Handle TLS SNI in blacklist option

Now blacklist applies not only to HTTP websites, but also to HTTPS.

Fixes #213
This commit is contained in:
ValdikSS 2021-12-25 10:15:13 +03:00
parent cf7d1c69e0
commit 35c6e401db
2 changed files with 20 additions and 11 deletions

View File

@ -31,8 +31,9 @@ Usage: goodbyedpi.exe [OPTION...]
--dnsv6-addr [value] redirect UDPv6 DNS requests to the supplied IPv6 address (experimental)
--dnsv6-port [value] redirect UDPv6 DNS requests to the supplied port (53 by default)
--dns-verb print verbose DNS redirection messages
--blacklist [txtfile] perform HTTP tricks only to host names and subdomains from
supplied text file. This option can be supplied multiple times.
--blacklist [txtfile] perform circumvention tricks only to host names and subdomains from
supplied text file (HTTP Host/TLS SNI).
This option can be supplied multiple times.
--set-ttl [value] activate Fake Request Mode and send it with supplied TTL value.
DANGEROUS! May break websites in unexpected ways. Use with care.
--wrong-chksum activate Fake Request Mode and send it with incorrect TCP checksum.

View File

@ -741,8 +741,9 @@ int main(int argc, char *argv[]) {
" --dnsv6-addr [value] redirect UDPv6 DNS requests to the supplied IPv6 address (experimental)\n"
" --dnsv6-port [value] redirect UDPv6 DNS requests to the supplied port (53 by default)\n"
" --dns-verb print verbose DNS redirection messages\n"
" --blacklist [txtfile] perform HTTP tricks only to host names and subdomains from\n"
" supplied text file. This option can be supplied multiple times.\n"
" --blacklist [txtfile] perform circumvention tricks only to host names and subdomains from\n"
" supplied text file (HTTP Host/TLS SNI).\n"
" This option can be supplied multiple times.\n"
" --set-ttl [value] activate Fake Request Mode and send it with supplied TTL value.\n"
" DANGEROUS! May break websites in unexpected ways. Use with care.\n"
" Could be combined with --wrong-chksum.\n"
@ -907,6 +908,12 @@ int main(int argc, char *argv[]) {
)
{
if (packet_dataLen >=2 && memcmp(packet_data, "\x16\x03", 2) == 0) {
if (do_blacklist
? (extract_sni(packet_data, packet_dataLen,
&host_addr, &host_len) &&
blackwhitelist_check_hostname(host_addr, host_len))
: 1)
{
if (do_fake_packet) {
send_fake_https_request(w_filter, &addr, packet, packetLen, packet_v6,
ttl_of_fake_packet, do_wrong_chksum);
@ -917,6 +924,7 @@ int main(int argc, char *argv[]) {
}
}
}
}
/* Handle OUTBOUND packet on port 80, search for Host header */
else if (addr.Direction == WINDIVERT_DIRECTION_OUTBOUND &&
packet_dataLen > 16 &&