diff --git a/docs/readme.en.md b/docs/readme.en.md index 9d4bde57..a5a57eb7 100644 --- a/docs/readme.en.md +++ b/docs/readme.en.md @@ -180,7 +180,7 @@ nfqws takes the following parameters: --dup-badack-increment= ; badseq fooling ackseq signed increment for dup. default -66000 --dup-start=[n|d|s]N ; apply dup to packet numbers (n, default), data packet numbers (d), relative sequence (s) greater or equal than N --dup-cutoff=[n|d|s]N ; apply dup to packet numbers (n, default), data packet numbers (d), relative sequence (s) less than N - --dpi-desync=[,][,] ; try to desync dpi state. modes : synack fake fakeknown rst rstack hopbyhop destopt ipfrag1 multisplit multidisorder fakedsplit fakeddisorder ipfrag2 udplen tamper + --dpi-desync=[,][,] ; try to desync dpi state. modes : synack fake fakeknown rst rstack hopbyhop destopt ipfrag1 multisplit multidisorder fakedsplit hostfakesplit fakeddisorder ipfrag2 udplen tamper --dpi-desync-fwmark= ; override fwmark for desync packet. default = 0x40000000 (1073741824) --dpi-desync-ttl= ; set ttl for desync packet --dpi-desync-ttl6= ; set ipv6 hop limit for desync packet. by default ttl value is used. @@ -196,6 +196,7 @@ nfqws takes the following parameters: --dpi-desync-split-seqovl=N|-N|marker+N|marker-N ; use sequence overlap before first sent original split segment --dpi-desync-split-seqovl-pattern=|0xHEX ; pattern for the fake part of overlap --dpi-desync-fakedsplit-pattern=|0xHEX ; fake pattern for fakedsplit/fakeddisorder + --dpi-desync-hostfakesplit-midhost=marker+N|marker-N ; additionally split real hostname at specified marker. must be within host..endhost or won't be splitted. --dpi-desync-ipfrag-pos-tcp=<8..9216> ; ip frag position starting from the transport header. multiple of 8, default 8. --dpi-desync-ipfrag-pos-udp=<8..9216> ; ip frag position starting from the transport header. multiple of 8, default 32. --dpi-desync-ts-increment= ; ts fooling TSval signed increment. default -600000 @@ -344,6 +345,7 @@ Example : `--dpi-desync-fake-tls=iana_org.bin --dpi-desync-fake-tls-mod=rndsni - * `multisplit`. split request at specified in `--dpi-desync-split-pos` positions * `multidisorder`. same as `multisplit` but send in reverse order * `fakedsplit`. split request into 2 segments adding fakes in the middle of them : fake 1st segment, 1st segment, fake 1st segment, fake 2nd segment, 2nd segment, fake 2nd segment + * `hostfakesplit`. fake host part of the request : before host, random fake host, real host (optinally split this part), random fake host repeat, after host * `fakeddisorder`. same as `fakedsplit` but with another order : fake 2nd segment, 2nd segment, fake 2nd segment, fake 1st segment, 1st segment, fake 1st segment Positions are defined by markers. @@ -373,6 +375,12 @@ First relative markers are searched. If no suitable found absolute markers are s For example, `--dpi-desync-split-pos=method+2,midsld,5` means `method+2` for http, `midsld` for TLS and 5 for others. +`hostfakesplit` only fakes hostname part of the request making it hard to destinguish between real and fake host names. +It works for tcp protocols with host : TLS and HTTP. Real hostname can be additionally split using `--dpi-desync-hostfakesplit-midhost` marker. +For example, `--dpi-desync-hostfakesplit-midhost=midsld`. Position must be within host range or split won't happen. +Multi-packet queries are supported if hostname part is not already split. If it is fooling is cancelled. +Fake host names are generated randomly on the fly using `[0-9a-z]` pattern. If host length is >= 7 dot is placed to simulate 3-char TLD. + ### Sequence numbers overlap `seqovl` adds to one of the original segment `seqovl` bytes to the beginning and decreases sequence number. For `split` - to the first segment, for `disorder` - to the beginning of the penultimate segment sent (second in the original sequence). diff --git a/docs/readme.md b/docs/readme.md index aa637373..db9dff93 100644 --- a/docs/readme.md +++ b/docs/readme.md @@ -417,7 +417,7 @@ dvtws, собираемый из тех же исходников (см. [док поскольку будет превышение MTU из-за md5 tcp option. Режим 'hostfakesplit' имеет задачу минимального вмешательства фейком - как раз по той части запроса, на основании которой DPI принимает решение о блокировке. Конкретно - имени хоста. -Фейк хоста генерируется каждый раз случайно из набора `[a-z,0-9]`. При длине более 7 символов за 3 символа до конца ставится точка, имитируя TLD. +Фейк хоста генерируется каждый раз случайно из набора `[a-z0-9]`. При длине более 7 символов за 3 символа до конца ставится точка, имитируя TLD. Опционально можно разрезать оригинальный фейк. Например, `--dpi-desync-hostfakesplit-midhost=midsld`. Позиция нарезки должна попадать внутрь хоста. Многопакетные запросы поддерживаются только, если исходная нарезка пакетов не включает позиции имени хоста. В последнем случае дурение отменяется. Для ipv4 ip_id ставится одинаковым в фейках и оригинале хоста.