New option: --whitelist. Allows disabling traffic modifications on certain hosts.

This option uses the same substructure as blacklist functionality and  essentially
acts as an 'inverse blacklist' while deciding whether to alter the request or not.
This commit is contained in:
Dullson 2018-08-05 03:59:29 +03:00
parent 39507e66e0
commit 693fa6dbb7

View File

@ -124,6 +124,7 @@ static struct option long_options[] = {
{"dnsv6-port", required_argument, 0, '@' }, {"dnsv6-port", required_argument, 0, '@' },
{"dns-verb", no_argument, 0, 'v' }, {"dns-verb", no_argument, 0, 'v' },
{"blacklist", required_argument, 0, 'b' }, {"blacklist", required_argument, 0, 'b' },
{"whitelist", required_argument, 0, 'h' },
{"ip-id", required_argument, 0, 'i' }, {"ip-id", required_argument, 0, 'i' },
{0, 0, 0, 0 } {0, 0, 0, 0 }
}; };
@ -353,7 +354,8 @@ int main(int argc, char *argv[]) {
do_http_allports = 0, do_http_allports = 0,
do_host_mixedcase = 0, do_host_mixedcase = 0,
do_dnsv4_redirect = 0, do_dnsv6_redirect = 0, do_dnsv4_redirect = 0, do_dnsv6_redirect = 0,
do_dns_verb = 0, do_blacklist = 0; do_dns_verb = 0,
do_blacklist = 0, do_whitelist = 0;
unsigned int http_fragment_size = 0; unsigned int http_fragment_size = 0;
unsigned int https_fragment_size = 0; unsigned int https_fragment_size = 0;
uint32_t dnsv4_addr = 0; uint32_t dnsv4_addr = 0;
@ -567,6 +569,13 @@ int main(int argc, char *argv[]) {
exit(EXIT_FAILURE); exit(EXIT_FAILURE);
} }
break; break;
case 'h':
do_whitelist = 1;
if (!blackwhitelist_load_list(optarg)) {
printf("Can't load whitelist from file!\n");
exit(EXIT_FAILURE);
}
break;
default: default:
puts("Usage: goodbyedpi.exe [OPTION...]\n" puts("Usage: goodbyedpi.exe [OPTION...]\n"
" -p block passive DPI\n" " -p block passive DPI\n"
@ -588,6 +597,8 @@ int main(int argc, char *argv[]) {
" --dns-verb print verbose DNS redirection messages\n" " --dns-verb print verbose DNS redirection messages\n"
" --blacklist [txtfile] perform HTTP tricks only to host names and subdomains from\n" " --blacklist [txtfile] perform HTTP tricks only to host names and subdomains from\n"
" supplied text file. This option can be supplied multiple times.\n" " supplied text file. This option can be supplied multiple times.\n"
" --whitelist [txtfile] Do not perform HTTP tricks to host names and subdomains from\n"
" supplied text file. This option can be supplied multiple times.\n"
"\n" "\n"
" -1 -p -r -s -f 2 -k 2 -n -e 2 (most compatible mode, default)\n" " -1 -p -r -s -f 2 -k 2 -n -e 2 (most compatible mode, default)\n"
" -2 -p -r -s -f 2 -k 2 -n -e 40 (better speed for HTTPS yet still compatible)\n" " -2 -p -r -s -f 2 -k 2 -n -e 40 (better speed for HTTPS yet still compatible)\n"
@ -597,6 +608,11 @@ int main(int argc, char *argv[]) {
} }
} }
if (do_blacklist && do_whitelist) {
printf("Can't use blacklist and whitelist at the same time!\n");
exit(EXIT_FAILURE);
}
if (!http_fragment_size) if (!http_fragment_size)
http_fragment_size = 2; http_fragment_size = 2;
if (!https_fragment_size) if (!https_fragment_size)
@ -741,6 +757,7 @@ int main(int argc, char *argv[]) {
if (find_header_and_get_info(packet_data, packet_dataLen, if (find_header_and_get_info(packet_data, packet_dataLen,
http_host_find, &hdr_name_addr, &hdr_value_addr, &hdr_value_len) && http_host_find, &hdr_name_addr, &hdr_value_addr, &hdr_value_len) &&
hdr_value_len > 0 && hdr_value_len <= HOST_MAXLEN && hdr_value_len > 0 && hdr_value_len <= HOST_MAXLEN &&
(do_whitelist ? !blackwhitelist_check_hostname(hdr_value_addr, hdr_value_len) : 1) &&
(do_blacklist ? blackwhitelist_check_hostname(hdr_value_addr, hdr_value_len) : 1)) (do_blacklist ? blackwhitelist_check_hostname(hdr_value_addr, hdr_value_len) : 1))
{ {
host_addr = hdr_value_addr; host_addr = hdr_value_addr;