gsd
/
zapret
mirror of https://github.com/bol-van/zapret/
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

nfqws,tpws: debug tls version

pull/1361/head
bol-van 1 week ago
parent
b12b1a5a17
commit
d19f6c19a4
7 changed files with 93 additions and 0 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 4
      docs/changes.txt
  2. 31
      nfq/desync.c
  3. 13
      nfq/protocol.c
  4. 1
      nfq/protocol.h
  5. 14
      tpws/protocol.c
  6. 1
      tpws/protocol.h
  7. 29
      tpws/tamper.c

4
docs/changes.txt
View File

@ -481,3 +481,7 @@ nfqws: update default TLS ClientHello fake. firefox 136.0.4 finger, no kyber, SN
nfqws: multiple mods for multiple TLS fakes
init.d: remove 50-discord
blockcheck: use tpws --fix-seg on linux for multiple splits
v70.7
nfqws,tpws: debug tls version

31
nfq/desync.c
View File

@ -83,6 +83,35 @@ const uint8_t fake_tls_clienthello_default[680] = {
#define TCP_MAX_REASM 16384
#define UDP_MAX_REASM 16384
void TLSDebug(const uint8_t *tls,size_t sz)
{
if (sz<11) return;
uint16_t v_rec=pntoh16(tls+1), v_handshake=pntoh16(tls+9), v;
DLOG("TLS record layer version : %s\nTLS handshake version : %s\n",TLSVersionStr(v_rec),TLSVersionStr(v_handshake));
const uint8_t *ext_supvers;
size_t len_supvers,len_supvers2;
if (TLSFindExt(tls,sz,43,&ext_supvers,&len_supvers,false))
{
if (len_supvers)
{
len_supvers2 = ext_supvers[0];
if (len_supvers2<len_supvers)
{
for(ext_supvers++,len_supvers2&=~1 ; len_supvers2 ; len_supvers2-=2,ext_supvers+=2)
{
v = pntoh16(ext_supvers);
DLOG("TLS supported versions ext : %s\n",TLSVersionStr(v));
}
}
}
}
else
DLOG("TLS supported versions ext : not present\n");
}
bool desync_valid_zero_stage(enum dpi_desync_mode mode)
{
return mode==DESYNC_SYNACK || mode==DESYNC_SYNDATA;
@ -966,6 +995,8 @@ static uint8_t dpi_desync_tcp_packet_play(bool replay, size_t reasm_offset, uint
DLOG(bReqFull ? "packet contains full TLS ClientHello\n" : "packet contains partial TLS ClientHello\n");
l7proto = TLS;
if (bReqFull && params.debug) TLSDebug(rdata_payload,rlen_payload);
bHaveHost=TLSHelloExtractHost(rdata_payload,rlen_payload,host,sizeof(host),TLS_PARTIALS_ENABLE);
if (ctrack)

13
nfq/protocol.c
View File

@ -345,6 +345,19 @@ size_t HttpPos(uint8_t posmarker, int16_t pos, const uint8_t *data, size_t sz)
}
const char *TLSVersionStr(uint16_t tlsver)
{
switch(tlsver)
{
case 0x0301: return "TLS 1.0";
case 0x0302: return "TLS 1.1";
case 0x0303: return "TLS 1.2";
case 0x0304: return "TLS 1.3";
default:
// 0x0a0a, 0x1a1a, ..., 0xfafa
return (((tlsver & 0x0F0F) == 0x0A0A) && ((tlsver>>12)==((tlsver>>4)&0xF))) ? "GREASE" : "UNKNOWN";
}
}
uint16_t TLSRecordDataLen(const uint8_t *data)
{

1
nfq/protocol.h
View File

@ -57,6 +57,7 @@ int HttpReplyCode(const uint8_t *data, size_t len);
// must be pre-checked by IsHttpReply
bool HttpReplyLooksLikeDPIRedirect(const uint8_t *data, size_t len, const char *host);
const char *TLSVersionStr(uint16_t tlsver);
uint16_t TLSRecordDataLen(const uint8_t *data);
size_t TLSRecordLen(const uint8_t *data);
bool IsTLSRecordFull(const uint8_t *data, size_t len);

14
tpws/protocol.c
View File

@ -339,6 +339,20 @@ size_t HttpPos(uint8_t posmarker, int16_t pos, const uint8_t *data, size_t sz)
const char *TLSVersionStr(uint16_t tlsver)
{
switch(tlsver)
{
case 0x0301: return "TLS 1.0";
case 0x0302: return "TLS 1.1";
case 0x0303: return "TLS 1.2";
case 0x0304: return "TLS 1.3";
default:
// 0x0a0a, 0x1a1a, ..., 0xfafa
return (((tlsver & 0x0F0F) == 0x0A0A) && ((tlsver>>12)==((tlsver>>4)&0xF))) ? "GREASE" : "UNKNOWN";
}
}
uint16_t TLSRecordDataLen(const uint8_t *data)
{
return pntoh16(data + 3);

1
tpws/protocol.h
View File

@ -53,6 +53,7 @@ int HttpReplyCode(const uint8_t *data, size_t len);
// must be pre-checked by IsHttpReply
bool HttpReplyLooksLikeDPIRedirect(const uint8_t *data, size_t len, const char *host);
const char *TLSVersionStr(uint16_t tlsver);
uint16_t TLSRecordDataLen(const uint8_t *data);
size_t TLSRecordLen(const uint8_t *data);
bool IsTLSRecordFull(const uint8_t *data, size_t len);

29
tpws/tamper.c
View File

@ -15,6 +15,34 @@ void packet_debug(const uint8_t *data, size_t sz)
hexdump_limited_dlog(data, sz, PKTDATA_MAXDUMP); VPRINT("\n");
}
void TLSDebug(const uint8_t *tls,size_t sz)
{
if (sz<11) return;
uint16_t v_rec=pntoh16(tls+1), v_handshake=pntoh16(tls+9), v;
VPRINT("TLS record layer version : %s\nTLS handshake version : %s\n",TLSVersionStr(v_rec),TLSVersionStr(v_handshake));
const uint8_t *ext_supvers;
size_t len_supvers,len_supvers2;
if (TLSFindExt(tls,sz,43,&ext_supvers,&len_supvers,false))
{
if (len_supvers)
{
len_supvers2 = ext_supvers[0];
if (len_supvers2<len_supvers)
{
for(ext_supvers++,len_supvers2&=~1 ; len_supvers2 ; len_supvers2-=2,ext_supvers+=2)
{
v = pntoh16(ext_supvers);
VPRINT("TLS supported versions ext : %s\n",TLSVersionStr(v));
}
}
}
}
else
VPRINT("TLS supported versions ext : not present\n");
}
static bool dp_match(struct desync_profile *dp, const struct sockaddr *dest, const char *hostname, t_l7proto l7proto)
{
bool bHostlistsEmpty;
@ -130,6 +158,7 @@ void tamper_out(t_ctrack *ctrack, const struct sockaddr *dest, uint8_t *segment,
{
VPRINT("Data block contains TLS ClientHello\n");
l7proto=TLS;
if (params.debug) TLSDebug(segment,*size);
bHaveHost=TLSHelloExtractHost((uint8_t*)segment,*size,Host,sizeof(Host),false);
}
else

Write Preview
Loading…
Cancel
Save