From 72d5770d18662083d44019cf16e6e3927986c348 Mon Sep 17 00:00:00 2001
From: xvzc <pkhu2000@gmail.com>
Date: Fri, 7 Jan 2022 23:04:09 +0900
Subject: [PATCH] add method validation

---
 proxy/https.go | 62 +++++++++++++++++++++++++-------------------------
 proxy/proxy.go |  5 ++++
 util/util.go   | 46 ++++++++++++++++++++++++++++++++++++-
 3 files changed, 81 insertions(+), 32 deletions(-)

diff --git a/proxy/https.go b/proxy/https.go
index be27a00..5835f6c 100644
--- a/proxy/https.go
+++ b/proxy/https.go
@@ -8,42 +8,42 @@ import (
 )
 
 func HandleHttps(clientConn net.Conn, ip string) {
-    // Create a connection to the requested server
-    remoteConn, err := net.Dial("tcp", ip+":443")
-    if err != nil {
-        util.Debug(err)
-        return
-    }
-    defer remoteConn.Close()
+	// Create a connection to the requested server
+	remoteConn, err := net.Dial("tcp", ip+":443")
+	if err != nil {
+		util.Debug(err)
+		return
+	}
+	defer remoteConn.Close()
 
-    util.Debug("[HTTPS] Connected to the server.")
+	util.Debug("[HTTPS] Connected to the server.")
 
-    // Send self generated response for connect request
-    fmt.Fprintf(clientConn, "HTTP/1.1 200 Connection Established\r\n\r\n")
-    util.Debug("[HTTPS] Sent 200 Connection Estabalished")
+	// Send self generated response for connect request
+	fmt.Fprintf(clientConn, "HTTP/1.1 200 Connection Established\r\n\r\n")
+	util.Debug("[HTTPS] Sent 200 Connection Estabalished")
 
-    // Read client hello
-    clientHello, err := ReadBytes(clientConn)
-    if err != nil {
-        util.Debug("[HTTPS] Error reading client hello: ", err)
-        util.Debug("Closing connection ", clientConn.RemoteAddr())
-    }
+	// Read client hello
+	clientHello, err := ReadBytes(clientConn)
+	if err != nil {
+		util.Debug("[HTTPS] Error reading client hello: ", err)
+		util.Debug("Closing connection ", clientConn.RemoteAddr())
+	}
 
-    util.Debug(clientConn.RemoteAddr(), "[HTTPS] Client sent hello", len(clientHello))
+	util.Debug(clientConn.RemoteAddr(), "[HTTPS] Client sent hello", len(clientHello))
 
-    // Generate a go routine that reads from the server
-    go Serve(remoteConn, clientConn, "HTTPS")
+	// Generate a go routine that reads from the server
+	go Serve(remoteConn, clientConn, "HTTPS")
 
-    // Send chunked request
-    chunks := util.BytesToChunks(clientHello)
-    for i := 0; i < len(chunks); i++ {
-        _, write_err := remoteConn.Write(chunks[i])
-        if write_err != nil {
-            util.Debug("[HTTPS] Error writing to the client:", write_err)
-            break
-        }
-    }
+	// Send chunked request
+	chunks := util.BytesToChunks(clientHello)
+	for i := 0; i < len(chunks); i++ {
+		_, write_err := remoteConn.Write(chunks[i])
+		if write_err != nil {
+			util.Debug("[HTTPS] Error writing to the client:", write_err)
+			break
+		}
+	}
 
-    // Read from the client
-    Serve(clientConn, remoteConn, "HTTPS")
+	// Read from the client
+	Serve(clientConn, remoteConn, "HTTPS")
 }
diff --git a/proxy/proxy.go b/proxy/proxy.go
index 65a0283..ba4770d 100644
--- a/proxy/proxy.go
+++ b/proxy/proxy.go
@@ -37,6 +37,11 @@ func Start() {
 
 			util.Debug("Client sent data: ", len(message))
 
+			method := util.ExtractMethod(&message)
+			if !util.IsValidMethod(method) {
+				return
+			}
+
 			domain := util.ExtractDomain(&message)
 
 			ip, err := util.DnsLookupOverHttps(config.GetConfig().DNS, domain) // Dns lookup over https
diff --git a/util/util.go b/util/util.go
index cd36e0f..1608a1e 100644
--- a/util/util.go
+++ b/util/util.go
@@ -7,6 +7,50 @@ import (
 	"github.com/xvzc/SpoofDPI/config"
 )
 
+var validMethod = map[string]struct{}{
+	"DELETE":      {},
+	"GET":         {},
+	"HEAD":        {},
+	"POST":        {},
+	"PUT":         {},
+	"CONNECT":     {},
+	"OPTIONS":     {},
+	"TRACE":       {},
+	"COPY":        {},
+	"LOCK":        {},
+	"MKCOL":       {},
+	"MOVE":        {},
+	"PROPFIND":    {},
+	"PROPPATCH":   {},
+	"SEARCH":      {},
+	"UNLOCK":      {},
+	"BIND":        {},
+	"REBIND":      {},
+	"UNBIND":      {},
+	"ACL":         {},
+	"REPORT":      {},
+	"MKACTIVITY":  {},
+	"CHECKOUT":    {},
+	"MERGE":       {},
+	"M-SEARCH":    {},
+	"NOTIFY":      {},
+	"SUBSCRIBE":   {},
+	"UNSUBSCRIBE": {},
+	"PATCH":       {},
+	"PURGE":       {},
+	"MKCALENDAR":  {},
+	"LINK":        {},
+	"UNLINK":      {},
+}
+
+func IsValidMethod(name string) bool {
+	if _, exists := validMethod[name]; exists {
+		return true
+	}
+
+	return false
+}
+
 func ExtractDomain(message *[]byte) string {
 	i := 0
 	for ; i < len(*message); i++ {
@@ -32,7 +76,7 @@ func ExtractDomain(message *[]byte) string {
 
 	domain := strings.Split(string((*message)[i:j]), ":")[0]
 
-	return strings.TrimSpace(domain)
+	return strings.ToUpper(strings.TrimSpace(domain))
 }
 
 func ExtractMethod(message *[]byte) string {