp);
return TRUE; return TRUE;
} }
int blackwhitelist_check_hostname(const char *host_addr, size_t host_len) { int blackwhitelist_load_blacklist(const char *filename) {
return blackwhitelist_load_list(filename, &blacklist);
}
int blackwhitelist_load_whitelist(const char *filename) {
return blackwhitelist_load_list(filename, &whitelist);
}
static int blackwhitelist_check_hostname(const char *host_addr, size_t host_len, blackwhitelist_record_t **list) {
char current_host[HOST_MAXLEN + 1]; char current_host[HOST_MAXLEN + 1];
char *tokenized_host = NULL; char *tokenized_host = NULL;
@ -94,13 +103,13 @@ int blackwhitelist_check_hostname(const char *host_addr, size_t host_len) {
current_host[host_len] = '\0'; current_host[host_len] = '\0';
} }
if (check_get_hostname(current_host)) if (check_get_hostname(current_host, list))
return TRUE; return TRUE;
tokenized_host = strchr(current_host, '.'); tokenized_host = strchr(current_host, '.');
while (tokenized_host != NULL && tokenized_host < (current_host + HOST_MAXLEN)) { while (tokenized_host != NULL && tokenized_host < (current_host + HOST_MAXLEN)) {
/* Search hostname only if there is next token */ /* Search hostname only if there is next token */
if (strchr(tokenized_host + 1, '.') && check_get_hostname(tokenized_host + 1)) if (strchr(tokenized_host + 1, '.') && check_get_hostname(tokenized_host + 1, list))
return TRUE; return TRUE;
tokenized_host = strchr(tokenized_host + 1, '.'); tokenized_host = strchr(tokenized_host + 1, '.');
} }
@ -108,3 +117,11 @@ int blackwhitelist_check_hostname(const char *host_addr, size_t host_len) {
debug("____blackwhitelist_check_hostname FALSE: host %s\n", current_host); debug("____blackwhitelist_check_hostname FALSE: host %s\n", current_host);
return FALSE; return FALSE;
} }
int blackwhitelist_check_hostname_blacklist(const char *host_addr, size_t host_len) {
return blackwhitelist_check_hostname(host_addr, host_len, &blacklist);
}
int blackwhitelist_check_hostname_whitelist(const char *host_addr, size_t host_len) {
return blackwhitelist_check_hostname(host_addr, host_len, &whitelist);
}

6
src/blackwhitelist.h
View File

@ -1,2 +1,4 @@
int blackwhitelist_load_list(const char *filename); int blackwhitelist_load_blacklist(const char *filename);
int blackwhitelist_check_hostname(const char *host_addr, size_t host_len); int blackwhitelist_load_whitelist(const char *filename);
int blackwhitelist_check_hostname_blacklist(const char *host_addr, size_t host_len);
int blackwhitelist_check_hostname_whitelist(const char *host_addr, size_t host_len);

28
src/goodbyedpi.c
View File

@ -161,6 +161,7 @@ static struct option long_options[] = {
{"dnsv6-port", required_argument, 0, '@' }, {"dnsv6-port", required_argument, 0, '@' },
{"dns-verb", no_argument, 0, 'v' }, {"dns-verb", no_argument, 0, 'v' },
{"blacklist", required_argument, 0, 'b' }, {"blacklist", required_argument, 0, 'b' },
{"whitelist", required_argument, 0, 't' },
{"allow-no-sni",no_argument, 0, ']' }, {"allow-no-sni",no_argument, 0, ']' },
{"ip-id", required_argument, 0, 'i' }, {"ip-id", required_argument, 0, 'i' },
{"set-ttl", required_argument, 0, '$' }, {"set-ttl", required_argument, 0, '$' },
@ -566,7 +567,8 @@ int main(int argc, char *argv[]) {
do_http_allports = 0, do_http_allports = 0,
do_host_mixedcase = 0, do_host_mixedcase = 0,
do_dnsv4_redirect = 0, do_dnsv6_redirect = 0, do_dnsv4_redirect = 0, do_dnsv6_redirect = 0,
do_dns_verb = 0, do_tcp_verb = 0, do_blacklist = 0, do_dns_verb = 0, do_tcp_verb = 0,
do_blacklist = 0, do_whitelist = 0,
do_allow_no_sni = 0, do_allow_no_sni = 0,
do_fake_packet = 0, do_fake_packet = 0,
do_auto_ttl = 0, do_auto_ttl = 0,
@ -798,11 +800,18 @@ int main(int argc, char *argv[]) {
break; break;
case 'b': // --blacklist case 'b': // --blacklist
do_blacklist = 1; do_blacklist = 1;
if (!blackwhitelist_load_list(optarg)) { if (!blackwhitelist_load_blacklist(optarg)) {
printf("Can't load blacklist from file!\n"); printf("Can't load blacklist from file!\n");
exit(EXIT_FAILURE); exit(EXIT_FAILURE);
} }
break; break;
case 't': // --whitelist
do_whitelist = 1;
if (!blackwhitelist_load_whitelist(optarg)) {
printf("Can't load whitelist from file!\n");
exit(EXIT_FAILURE);
}
break;
case ']': // --allow-no-sni case ']': // --allow-no-sni
do_allow_no_sni = 1; do_allow_no_sni = 1;
break; break;
@ -898,6 +907,9 @@ int main(int argc, char *argv[]) {
" --blacklist <txtfile> perform circumvention tricks only to host names and subdomains from\n" " --blacklist <txtfile> perform circumvention tricks only to host names and subdomains from\n"
" supplied text file (HTTP Host/TLS SNI).\n" " supplied text file (HTTP Host/TLS SNI).\n"
" This option can be supplied multiple times.\n" " This option can be supplied multiple times.\n"
" --whitelist <txtfile> does not perform circumvention tricks to host names and subdomains from\n"
" supplied text file.\n"
" This option can be supplied multiple times.\n"
" --allow-no-sni perform circumvention if TLS SNI can't be detected with --blacklist enabled.\n" " --allow-no-sni perform circumvention if TLS SNI can't be detected with --blacklist enabled.\n"
" --set-ttl <value> activate Fake Request Mode and send it with supplied TTL value.\n" " --set-ttl <value> activate Fake Request Mode and send it with supplied TTL value.\n"
" DANGEROUS! May break websites in unexpected ways. Use with care (or --blacklist).\n" " DANGEROUS! May break websites in unexpected ways. Use with care (or --blacklist).\n"
@ -1131,16 +1143,17 @@ int main(int argc, char *argv[]) {
if ((packet_dataLen == 2 && memcmp(packet_data, "\x16\x03", 2) == 0) || if ((packet_dataLen == 2 && memcmp(packet_data, "\x16\x03", 2) == 0) ||
(packet_dataLen >= 3 && ( memcmp(packet_data, "\x16\x03\x01", 3) == 0 || memcmp(packet_data, "\x16\x03\x03", 3) == 0 ))) (packet_dataLen >= 3 && ( memcmp(packet_data, "\x16\x03\x01", 3) == 0 || memcmp(packet_data, "\x16\x03\x03", 3) == 0 )))
{ {
if (do_blacklist) { if (do_blacklist || do_whitelist) {
sni_ok = extract_sni(packet_data, packet_dataLen, sni_ok = extract_sni(packet_data, packet_dataLen,
&host_addr, &host_len); &host_addr, &host_len);
} }
if ( if (
(do_blacklist && sni_ok && ((do_blacklist && sni_ok &&
blackwhitelist_check_hostname(host_addr, host_len) blackwhitelist_check_hostname_blacklist(host_addr, host_len)
) || ) ||
(do_blacklist && !sni_ok && do_allow_no_sni) || (do_blacklist && !sni_ok && do_allow_no_sni) ||
(!do_blacklist) (!do_blacklist)) &&
(do_whitelist ? !blackwhitelist_check_hostname_whitelist(host_addr, host_len) : 1)
) )
{ {
#ifdef DEBUG #ifdef DEBUG
@ -1176,7 +1189,8 @@ int main(int argc, char *argv[]) {
if (find_header_and_get_info(packet_data, packet_dataLen, if (find_header_and_get_info(packet_data, packet_dataLen,
http_host_find, &hdr_name_addr, &hdr_value_addr, &hdr_value_len) && http_host_find, &hdr_name_addr, &hdr_value_addr, &hdr_value_len) &&
hdr_value_len > 0 && hdr_value_len <= HOST_MAXLEN && hdr_value_len > 0 && hdr_value_len <= HOST_MAXLEN &&
(do_blacklist ? blackwhitelist_check_hostname(hdr_value_addr, hdr_value_len) : 1)) (do_blacklist ? blackwhitelist_check_hostname_blacklist(hdr_value_addr, hdr_value_len) : 1) &&
(do_whitelist ? !blackwhitelist_check_hostname_whitelist(hdr_value_addr, hdr_value_len) : 1))
{ {
host_addr = hdr_value_addr; host_addr = hdr_value_addr;
host_len = hdr_value_len; host_len = hdr_value_len;

Write Preview
Loading…
Cancel
Save