2017-05-16 19:07:40 +00:00
|
|
|
/*
|
|
|
|
* GoodbyeDPI — Passive DPI blocker and Active DPI circumvention utility.
|
|
|
|
*/
|
|
|
|
|
|
|
|
#include <stdio.h>
|
|
|
|
#include <stdlib.h>
|
|
|
|
#include <signal.h>
|
|
|
|
#include <unistd.h>
|
|
|
|
#include <string.h>
|
|
|
|
#include <winsock2.h>
|
|
|
|
#include "windivert.h"
|
|
|
|
|
|
|
|
#define die() do { printf("Something went wrong!\n" \
|
|
|
|
"Make sure you're running this program with administrator privileges\n"); \
|
2017-05-17 18:31:42 +00:00
|
|
|
sleep(10); exit(EXIT_FAILURE); } while (0)
|
2017-05-16 19:07:40 +00:00
|
|
|
|
|
|
|
#define MAX_FILTERS 4
|
|
|
|
#define MAX_PACKET_SIZE 1516
|
|
|
|
#define IPV4_HDR_LEN 20
|
|
|
|
#define TCP_HDR_LEN 20
|
|
|
|
#define IPV4_TOTALLEN_OFFSET 2
|
|
|
|
#define TCP_WINDOWSIZE_OFFSET 14
|
2017-08-15 11:09:47 +00:00
|
|
|
|
|
|
|
#define DIVERT_NO_LOCALNETS_DST "(" \
|
|
|
|
"(ip.DstAddr < 127.0.0.1 or ip.DstAddr > 127.255.255.255) and " \
|
|
|
|
"(ip.DstAddr < 10.0.0.0 or ip.DstAddr > 10.255.255.255) and " \
|
|
|
|
"(ip.DstAddr < 192.168.0.0 or ip.DstAddr > 192.168.255.255) and " \
|
|
|
|
"(ip.DstAddr < 172.16.0.0 or ip.DstAddr > 172.31.255.255) and " \
|
|
|
|
"(ip.DstAddr < 169.254.0.0 or ip.DstAddr > 169.254.255.255)" \
|
|
|
|
")"
|
|
|
|
#define DIVERT_NO_LOCALNETS_SRC "(" \
|
|
|
|
"(ip.SrcAddr < 127.0.0.1 or ip.SrcAddr > 127.255.255.255) and " \
|
|
|
|
"(ip.SrcAddr < 10.0.0.0 or ip.SrcAddr > 10.255.255.255) and " \
|
|
|
|
"(ip.SrcAddr < 192.168.0.0 or ip.SrcAddr > 192.168.255.255) and " \
|
|
|
|
"(ip.SrcAddr < 172.16.0.0 or ip.SrcAddr > 172.31.255.255) and " \
|
|
|
|
"(ip.SrcAddr < 169.254.0.0 or ip.SrcAddr > 169.254.255.255)" \
|
|
|
|
")"
|
2017-05-16 19:07:40 +00:00
|
|
|
|
|
|
|
static HANDLE filters[MAX_FILTERS];
|
|
|
|
static int filter_num = 0;
|
2017-05-20 09:24:29 +00:00
|
|
|
static const char *http10_redirect_302 = "HTTP/1.0 302 ";
|
|
|
|
static const char *http11_redirect_302 = "HTTP/1.1 302 ";
|
2017-05-16 19:07:40 +00:00
|
|
|
static const char *http_host_find = "\r\nHost: ";
|
|
|
|
static const char *http_host_replace = "\r\nhoSt: ";
|
2017-05-24 21:18:30 +00:00
|
|
|
static const char *http_useragent_find = "\r\nUser-Agent: ";
|
2017-05-20 09:24:29 +00:00
|
|
|
static const char *location_http = "\r\nLocation: http://";
|
2017-08-15 05:25:55 +00:00
|
|
|
static const char *connection_close = "\r\nConnection: close";
|
2017-05-23 10:24:20 +00:00
|
|
|
static const char *http_methods[] = {
|
|
|
|
"GET ",
|
|
|
|
"HEAD ",
|
|
|
|
"POST ",
|
|
|
|
"PUT ",
|
|
|
|
"DELETE ",
|
|
|
|
"CONNECT ",
|
|
|
|
"OPTIONS ",
|
|
|
|
};
|
2017-05-16 19:07:40 +00:00
|
|
|
|
2017-05-20 09:25:20 +00:00
|
|
|
static char* dumb_memmem(const char* haystack, int hlen, const char* needle, int nlen) {
|
2017-05-16 19:07:40 +00:00
|
|
|
// naive implementation
|
|
|
|
if (nlen > hlen) return 0;
|
|
|
|
int i;
|
|
|
|
for (i=0; i<hlen-nlen+1; i++) {
|
|
|
|
if (memcmp(haystack+i,needle,nlen)==0) {
|
2017-05-20 09:25:20 +00:00
|
|
|
return (char*)(haystack+i);
|
2017-05-16 19:07:40 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
|
|
|
static HANDLE init(char *filter, UINT64 flags) {
|
2017-08-15 11:09:06 +00:00
|
|
|
LPTSTR errormessage = NULL;
|
2017-05-16 19:07:40 +00:00
|
|
|
filter = WinDivertOpen(filter, WINDIVERT_LAYER_NETWORK, 0, flags);
|
|
|
|
if (filter != INVALID_HANDLE_VALUE)
|
|
|
|
return filter;
|
2017-08-15 11:09:06 +00:00
|
|
|
FormatMessage(FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM |
|
|
|
|
FORMAT_MESSAGE_IGNORE_INSERTS,
|
|
|
|
NULL, GetLastError(), MAKELANGID(LANG_ENGLISH, SUBLANG_DEFAULT),
|
|
|
|
(LPTSTR)&errormessage, 0, NULL);
|
|
|
|
printf("%s", errormessage);
|
2017-05-16 19:07:40 +00:00
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int deinit(HANDLE handle) {
|
|
|
|
if (handle) {
|
|
|
|
WinDivertClose(handle);
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
static void deinit_all() {
|
|
|
|
for (int i = 0; i < filter_num; i++) {
|
|
|
|
deinit(filters[i]);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
static void sigint_handler(int sig) {
|
|
|
|
deinit_all();
|
2017-05-17 18:31:42 +00:00
|
|
|
exit(EXIT_SUCCESS);
|
2017-05-16 19:07:40 +00:00
|
|
|
}
|
|
|
|
|
2017-05-20 09:24:29 +00:00
|
|
|
static int is_passivedpi_redirect(const char *pktdata, int pktlen) {
|
|
|
|
/* First check if this is HTTP 302 redirect */
|
|
|
|
if (memcmp(pktdata, http11_redirect_302, strlen(http11_redirect_302)) == 0 ||
|
|
|
|
memcmp(pktdata, http10_redirect_302, strlen(http10_redirect_302)) == 0)
|
|
|
|
{
|
2017-08-15 05:25:55 +00:00
|
|
|
/* Then check if this is a redirect to new http site with Connection: close */
|
|
|
|
if (dumb_memmem(pktdata, pktlen, location_http, strlen(location_http)) &&
|
|
|
|
dumb_memmem(pktdata, pktlen, connection_close, strlen(connection_close))) {
|
2017-05-20 09:24:29 +00:00
|
|
|
return 1;
|
|
|
|
}
|
2017-05-16 19:07:40 +00:00
|
|
|
}
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Finds Host header with \r\n before it */
|
2017-05-20 09:25:20 +00:00
|
|
|
static PVOID find_host_header(const char *pktdata, int pktlen) {
|
2017-05-16 19:07:40 +00:00
|
|
|
return dumb_memmem(pktdata, pktlen,
|
2017-05-20 09:25:20 +00:00
|
|
|
http_host_find, strlen(http_host_find));
|
2017-05-16 19:07:40 +00:00
|
|
|
}
|
|
|
|
|
2017-05-24 21:18:30 +00:00
|
|
|
/* Finds User-Agent header with \r\n before it */
|
|
|
|
static PVOID find_useragent_header(const char *pktdata, int pktlen) {
|
|
|
|
return dumb_memmem(pktdata, pktlen,
|
|
|
|
http_useragent_find, strlen(http_useragent_find));
|
|
|
|
}
|
|
|
|
|
2017-05-23 10:23:20 +00:00
|
|
|
static void change_window_size(const char *pkt, int size) {
|
2017-05-17 18:33:44 +00:00
|
|
|
*(uint16_t*)(pkt + IPV4_HDR_LEN + TCP_WINDOWSIZE_OFFSET) = htons(size);
|
2017-05-16 19:07:40 +00:00
|
|
|
}
|
|
|
|
|
2017-05-23 10:24:20 +00:00
|
|
|
/* HTTP method end without trailing space */
|
2017-08-28 08:43:55 +00:00
|
|
|
static PVOID find_http_method_end(const char *pkt, int offset) {
|
2017-05-23 10:24:20 +00:00
|
|
|
int i;
|
|
|
|
for (i = 0; i<(sizeof(http_methods) / sizeof(*http_methods)); i++) {
|
|
|
|
if (memcmp(pkt, http_methods[i], strlen(http_methods[i])) == 0) {
|
2017-08-28 08:43:55 +00:00
|
|
|
return (char*)pkt + strlen(http_methods[i]) - 1;
|
|
|
|
}
|
|
|
|
/* Try to find HTTP method in a second part of fragmented packet */
|
|
|
|
if ((offset == 1 || offset == 2) &&
|
|
|
|
memcmp(pkt, http_methods[i] + offset,
|
|
|
|
strlen(http_methods[i]) - offset) == 0
|
|
|
|
)
|
|
|
|
{
|
|
|
|
return (char*)pkt + strlen(http_methods[i]) - offset - 1;
|
2017-05-23 10:24:20 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
2017-05-16 19:07:40 +00:00
|
|
|
int main(int argc, char *argv[]) {
|
2017-05-17 18:33:44 +00:00
|
|
|
static const char fragment_size_message[] =
|
|
|
|
"Fragment size should be in range [0 - 65535]\n";
|
2017-09-04 19:14:17 +00:00
|
|
|
int i, should_reinject, should_recalc_checksum = 0;
|
2017-05-17 18:33:44 +00:00
|
|
|
int opt;
|
2017-05-16 19:07:40 +00:00
|
|
|
HANDLE w_filter = NULL;
|
|
|
|
WINDIVERT_ADDRESS addr;
|
|
|
|
char packet[MAX_PACKET_SIZE];
|
|
|
|
PVOID packet_data;
|
|
|
|
UINT packetLen;
|
|
|
|
UINT packet_dataLen;
|
|
|
|
PWINDIVERT_IPHDR ppIpHdr;
|
|
|
|
PWINDIVERT_TCPHDR ppTcpHdr;
|
|
|
|
|
2017-05-17 18:33:44 +00:00
|
|
|
int do_passivedpi = 0, do_fragment_http = 0,
|
|
|
|
do_fragment_https = 0, do_host = 0,
|
2017-05-23 10:24:20 +00:00
|
|
|
do_host_removespace = 0, do_additional_space = 0;
|
2017-05-17 18:33:44 +00:00
|
|
|
int http_fragment_size = 2;
|
|
|
|
int https_fragment_size = 2;
|
2017-05-24 21:18:30 +00:00
|
|
|
char *data_addr, *data_addr_rn, *host_addr, *useragent_addr, *method_addr;
|
|
|
|
int data_len, host_len;
|
2017-05-16 19:07:40 +00:00
|
|
|
|
2017-05-17 18:33:44 +00:00
|
|
|
printf("GoodbyeDPI: Passive DPI blocker and Active DPI circumvention utility\n");
|
2017-05-16 19:07:40 +00:00
|
|
|
|
2017-05-17 18:33:44 +00:00
|
|
|
if (argc == 1) {
|
|
|
|
/* enable mode -1 by default */
|
|
|
|
do_passivedpi = do_host = do_host_removespace \
|
|
|
|
= do_fragment_http = do_fragment_https = 1;
|
2017-05-16 19:07:40 +00:00
|
|
|
}
|
2017-05-17 18:33:44 +00:00
|
|
|
|
2017-05-23 10:24:20 +00:00
|
|
|
while ((opt = getopt(argc, argv, "1234prsaf:e:")) != -1) {
|
2017-05-17 18:33:44 +00:00
|
|
|
switch (opt) {
|
|
|
|
case '1':
|
|
|
|
do_passivedpi = do_host = do_host_removespace \
|
|
|
|
= do_fragment_http = do_fragment_https = 1;
|
|
|
|
break;
|
|
|
|
case '2':
|
|
|
|
do_passivedpi = do_host = do_host_removespace \
|
|
|
|
= do_fragment_http = do_fragment_https = 1;
|
|
|
|
https_fragment_size = 40;
|
|
|
|
break;
|
|
|
|
case '3':
|
2017-05-17 19:02:22 +00:00
|
|
|
do_passivedpi = do_host = do_host_removespace \
|
|
|
|
= do_fragment_https = 1;
|
|
|
|
https_fragment_size = 40;
|
|
|
|
case '4':
|
2017-05-17 18:33:44 +00:00
|
|
|
do_passivedpi = do_host = do_host_removespace = 1;
|
|
|
|
break;
|
|
|
|
case 'p':
|
|
|
|
do_passivedpi = 1;
|
|
|
|
break;
|
|
|
|
case 'r':
|
|
|
|
do_host = 1;
|
|
|
|
break;
|
|
|
|
case 's':
|
|
|
|
do_host_removespace = 1;
|
|
|
|
break;
|
2017-05-23 10:24:20 +00:00
|
|
|
case 'a':
|
|
|
|
do_additional_space = 1;
|
|
|
|
do_host_removespace = 1;
|
|
|
|
break;
|
2017-05-17 18:33:44 +00:00
|
|
|
case 'f':
|
|
|
|
do_fragment_http = 1;
|
|
|
|
http_fragment_size = atoi(optarg);
|
|
|
|
if (http_fragment_size <= 0 || http_fragment_size > 65535) {
|
|
|
|
printf(fragment_size_message);
|
|
|
|
exit(EXIT_FAILURE);
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
case 'e':
|
|
|
|
do_fragment_https = 1;
|
|
|
|
https_fragment_size = atoi(optarg);
|
|
|
|
if (https_fragment_size <= 0 || https_fragment_size > 65535) {
|
|
|
|
printf(fragment_size_message);
|
|
|
|
exit(EXIT_FAILURE);
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
default:
|
|
|
|
printf("Usage: goodbyedpi.exe [OPTION...]\n"
|
|
|
|
" -p block passive DPI\n"
|
|
|
|
" -r replace Host with hoSt\n"
|
|
|
|
" -s remove space between host header and its value\n"
|
2017-05-23 10:24:20 +00:00
|
|
|
" -a additional space between Method and Request-URI (enables -s, may break sites)\n"
|
2017-05-17 18:33:44 +00:00
|
|
|
" -f [value] set HTTP fragmentation to value\n"
|
|
|
|
" -e [value] set HTTPS fragmentation to value\n"
|
|
|
|
"\n"
|
2017-05-23 10:24:20 +00:00
|
|
|
" -1 -p -r -s -f 2 -e 2 (most compatible mode, default)\n"
|
|
|
|
" -2 -p -r -s -f 2 -e 40 (better speed yet still compatible)\n"
|
|
|
|
" -3 -p -r -s -e 40 (even better speed)\n"
|
|
|
|
" -4 -p -r -s (best speed)\n");
|
2017-05-17 18:33:44 +00:00
|
|
|
exit(EXIT_FAILURE);
|
|
|
|
}
|
2017-05-16 19:07:40 +00:00
|
|
|
}
|
|
|
|
|
2017-05-17 18:33:44 +00:00
|
|
|
printf("Block passive: %d, Fragment HTTP: %d, Fragment HTTPS: %d, "
|
2017-05-23 10:24:20 +00:00
|
|
|
"hoSt: %d, Host no space: %d, Additional space: %d\n",
|
2017-05-17 18:33:44 +00:00
|
|
|
do_passivedpi, (do_fragment_http ? http_fragment_size : 0),
|
|
|
|
(do_fragment_https ? https_fragment_size : 0),
|
2017-05-23 10:24:20 +00:00
|
|
|
do_host, do_host_removespace, do_additional_space);
|
2017-05-17 18:33:44 +00:00
|
|
|
|
2017-08-28 08:46:59 +00:00
|
|
|
if (do_fragment_http && http_fragment_size > 2) {
|
|
|
|
printf("WARNING: HTTP fragmentation values > 2 are not fully compatible "
|
|
|
|
"with other options. Please use values <= 2 or disable HTTP fragmentation "
|
|
|
|
"completely.\n");
|
|
|
|
}
|
|
|
|
|
2017-05-17 18:33:44 +00:00
|
|
|
printf("\nOpening filter\n");
|
2017-05-16 19:07:40 +00:00
|
|
|
filter_num = 0;
|
|
|
|
|
|
|
|
if (do_passivedpi) {
|
2017-08-15 11:09:47 +00:00
|
|
|
/* IPv4 filter for inbound RST packets with ID = 0 or 1 */
|
|
|
|
filters[filter_num] = init(
|
|
|
|
"inbound and ip and tcp and "
|
|
|
|
"(ip.Id == 0x0001 or ip.Id == 0x0000) and "
|
|
|
|
"(tcp.SrcPort == 443 or tcp.SrcPort == 80) and tcp.Rst and "
|
|
|
|
DIVERT_NO_LOCALNETS_SRC,
|
|
|
|
WINDIVERT_FLAG_DROP);
|
2017-05-16 19:07:40 +00:00
|
|
|
filter_num++;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
2017-08-15 11:09:47 +00:00
|
|
|
* IPv4 filter for inbound HTTP redirection packets and
|
2017-05-16 19:07:40 +00:00
|
|
|
* active DPI circumvention
|
|
|
|
*/
|
2017-08-15 11:09:47 +00:00
|
|
|
filters[filter_num] = init("ip and tcp and "
|
|
|
|
"(inbound and (("
|
|
|
|
"((ip.Id == 0x0001 or ip.Id == 0x0000) and tcp.SrcPort == 80 and tcp.Ack) or "
|
|
|
|
"((tcp.SrcPort == 80 or tcp.SrcPort == 443) and tcp.Ack and tcp.Syn)"
|
|
|
|
") and " DIVERT_NO_LOCALNETS_SRC ") or "
|
|
|
|
"(outbound and "
|
|
|
|
"(tcp.DstPort == 80 or tcp.DstPort == 443) and tcp.Ack and "
|
|
|
|
DIVERT_NO_LOCALNETS_DST ")"
|
|
|
|
")",
|
|
|
|
0);
|
2017-05-16 19:07:40 +00:00
|
|
|
|
|
|
|
w_filter = filters[filter_num];
|
|
|
|
filter_num++;
|
|
|
|
|
|
|
|
for (i = 0; i < filter_num; i++) {
|
|
|
|
if (filters[i] == NULL)
|
|
|
|
die();
|
|
|
|
}
|
|
|
|
|
|
|
|
printf("Filter activated!\n");
|
|
|
|
signal(SIGINT, sigint_handler);
|
|
|
|
|
|
|
|
while (1) {
|
2017-09-07 13:01:19 +00:00
|
|
|
if (WinDivertRecv(w_filter, packet, sizeof(packet), &addr, &packetLen)) {
|
|
|
|
printf("Got %s packet, len=%d!\n", addr.Direction ? "inbound" : "outbound",
|
|
|
|
packetLen);
|
2017-05-16 19:07:40 +00:00
|
|
|
|
2017-09-07 13:01:19 +00:00
|
|
|
// do nothing for DATA packet
|
2017-05-16 19:07:40 +00:00
|
|
|
if (WinDivertHelperParsePacket(packet, packetLen, &ppIpHdr,
|
|
|
|
NULL, NULL, NULL, &ppTcpHdr, NULL, &packet_data, &packet_dataLen)) {
|
2017-09-07 13:01:19 +00:00
|
|
|
}
|
2017-05-23 10:24:20 +00:00
|
|
|
|
2017-09-07 13:01:19 +00:00
|
|
|
// reduce window size on non-data packet
|
2017-05-16 19:07:40 +00:00
|
|
|
else if (WinDivertHelperParsePacket(packet, packetLen, &ppIpHdr,
|
|
|
|
NULL, NULL, NULL, &ppTcpHdr, NULL, NULL, NULL)) {
|
|
|
|
/* If we got SYN+ACK packet */
|
|
|
|
if (addr.Direction == WINDIVERT_DIRECTION_INBOUND &&
|
|
|
|
ppTcpHdr->Syn == 1) {
|
2017-09-07 13:01:19 +00:00
|
|
|
printf("Changing Window Size!\n");
|
2017-06-11 18:50:22 +00:00
|
|
|
if (do_fragment_http && ppTcpHdr->SrcPort == htons(80)) {
|
2017-05-17 18:33:44 +00:00
|
|
|
change_window_size(packet, http_fragment_size);
|
2017-09-07 13:01:19 +00:00
|
|
|
WinDivertHelperCalcChecksums(packet, packetLen, 0);
|
2017-05-17 18:33:44 +00:00
|
|
|
}
|
2017-06-11 18:50:22 +00:00
|
|
|
else if (do_fragment_https && ppTcpHdr->SrcPort != htons(80)) {
|
2017-05-17 18:33:44 +00:00
|
|
|
change_window_size(packet, https_fragment_size);
|
2017-09-07 13:01:19 +00:00
|
|
|
WinDivertHelperCalcChecksums(packet, packetLen, 0);
|
2017-05-16 19:07:40 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
2017-09-07 13:01:19 +00:00
|
|
|
// uncomment this to make it work
|
|
|
|
//WinDivertHelperCalcChecksums(packet, packetLen, 0);
|
|
|
|
WinDivertSend(w_filter, packet, packetLen, &addr, NULL);
|
2017-05-16 19:07:40 +00:00
|
|
|
}
|
|
|
|
else {
|
|
|
|
// error, ignore
|
|
|
|
printf("Error receiving packet!\n");
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|