mirrors/GoodbyeDPI
1
0
Fork 0
mirror of https://github.com/ValdikSS/GoodbyeDPI.git synced 2024-12-22 06:15:27 +00:00
Code Issues Packages Projects Releases Wiki Activity

Handle TLS SNI in blacklist option

Browse Source 
Now blacklist applies not only to HTTP websites, but also to HTTPS.

Fixes #213
This commit is contained in:
ValdikSS 2021-12-25 10:15:13 +03:00
parent cf7d1c69e0
commit 35c6e401db
2 changed files with 20 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
README.md
View File

@ -31,8 +31,9 @@ Usage: goodbyedpi.exe [OPTION...]
--dnsv6-addr [value] redirect UDPv6 DNS requests to the supplied IPv6 address (experimental)
--dnsv6-port [value] redirect UDPv6 DNS requests to the supplied port (53 by default)
--dns-verb print verbose DNS redirection messages
--blacklist [txtfile] perform HTTP tricks only to host names and subdomains from
supplied text file. This option can be supplied multiple times.
--blacklist [txtfile] perform circumvention tricks only to host names and subdomains from
supplied text file (HTTP Host/TLS SNI).
This option can be supplied multiple times.
--set-ttl [value] activate Fake Request Mode and send it with supplied TTL value.
DANGEROUS! May break websites in unexpected ways. Use with care.
--wrong-chksum activate Fake Request Mode and send it with incorrect TCP checksum.

26
src/goodbyedpi.c
View File

@ -741,8 +741,9 @@ int main(int argc, char *argv[]) {
" --dnsv6-addr [value] redirect UDPv6 DNS requests to the supplied IPv6 address (experimental)\n"
" --dnsv6-port [value] redirect UDPv6 DNS requests to the supplied port (53 by default)\n"
" --dns-verb print verbose DNS redirection messages\n"
" --blacklist [txtfile] perform HTTP tricks only to host names and subdomains from\n"
" supplied text file. This option can be supplied multiple times.\n"
" --blacklist [txtfile] perform circumvention tricks only to host names and subdomains from\n"
" supplied text file (HTTP Host/TLS SNI).\n"
" This option can be supplied multiple times.\n"
" --set-ttl [value] activate Fake Request Mode and send it with supplied TTL value.\n"
" DANGEROUS! May break websites in unexpected ways. Use with care.\n"
" Could be combined with --wrong-chksum.\n"
@ -907,13 +908,20 @@ int main(int argc, char *argv[]) {
)
{
if (packet_dataLen >=2 && memcmp(packet_data, "\x16\x03", 2) == 0) {
if (do_fake_packet) {
send_fake_https_request(w_filter, &addr, packet, packetLen, packet_v6,
ttl_of_fake_packet, do_wrong_chksum);
}
if (do_native_frag) {
// Signal for native fragmentation code handler
should_recalc_checksum = 1;
if (do_blacklist
? (extract_sni(packet_data, packet_dataLen,
&host_addr, &host_len) &&
blackwhitelist_check_hostname(host_addr, host_len))
: 1)
{
if (do_fake_packet) {
send_fake_https_request(w_filter, &addr, packet, packetLen, packet_v6,
ttl_of_fake_packet, do_wrong_chksum);
}
if (do_native_frag) {
// Signal for native fragmentation code handler
should_recalc_checksum = 1;
}
}
}
}