mirrors/GoodbyeDPI
1
0
Fork 0
mirror of https://github.com/ValdikSS/GoodbyeDPI.git synced 2024-12-22 06:15:27 +00:00
Code Issues Packages Projects Releases Wiki Activity

Handle TLS SNI in blacklist option

Browse Source 
Now blacklist applies not only to HTTP websites, but also to HTTPS.

Fixes #213
This commit is contained in:
ValdikSS 2021-12-25 10:15:13 +03:00
parent cf7d1c69e0
commit 35c6e401db
2 changed files with 20 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
README.md
View File

@ -31,8 +31,9 @@ Usage: goodbyedpi.exe [OPTION...]
--dnsv6-addr [value] redirect UDPv6 DNS requests to the supplied IPv6 address (experimental) --dnsv6-addr [value] redirect UDPv6 DNS requests to the supplied IPv6 address (experimental)
--dnsv6-port [value] redirect UDPv6 DNS requests to the supplied port (53 by default) --dnsv6-port [value] redirect UDPv6 DNS requests to the supplied port (53 by default)
--dns-verb print verbose DNS redirection messages --dns-verb print verbose DNS redirection messages
--blacklist [txtfile] perform HTTP tricks only to host names and subdomains from --blacklist [txtfile] perform circumvention tricks only to host names and subdomains from
supplied text file. This option can be supplied multiple times. supplied text file (HTTP Host/TLS SNI).
This option can be supplied multiple times.
--set-ttl [value] activate Fake Request Mode and send it with supplied TTL value. --set-ttl [value] activate Fake Request Mode and send it with supplied TTL value.
DANGEROUS! May break websites in unexpected ways. Use with care. DANGEROUS! May break websites in unexpected ways. Use with care.
--wrong-chksum activate Fake Request Mode and send it with incorrect TCP checksum. --wrong-chksum activate Fake Request Mode and send it with incorrect TCP checksum.

26
src/goodbyedpi.c
View File

@ -741,8 +741,9 @@ int main(int argc, char *argv[]) {
" --dnsv6-addr [value] redirect UDPv6 DNS requests to the supplied IPv6 address (experimental)\n" " --dnsv6-addr [value] redirect UDPv6 DNS requests to the supplied IPv6 address (experimental)\n"
" --dnsv6-port [value] redirect UDPv6 DNS requests to the supplied port (53 by default)\n" " --dnsv6-port [value] redirect UDPv6 DNS requests to the supplied port (53 by default)\n"
" --dns-verb print verbose DNS redirection messages\n" " --dns-verb print verbose DNS redirection messages\n"
" --blacklist [txtfile] perform HTTP tricks only to host names and subdomains from\n" " --blacklist [txtfile] perform circumvention tricks only to host names and subdomains from\n"
" supplied text file. This option can be supplied multiple times.\n" " supplied text file (HTTP Host/TLS SNI).\n"
" This option can be supplied multiple times.\n"
" --set-ttl [value] activate Fake Request Mode and send it with supplied TTL value.\n" " --set-ttl [value] activate Fake Request Mode and send it with supplied TTL value.\n"
" DANGEROUS! May break websites in unexpected ways. Use with care.\n" " DANGEROUS! May break websites in unexpected ways. Use with care.\n"
" Could be combined with --wrong-chksum.\n" " Could be combined with --wrong-chksum.\n"
@ -907,13 +908,20 @@ int main(int argc, char *argv[]) {
) )
{ {
if (packet_dataLen >=2 && memcmp(packet_data, "\x16\x03", 2) == 0) { if (packet_dataLen >=2 && memcmp(packet_data, "\x16\x03", 2) == 0) {
if (do_fake_packet) { if (do_blacklist
send_fake_https_request(w_filter, &addr, packet, packetLen, packet_v6, ? (extract_sni(packet_data, packet_dataLen,
ttl_of_fake_packet, do_wrong_chksum); &host_addr, &host_len) &&
} blackwhitelist_check_hostname(host_addr, host_len))
if (do_native_frag) { : 1)
// Signal for native fragmentation code handler {
should_recalc_checksum = 1; if (do_fake_packet) {
send_fake_https_request(w_filter, &addr, packet, packetLen, packet_v6,
ttl_of_fake_packet, do_wrong_chksum);
}
if (do_native_frag) {
// Signal for native fragmentation code handler
should_recalc_checksum = 1;
}
} }
} }
} }