mirror of
https://github.com/ValdikSS/GoodbyeDPI.git
synced 2024-12-22 06:15:27 +00:00
Handle TLS SNI in blacklist option
Now blacklist applies not only to HTTP websites, but also to HTTPS. Fixes #213
This commit is contained in:
parent
cf7d1c69e0
commit
35c6e401db
@ -31,8 +31,9 @@ Usage: goodbyedpi.exe [OPTION...]
|
||||
--dnsv6-addr [value] redirect UDPv6 DNS requests to the supplied IPv6 address (experimental)
|
||||
--dnsv6-port [value] redirect UDPv6 DNS requests to the supplied port (53 by default)
|
||||
--dns-verb print verbose DNS redirection messages
|
||||
--blacklist [txtfile] perform HTTP tricks only to host names and subdomains from
|
||||
supplied text file. This option can be supplied multiple times.
|
||||
--blacklist [txtfile] perform circumvention tricks only to host names and subdomains from
|
||||
supplied text file (HTTP Host/TLS SNI).
|
||||
This option can be supplied multiple times.
|
||||
--set-ttl [value] activate Fake Request Mode and send it with supplied TTL value.
|
||||
DANGEROUS! May break websites in unexpected ways. Use with care.
|
||||
--wrong-chksum activate Fake Request Mode and send it with incorrect TCP checksum.
|
||||
|
@ -741,8 +741,9 @@ int main(int argc, char *argv[]) {
|
||||
" --dnsv6-addr [value] redirect UDPv6 DNS requests to the supplied IPv6 address (experimental)\n"
|
||||
" --dnsv6-port [value] redirect UDPv6 DNS requests to the supplied port (53 by default)\n"
|
||||
" --dns-verb print verbose DNS redirection messages\n"
|
||||
" --blacklist [txtfile] perform HTTP tricks only to host names and subdomains from\n"
|
||||
" supplied text file. This option can be supplied multiple times.\n"
|
||||
" --blacklist [txtfile] perform circumvention tricks only to host names and subdomains from\n"
|
||||
" supplied text file (HTTP Host/TLS SNI).\n"
|
||||
" This option can be supplied multiple times.\n"
|
||||
" --set-ttl [value] activate Fake Request Mode and send it with supplied TTL value.\n"
|
||||
" DANGEROUS! May break websites in unexpected ways. Use with care.\n"
|
||||
" Could be combined with --wrong-chksum.\n"
|
||||
@ -907,6 +908,12 @@ int main(int argc, char *argv[]) {
|
||||
)
|
||||
{
|
||||
if (packet_dataLen >=2 && memcmp(packet_data, "\x16\x03", 2) == 0) {
|
||||
if (do_blacklist
|
||||
? (extract_sni(packet_data, packet_dataLen,
|
||||
&host_addr, &host_len) &&
|
||||
blackwhitelist_check_hostname(host_addr, host_len))
|
||||
: 1)
|
||||
{
|
||||
if (do_fake_packet) {
|
||||
send_fake_https_request(w_filter, &addr, packet, packetLen, packet_v6,
|
||||
ttl_of_fake_packet, do_wrong_chksum);
|
||||
@ -917,6 +924,7 @@ int main(int argc, char *argv[]) {
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
/* Handle OUTBOUND packet on port 80, search for Host header */
|
||||
else if (addr.Direction == WINDIVERT_DIRECTION_OUTBOUND &&
|
||||
packet_dataLen > 16 &&
|
||||
|
Loading…
Reference in New Issue
Block a user