2024-07-22 04:49:18 +00:00
|
|
|
package proxy
|
|
|
|
|
|
|
|
import (
|
2024-07-22 10:59:11 +00:00
|
|
|
"net"
|
|
|
|
"strconv"
|
|
|
|
|
2024-07-22 04:49:18 +00:00
|
|
|
log "github.com/sirupsen/logrus"
|
|
|
|
"github.com/xvzc/SpoofDPI/packet"
|
|
|
|
)
|
|
|
|
|
2024-08-06 08:48:18 +00:00
|
|
|
func (pxy *Proxy) handleHttps(lConn *net.TCPConn, exploit bool, initPkt *packet.HttpPacket, ip string) {
|
2024-07-22 04:49:18 +00:00
|
|
|
// Create a connection to the requested server
|
2024-07-22 10:59:11 +00:00
|
|
|
var port int = 443
|
|
|
|
var err error
|
2024-07-22 04:49:18 +00:00
|
|
|
if initPkt.Port() != "" {
|
2024-07-22 10:59:11 +00:00
|
|
|
port, err = strconv.Atoi(initPkt.Port())
|
|
|
|
if err != nil {
|
2024-08-18 07:33:02 +00:00
|
|
|
log.Debugf("[HTTPS] error parsing port for %s aborting..", initPkt.Domain())
|
2024-07-22 10:59:11 +00:00
|
|
|
}
|
2024-07-22 04:49:18 +00:00
|
|
|
}
|
|
|
|
|
2024-07-22 10:59:11 +00:00
|
|
|
rConn, err := net.DialTCP("tcp", nil, &net.TCPAddr{IP: net.ParseIP(ip), Port: port})
|
2024-07-22 04:49:18 +00:00
|
|
|
if err != nil {
|
2024-07-22 10:59:11 +00:00
|
|
|
lConn.Close()
|
2024-07-22 04:49:18 +00:00
|
|
|
log.Debug("[HTTPS] ", err)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2024-08-18 07:33:02 +00:00
|
|
|
log.Debugf("[HTTPS] new connection to the server %s -> %s", rConn.LocalAddr(), initPkt.Domain())
|
2024-07-22 04:49:18 +00:00
|
|
|
|
|
|
|
_, err = lConn.Write([]byte(initPkt.Version() + " 200 Connection Established\r\n\r\n"))
|
|
|
|
if err != nil {
|
2024-08-18 07:33:02 +00:00
|
|
|
log.Debugf("[HTTPS] error sending 200 connection established to the client: %s", err)
|
2024-07-22 04:49:18 +00:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2024-08-18 07:33:02 +00:00
|
|
|
log.Debugf("[HTTPS] sent connection estabalished to %s", lConn.RemoteAddr())
|
2024-07-22 04:49:18 +00:00
|
|
|
|
|
|
|
// Read client hello
|
2024-08-14 08:01:14 +00:00
|
|
|
m, err := packet.ReadTLSMessage(lConn)
|
|
|
|
if err != nil || !m.IsClientHello() {
|
2024-08-18 07:33:02 +00:00
|
|
|
log.Debugf("[HTTPS] error reading client hello from %s: %s", lConn.RemoteAddr().String(), err)
|
2024-07-22 04:49:18 +00:00
|
|
|
return
|
|
|
|
}
|
2024-08-13 21:33:58 +00:00
|
|
|
clientHello := m.Raw
|
2024-07-22 04:49:18 +00:00
|
|
|
|
2024-08-18 07:33:02 +00:00
|
|
|
log.Debugf("[HTTPS] client sent hello %d bytes", len(clientHello))
|
2024-07-22 04:49:18 +00:00
|
|
|
|
|
|
|
// Generate a go routine that reads from the server
|
2024-08-15 07:50:03 +00:00
|
|
|
go Serve(rConn, lConn, "[HTTPS]", initPkt.Domain(), lConn.RemoteAddr().String(), pxy.timeout)
|
2024-07-22 04:49:18 +00:00
|
|
|
|
2024-08-06 08:48:18 +00:00
|
|
|
if exploit {
|
2024-08-18 07:33:02 +00:00
|
|
|
log.Debugf("[HTTPS] writing chunked client hello to %s", initPkt.Domain())
|
2024-08-14 08:01:14 +00:00
|
|
|
chunks := splitInChunks(clientHello, pxy.windowSize)
|
|
|
|
if _, err := writeChunks(rConn, chunks); err != nil {
|
2024-08-18 07:33:02 +00:00
|
|
|
log.Debugf("[HTTPS] error writing chunked client hello to %s: %s", initPkt.Domain(), err)
|
2024-07-22 10:59:11 +00:00
|
|
|
return
|
|
|
|
}
|
2024-08-06 08:48:18 +00:00
|
|
|
} else {
|
2024-08-18 07:33:02 +00:00
|
|
|
log.Debugf("[HTTPS] writing plain client hello to %s", initPkt.Domain())
|
2024-08-14 08:01:14 +00:00
|
|
|
if _, err := rConn.Write(clientHello); err != nil {
|
2024-08-18 07:33:02 +00:00
|
|
|
log.Debugf("[HTTPS] error writing plain client hello to %s: %s", initPkt.Domain(), err)
|
2024-08-06 08:48:18 +00:00
|
|
|
return
|
|
|
|
}
|
2024-07-22 10:59:11 +00:00
|
|
|
}
|
|
|
|
|
2024-08-15 07:50:03 +00:00
|
|
|
go Serve(lConn, rConn, "[HTTPS]", lConn.RemoteAddr().String(), initPkt.Domain(), pxy.timeout)
|
2024-07-22 04:49:18 +00:00
|
|
|
}
|
|
|
|
|
2024-08-06 08:48:18 +00:00
|
|
|
func splitInChunks(bytes []byte, size int) [][]byte {
|
2024-07-22 04:49:18 +00:00
|
|
|
var chunks [][]byte
|
|
|
|
var raw []byte = bytes
|
|
|
|
|
2024-08-18 07:33:02 +00:00
|
|
|
log.Debugf("[HTTPS] window-size: %d", size)
|
2024-08-03 07:43:51 +00:00
|
|
|
|
|
|
|
if size > 0 {
|
2024-07-23 00:41:13 +00:00
|
|
|
for {
|
|
|
|
if len(raw) == 0 {
|
|
|
|
break
|
|
|
|
}
|
|
|
|
|
|
|
|
// necessary check to avoid slicing beyond
|
|
|
|
// slice capacity
|
|
|
|
if len(raw) < size {
|
|
|
|
size = len(raw)
|
|
|
|
}
|
|
|
|
|
|
|
|
chunks = append(chunks, raw[0:size])
|
|
|
|
raw = raw[size:]
|
2024-07-22 04:49:18 +00:00
|
|
|
}
|
|
|
|
|
2024-07-23 00:41:13 +00:00
|
|
|
return chunks
|
|
|
|
}
|
2024-07-22 04:49:18 +00:00
|
|
|
|
2024-08-06 08:48:18 +00:00
|
|
|
// When the given window-size <= 0
|
2024-07-27 02:00:53 +00:00
|
|
|
|
2024-07-23 00:41:13 +00:00
|
|
|
if len(raw) < 1 {
|
|
|
|
return [][]byte{raw}
|
2024-07-22 04:49:18 +00:00
|
|
|
}
|
|
|
|
|
2024-08-15 07:50:03 +00:00
|
|
|
log.Debug("[HTTPS] using legacy fragmentation")
|
2024-07-23 00:41:13 +00:00
|
|
|
|
|
|
|
return [][]byte{raw[:1], raw[1:]}
|
2024-07-22 04:49:18 +00:00
|
|
|
}
|
2024-08-14 08:01:14 +00:00
|
|
|
|
|
|
|
func writeChunks(conn *net.TCPConn, c [][]byte) (n int, err error) {
|
|
|
|
total := 0
|
|
|
|
for i := 0; i < len(c); i++ {
|
|
|
|
b, err := conn.Write(c[i])
|
|
|
|
if err != nil {
|
|
|
|
return 0, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
total += b
|
|
|
|
}
|
|
|
|
|
|
|
|
return total, nil
|
|
|
|
}
|