mirror of
https://github.com/xvzc/SpoofDPI.git
synced 2024-12-22 22:36:53 +00:00
refactor #133
This commit is contained in:
parent
c76e21cec0
commit
7f1ad9e7ec
@ -53,11 +53,7 @@ type HttpPacket struct {
|
|||||||
version string
|
version string
|
||||||
}
|
}
|
||||||
|
|
||||||
func ParseUrl(raw []byte) {
|
func ReadHttpPacket(rdr io.Reader) (*HttpPacket, error) {
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
func NewHttpPacketFromReader(rdr io.Reader) (*HttpPacket, error) {
|
|
||||||
sb := strings.Builder{}
|
sb := strings.Builder{}
|
||||||
tee := io.TeeReader(rdr, &sb)
|
tee := io.TeeReader(rdr, &sb)
|
||||||
p := &HttpPacket{}
|
p := &HttpPacket{}
|
||||||
|
@ -1,15 +1,66 @@
|
|||||||
package packet
|
package packet
|
||||||
|
|
||||||
type HttpsPacket struct {
|
import (
|
||||||
raw []byte
|
"encoding/binary"
|
||||||
|
"io"
|
||||||
|
)
|
||||||
|
|
||||||
|
type TLSMessageType byte
|
||||||
|
|
||||||
|
const (
|
||||||
|
TLSHeaderLen = 5
|
||||||
|
TLSInvalid TLSMessageType = 0x0
|
||||||
|
TLSChangeCipherSpec TLSMessageType = 0x14
|
||||||
|
TLSAlert TLSMessageType = 0x15
|
||||||
|
TLSHandshake TLSMessageType = 0x16
|
||||||
|
TLSApplicationData TLSMessageType = 0x17
|
||||||
|
TLSHeartbeat TLSMessageType = 0x18
|
||||||
|
)
|
||||||
|
|
||||||
|
type TLSMessage struct {
|
||||||
|
Header TLSHeader
|
||||||
|
Raw []byte //Header + Payload
|
||||||
|
RawHeader []byte
|
||||||
|
RawPayload []byte
|
||||||
}
|
}
|
||||||
|
|
||||||
func NewHttpsPacket(raw []byte) HttpsPacket {
|
type TLSHeader struct {
|
||||||
return HttpsPacket{
|
Type TLSMessageType
|
||||||
raw: raw,
|
ProtoVersion uint16 // major | minor
|
||||||
|
PayloadLen uint16
|
||||||
|
}
|
||||||
|
|
||||||
|
func ReadTLSMessage(r io.Reader) (*TLSMessage, error) {
|
||||||
|
var rawHeader [TLSHeaderLen]byte
|
||||||
|
_, err := io.ReadFull(r, rawHeader[:])
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
header := TLSHeader{
|
||||||
|
Type: TLSMessageType(rawHeader[0]),
|
||||||
|
ProtoVersion: binary.BigEndian.Uint16(rawHeader[1:3]),
|
||||||
|
PayloadLen: binary.BigEndian.Uint16(rawHeader[3:5]),
|
||||||
|
}
|
||||||
|
|
||||||
|
raw := make([]byte, header.PayloadLen+TLSHeaderLen)
|
||||||
|
copy(raw[0:TLSHeaderLen], rawHeader[:])
|
||||||
|
_, err = io.ReadFull(r, raw[TLSHeaderLen:])
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
|
||||||
|
hello := &TLSMessage{
|
||||||
|
Header: header,
|
||||||
|
Raw: raw,
|
||||||
|
RawHeader: raw[:TLSHeaderLen],
|
||||||
|
RawPayload: raw[TLSHeaderLen:],
|
||||||
|
}
|
||||||
|
return hello, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func (p *HttpsPacket) Raw() []byte {
|
func (m *TLSMessage) IsClientHello() bool {
|
||||||
return p.raw
|
// According to RFC 8446 section 4.
|
||||||
|
// first byte (Raw[5]) of handshake message should be 0x1 - means client_hello
|
||||||
|
return m.Header.Type == TLSHandshake && m.Raw[5] == 0x01
|
||||||
}
|
}
|
||||||
|
@ -1,66 +0,0 @@
|
|||||||
package proxy
|
|
||||||
|
|
||||||
import (
|
|
||||||
"encoding/binary"
|
|
||||||
"io"
|
|
||||||
)
|
|
||||||
|
|
||||||
const headerLen = 5
|
|
||||||
|
|
||||||
type TLSMessageType byte
|
|
||||||
|
|
||||||
const (
|
|
||||||
TLSInvalid TLSMessageType = 0x0
|
|
||||||
TLSChangeCipherSpec TLSMessageType = 0x14
|
|
||||||
TLSAlert TLSMessageType = 0x15
|
|
||||||
TLSHandshake TLSMessageType = 0x16
|
|
||||||
TLSApplicationData TLSMessageType = 0x17
|
|
||||||
TLSHeartbeat TLSMessageType = 0x18
|
|
||||||
)
|
|
||||||
|
|
||||||
type TlsMessage struct {
|
|
||||||
Header TlsHeader
|
|
||||||
Raw []byte //Header + Payload
|
|
||||||
RawHeader []byte
|
|
||||||
RawPayload []byte
|
|
||||||
}
|
|
||||||
|
|
||||||
type TlsHeader struct {
|
|
||||||
Type TLSMessageType
|
|
||||||
ProtoVersion uint16 // major | minor
|
|
||||||
PayloadLen uint16
|
|
||||||
}
|
|
||||||
|
|
||||||
func ReadTlsMessage(r io.Reader) (*TlsMessage, error) {
|
|
||||||
var rawHeader [5]byte
|
|
||||||
_, err := io.ReadFull(r, rawHeader[:])
|
|
||||||
if err != nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
|
|
||||||
header := TlsHeader{
|
|
||||||
Type: TLSMessageType(rawHeader[0]),
|
|
||||||
ProtoVersion: binary.BigEndian.Uint16(rawHeader[1:3]),
|
|
||||||
PayloadLen: binary.BigEndian.Uint16(rawHeader[3:5]),
|
|
||||||
}
|
|
||||||
raw := make([]byte, header.PayloadLen+headerLen)
|
|
||||||
copy(raw[0:headerLen], rawHeader[:])
|
|
||||||
_, err = io.ReadFull(r, raw[headerLen:])
|
|
||||||
if err != nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
hello := &TlsMessage{
|
|
||||||
Header: header,
|
|
||||||
Raw: raw,
|
|
||||||
RawHeader: raw[:headerLen],
|
|
||||||
RawPayload: raw[headerLen:],
|
|
||||||
}
|
|
||||||
return hello, nil
|
|
||||||
}
|
|
||||||
|
|
||||||
func IsClientHello(message *TlsMessage) bool {
|
|
||||||
// According to RFC 8446 section 4.
|
|
||||||
// first byte (Raw[5]) of handshake message should be 0x1 - means client_hello
|
|
||||||
return message.Header.Type == TLSHandshake &&
|
|
||||||
message.Raw[5] == 0x1
|
|
||||||
}
|
|
@ -45,8 +45,8 @@ func (pxy *Proxy) handleHttps(lConn *net.TCPConn, exploit bool, initPkt *packet.
|
|||||||
log.Debug("[HTTPS] Sent 200 Connection Estabalished to ", lConn.RemoteAddr())
|
log.Debug("[HTTPS] Sent 200 Connection Estabalished to ", lConn.RemoteAddr())
|
||||||
|
|
||||||
// Read client hello
|
// Read client hello
|
||||||
m, err := ReadTlsMessage(lConn)
|
m, err := packet.ReadTLSMessage(lConn)
|
||||||
if err != nil || !IsClientHello(m) {
|
if err != nil || !m.IsClientHello() {
|
||||||
log.Debug("[HTTPS] Error reading client hello from the client", err)
|
log.Debug("[HTTPS] Error reading client hello from the client", err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
@ -55,24 +55,18 @@ func (pxy *Proxy) handleHttps(lConn *net.TCPConn, exploit bool, initPkt *packet.
|
|||||||
log.Debug("[HTTPS] Client sent hello ", len(clientHello), "bytes")
|
log.Debug("[HTTPS] Client sent hello ", len(clientHello), "bytes")
|
||||||
|
|
||||||
// Generate a go routine that reads from the server
|
// Generate a go routine that reads from the server
|
||||||
|
|
||||||
chPkt := packet.NewHttpsPacket(clientHello)
|
|
||||||
|
|
||||||
// lConn.SetLinger(3)
|
|
||||||
// rConn.SetLinger(3)
|
|
||||||
|
|
||||||
go Serve(rConn, lConn, "[HTTPS]", rConn.RemoteAddr().String(), initPkt.Domain(), pxy.timeout, pxy.bufferSize)
|
go Serve(rConn, lConn, "[HTTPS]", rConn.RemoteAddr().String(), initPkt.Domain(), pxy.timeout, pxy.bufferSize)
|
||||||
|
|
||||||
if exploit {
|
if exploit {
|
||||||
log.Debug("[HTTPS] Writing chunked client hello to ", initPkt.Domain())
|
log.Debug("[HTTPS] Writing chunked client hello to ", initPkt.Domain())
|
||||||
chunks := splitInChunks(chPkt.Raw(), pxy.windowSize)
|
chunks := splitInChunks(clientHello, pxy.windowSize)
|
||||||
if _, err := WriteChunks(rConn, chunks); err != nil {
|
if _, err := writeChunks(rConn, chunks); err != nil {
|
||||||
log.Debug("[HTTPS] Error writing chunked client hello to ", initPkt.Domain(), err)
|
log.Debug("[HTTPS] Error writing chunked client hello to ", initPkt.Domain(), err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
log.Debug("[HTTPS] Writing plain client hello to ", initPkt.Domain())
|
log.Debug("[HTTPS] Writing plain client hello to ", initPkt.Domain())
|
||||||
if _, err := rConn.Write(chPkt.Raw()); err != nil {
|
if _, err := rConn.Write(clientHello); err != nil {
|
||||||
log.Debug("[HTTPS] Error writing plain client hello to ", initPkt.Domain(), err)
|
log.Debug("[HTTPS] Error writing plain client hello to ", initPkt.Domain(), err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
@ -116,3 +110,18 @@ func splitInChunks(bytes []byte, size int) [][]byte {
|
|||||||
|
|
||||||
return [][]byte{raw[:1], raw[1:]}
|
return [][]byte{raw[:1], raw[1:]}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func writeChunks(conn *net.TCPConn, c [][]byte) (n int, err error) {
|
||||||
|
total := 0
|
||||||
|
for i := 0; i < len(c); i++ {
|
||||||
|
b, err := conn.Write(c[i])
|
||||||
|
if err != nil {
|
||||||
|
return 0, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
total += b
|
||||||
|
}
|
||||||
|
|
||||||
|
return total, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
@ -13,7 +13,7 @@ import (
|
|||||||
"github.com/xvzc/SpoofDPI/util"
|
"github.com/xvzc/SpoofDPI/util"
|
||||||
)
|
)
|
||||||
|
|
||||||
const BUFFER_SIZE = 1024
|
const BufferSize = 1024
|
||||||
|
|
||||||
type Proxy struct {
|
type Proxy struct {
|
||||||
addr string
|
addr string
|
||||||
@ -33,7 +33,7 @@ func New(config *util.Config) *Proxy {
|
|||||||
windowSize: *config.WindowSize,
|
windowSize: *config.WindowSize,
|
||||||
allowedPattern: config.AllowedPattern,
|
allowedPattern: config.AllowedPattern,
|
||||||
resolver: dns.NewResolver(config),
|
resolver: dns.NewResolver(config),
|
||||||
bufferSize: BUFFER_SIZE,
|
bufferSize: BufferSize,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -61,19 +61,15 @@ func (pxy *Proxy) Start() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
go func() {
|
go func() {
|
||||||
pkt, err := packet.NewHttpPacketFromReader(conn)
|
pkt, err := packet.ReadHttpPacket(conn)
|
||||||
if err != nil {
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
log.Debug("[PROXY] Request from ", conn.RemoteAddr(), "\n\n", string(pkt.Raw()))
|
|
||||||
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Debug("[PROXY] Error while parsing request: ", string(pkt.Raw()))
|
log.Debug("[PROXY] Error while parsing request: ", string(pkt.Raw()))
|
||||||
conn.Close()
|
conn.Close()
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
log.Debug("[PROXY] Request from ", conn.RemoteAddr(), "\n\n", string(pkt.Raw()))
|
||||||
|
|
||||||
if !pkt.IsValidMethod() {
|
if !pkt.IsValidMethod() {
|
||||||
log.Debug("[PROXY] Unsupported method: ", pkt.Method())
|
log.Debug("[PROXY] Unsupported method: ", pkt.Method())
|
||||||
conn.Close()
|
conn.Close()
|
||||||
|
@ -9,19 +9,7 @@ import (
|
|||||||
log "github.com/sirupsen/logrus"
|
log "github.com/sirupsen/logrus"
|
||||||
)
|
)
|
||||||
|
|
||||||
func WriteChunks(conn *net.TCPConn, c [][]byte) (n int, err error) {
|
const TLSHeaderLen = 5
|
||||||
total := 0
|
|
||||||
for i := 0; i < len(c); i++ {
|
|
||||||
b, err := conn.Write(c[i])
|
|
||||||
if err != nil {
|
|
||||||
return 0, nil
|
|
||||||
}
|
|
||||||
|
|
||||||
total += b
|
|
||||||
}
|
|
||||||
|
|
||||||
return total, nil
|
|
||||||
}
|
|
||||||
|
|
||||||
func ReadBytes(conn *net.TCPConn, dest []byte) ([]byte, error) {
|
func ReadBytes(conn *net.TCPConn, dest []byte) ([]byte, error) {
|
||||||
n, err := readBytesInternal(conn, dest)
|
n, err := readBytesInternal(conn, dest)
|
Loading…
Reference in New Issue
Block a user