klavirshik
/
GoodbyeDPI
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge a650e55ffe into 4c846c712d

This commit is contained in:
jimraynor2470 2024-05-30 18:25:29 +00:00 committed by GitHub
parent 4c846c712d a650e55ffe
commit a96fd70ecc
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
4 changed files with 58 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
README.md
View File

@ -42,6 +42,9 @@ Usage: goodbyedpi.exe [OPTION...]
--blacklist <txtfile> perform circumvention tricks only to host names and subdomains from --blacklist <txtfile> perform circumvention tricks only to host names and subdomains from
supplied text file (HTTP Host/TLS SNI). supplied text file (HTTP Host/TLS SNI).
This option can be supplied multiple times. This option can be supplied multiple times.
--whitelist <txtfile> does not perform circumvention tricks to host names and subdomains from
supplied text file.
This option can be supplied multiple times.
--allow-no-sni perform circumvention if TLS SNI can't be detected with --blacklist enabled. --allow-no-sni perform circumvention if TLS SNI can't be detected with --blacklist enabled.
--set-ttl <value> activate Fake Request Mode and send it with supplied TTL value. --set-ttl <value> activate Fake Request Mode and send it with supplied TTL value.
DANGEROUS! May break websites in unexpected ways. Use with care (or --blacklist). DANGEROUS! May break websites in unexpected ways. Use with care (or --blacklist).

43
src/blackwhitelist.c
View File

@ -16,13 +16,14 @@ typedef struct blackwhitelist_record {
UT_hash_handle hh; /* makes this structure hashable */ UT_hash_handle hh; /* makes this structure hashable */
} blackwhitelist_record_t; } blackwhitelist_record_t;
static blackwhitelist_record_t *blackwhitelist = NULL; static blackwhitelist_record_t *blacklist = NULL;
static blackwhitelist_record_t *whitelist = NULL;
static int check_get_hostname(const char *host) { static int check_get_hostname(const char *host, blackwhitelist_record_t **list) {
blackwhitelist_record_t *tmp_record = NULL; blackwhitelist_record_t *tmp_record = NULL;
if (!blackwhitelist) return FALSE; if (!*list) return FALSE;
HASH_FIND_STR(blackwhitelist, host, tmp_record); HASH_FIND_STR(*list, host, tmp_record);
if (tmp_record) { if (tmp_record) {
debug("check_get_hostname found host\n"); debug("check_get_hostname found host\n");
return TRUE; return TRUE;
@ -31,17 +32,17 @@ static int check_get_hostname(const char *host) {
return FALSE; return FALSE;
} }
static int add_hostname(const char *host) { static int add_hostname(const char *host, blackwhitelist_record_t **list) {
if (!host) if (!host)
return FALSE; return FALSE;
blackwhitelist_record_t *tmp_record = malloc(sizeof(blackwhitelist_record_t)); blackwhitelist_record_t *tmp_record = malloc(sizeof(blackwhitelist_record_t));
char *host_c = NULL; char *host_c = NULL;
if (!check_get_hostname(host)) { if (!check_get_hostname(host, list)) {
host_c = strdup(host); host_c = strdup(host);
tmp_record->host = host_c; tmp_record->host = host_c;
HASH_ADD_KEYPTR(hh, blackwhitelist, tmp_record->host, HASH_ADD_KEYPTR(hh, *list, tmp_record->host,
strlen(tmp_record->host), tmp_record); strlen(tmp_record->host), tmp_record);
debug("Added host %s\n", host_c); debug("Added host %s\n", host_c);
return TRUE; return TRUE;
@ -53,7 +54,7 @@ static int add_hostname(const char *host) {
return FALSE; return FALSE;
} }
int blackwhitelist_load_list(const char *filename) { static int blackwhitelist_load_list(const char *filename, blackwhitelist_record_t **list) {
char *line = malloc(HOST_MAXLEN + 1); char *line = malloc(HOST_MAXLEN + 1);
size_t linelen = HOST_MAXLEN + 1; size_t linelen = HOST_MAXLEN + 1;
int cnt = 0; int cnt = 0;
@ -74,17 +75,25 @@ int blackwhitelist_load_list(const char *filename) {
printf("WARNING: host %s is less than 3 bytes, skipping\n", line); printf("WARNING: host %s is less than 3 bytes, skipping\n", line);
continue; continue;
} }
if (add_hostname(line)) if (add_hostname(line, list))
cnt++; cnt++;
} }
free(line); free(line);
if (!blackwhitelist) return FALSE; if (!*list) return FALSE;
printf("Loaded %d hosts from file %s\n", cnt, filename); printf("Loaded %d hosts from file %s\n", cnt, filename);
fclose(fp); fclose(fp);
return TRUE; return TRUE;
} }
int blackwhitelist_check_hostname(const char *host_addr, size_t host_len) { int blackwhitelist_load_blacklist(const char *filename) {
return blackwhitelist_load_list(filename, &blacklist);
}
int blackwhitelist_load_whitelist(const char *filename) {
return blackwhitelist_load_list(filename, &whitelist);
}
static int blackwhitelist_check_hostname(const char *host_addr, size_t host_len, blackwhitelist_record_t **list) {
char current_host[HOST_MAXLEN + 1]; char current_host[HOST_MAXLEN + 1];
char *tokenized_host = NULL; char *tokenized_host = NULL;
@ -94,13 +103,13 @@ int blackwhitelist_check_hostname(const char *host_addr, size_t host_len) {
current_host[host_len] = '\0'; current_host[host_len] = '\0';
} }
if (check_get_hostname(current_host)) if (check_get_hostname(current_host, list))
return TRUE; return TRUE;
tokenized_host = strchr(current_host, '.'); tokenized_host = strchr(current_host, '.');
while (tokenized_host != NULL && tokenized_host < (current_host + HOST_MAXLEN)) { while (tokenized_host != NULL && tokenized_host < (current_host + HOST_MAXLEN)) {
/* Search hostname only if there is next token */ /* Search hostname only if there is next token */
if (strchr(tokenized_host + 1, '.') && check_get_hostname(tokenized_host + 1)) if (strchr(tokenized_host + 1, '.') && check_get_hostname(tokenized_host + 1, list))
return TRUE; return TRUE;
tokenized_host = strchr(tokenized_host + 1, '.'); tokenized_host = strchr(tokenized_host + 1, '.');
} }
@ -108,3 +117,11 @@ int blackwhitelist_check_hostname(const char *host_addr, size_t host_len) {
debug("____blackwhitelist_check_hostname FALSE: host %s\n", current_host); debug("____blackwhitelist_check_hostname FALSE: host %s\n", current_host);
return FALSE; return FALSE;
} }
int blackwhitelist_check_hostname_blacklist(const char *host_addr, size_t host_len) {
return blackwhitelist_check_hostname(host_addr, host_len, &blacklist);
}
int blackwhitelist_check_hostname_whitelist(const char *host_addr, size_t host_len) {
return blackwhitelist_check_hostname(host_addr, host_len, &whitelist);
}

6
src/blackwhitelist.h
View File

@ -1,2 +1,4 @@
int blackwhitelist_load_list(const char *filename); int blackwhitelist_load_blacklist(const char *filename);
int blackwhitelist_check_hostname(const char *host_addr, size_t host_len); int blackwhitelist_load_whitelist(const char *filename);
int blackwhitelist_check_hostname_blacklist(const char *host_addr, size_t host_len);
int blackwhitelist_check_hostname_whitelist(const char *host_addr, size_t host_len);

28
src/goodbyedpi.c
View File

@ -161,6 +161,7 @@ static struct option long_options[] = {
{"dnsv6-port", required_argument, 0, '@' }, {"dnsv6-port", required_argument, 0, '@' },
{"dns-verb", no_argument, 0, 'v' }, {"dns-verb", no_argument, 0, 'v' },
{"blacklist", required_argument, 0, 'b' }, {"blacklist", required_argument, 0, 'b' },
{"whitelist", required_argument, 0, 't' },
{"allow-no-sni",no_argument, 0, ']' }, {"allow-no-sni",no_argument, 0, ']' },
{"ip-id", required_argument, 0, 'i' }, {"ip-id", required_argument, 0, 'i' },
{"set-ttl", required_argument, 0, '$' }, {"set-ttl", required_argument, 0, '$' },
@ -566,7 +567,8 @@ int main(int argc, char *argv[]) {
do_http_allports = 0, do_http_allports = 0,
do_host_mixedcase = 0, do_host_mixedcase = 0,
do_dnsv4_redirect = 0, do_dnsv6_redirect = 0, do_dnsv4_redirect = 0, do_dnsv6_redirect = 0,
do_dns_verb = 0, do_tcp_verb = 0, do_blacklist = 0, do_dns_verb = 0, do_tcp_verb = 0,
do_blacklist = 0, do_whitelist = 0,
do_allow_no_sni = 0, do_allow_no_sni = 0,
do_fake_packet = 0, do_fake_packet = 0,
do_auto_ttl = 0, do_auto_ttl = 0,
@ -798,11 +800,18 @@ int main(int argc, char *argv[]) {
break; break;
case 'b': // --blacklist case 'b': // --blacklist
do_blacklist = 1; do_blacklist = 1;
if (!blackwhitelist_load_list(optarg)) { if (!blackwhitelist_load_blacklist(optarg)) {
printf("Can't load blacklist from file!\n"); printf("Can't load blacklist from file!\n");
exit(EXIT_FAILURE); exit(EXIT_FAILURE);
} }
break; break;
case 't': // --whitelist
do_whitelist = 1;
if (!blackwhitelist_load_whitelist(optarg)) {
printf("Can't load whitelist from file!\n");
exit(EXIT_FAILURE);
}
break;
case ']': // --allow-no-sni case ']': // --allow-no-sni
do_allow_no_sni = 1; do_allow_no_sni = 1;
break; break;
@ -898,6 +907,9 @@ int main(int argc, char *argv[]) {
" --blacklist <txtfile> perform circumvention tricks only to host names and subdomains from\n" " --blacklist <txtfile> perform circumvention tricks only to host names and subdomains from\n"
" supplied text file (HTTP Host/TLS SNI).\n" " supplied text file (HTTP Host/TLS SNI).\n"
" This option can be supplied multiple times.\n" " This option can be supplied multiple times.\n"
" --whitelist <txtfile> does not perform circumvention tricks to host names and subdomains from\n"
" supplied text file.\n"
" This option can be supplied multiple times.\n"
" --allow-no-sni perform circumvention if TLS SNI can't be detected with --blacklist enabled.\n" " --allow-no-sni perform circumvention if TLS SNI can't be detected with --blacklist enabled.\n"
" --set-ttl <value> activate Fake Request Mode and send it with supplied TTL value.\n" " --set-ttl <value> activate Fake Request Mode and send it with supplied TTL value.\n"
" DANGEROUS! May break websites in unexpected ways. Use with care (or --blacklist).\n" " DANGEROUS! May break websites in unexpected ways. Use with care (or --blacklist).\n"
@ -1131,16 +1143,17 @@ int main(int argc, char *argv[]) {
if ((packet_dataLen == 2 && memcmp(packet_data, "\x16\x03", 2) == 0) || if ((packet_dataLen == 2 && memcmp(packet_data, "\x16\x03", 2) == 0) ||
(packet_dataLen >= 3 && ( memcmp(packet_data, "\x16\x03\x01", 3) == 0 || memcmp(packet_data, "\x16\x03\x03", 3) == 0 ))) (packet_dataLen >= 3 && ( memcmp(packet_data, "\x16\x03\x01", 3) == 0 || memcmp(packet_data, "\x16\x03\x03", 3) == 0 )))
{ {
if (do_blacklist) { if (do_blacklist || do_whitelist) {
sni_ok = extract_sni(packet_data, packet_dataLen, sni_ok = extract_sni(packet_data, packet_dataLen,
&host_addr, &host_len); &host_addr, &host_len);
} }
if ( if (
(do_blacklist && sni_ok && ((do_blacklist && sni_ok &&
blackwhitelist_check_hostname(host_addr, host_len) blackwhitelist_check_hostname_blacklist(host_addr, host_len)
) || ) ||
(do_blacklist && !sni_ok && do_allow_no_sni) || (do_blacklist && !sni_ok && do_allow_no_sni) ||
(!do_blacklist) (!do_blacklist)) &&
(do_whitelist ? !blackwhitelist_check_hostname_whitelist(host_addr, host_len) : 1)
) )
{ {
#ifdef DEBUG #ifdef DEBUG
@ -1176,7 +1189,8 @@ int main(int argc, char *argv[]) {
if (find_header_and_get_info(packet_data, packet_dataLen, if (find_header_and_get_info(packet_data, packet_dataLen,
http_host_find, &hdr_name_addr, &hdr_value_addr, &hdr_value_len) && http_host_find, &hdr_name_addr, &hdr_value_addr, &hdr_value_len) &&
hdr_value_len > 0 && hdr_value_len <= HOST_MAXLEN && hdr_value_len > 0 && hdr_value_len <= HOST_MAXLEN &&
(do_blacklist ? blackwhitelist_check_hostname(hdr_value_addr, hdr_value_len) : 1)) (do_blacklist ? blackwhitelist_check_hostname_blacklist(hdr_value_addr, hdr_value_len) : 1) &&
(do_whitelist ? !blackwhitelist_check_hostname_whitelist(hdr_value_addr, hdr_value_len) : 1))
{ {
host_addr = hdr_value_addr; host_addr = hdr_value_addr;
host_len = hdr_value_len; host_len = hdr_value_len;