mirror of
https://github.com/xvzc/SpoofDPI.git
synced 2024-12-22 22:36:53 +00:00
Merge pull request #133 from LiquidTheDangerous/client-hello-fix/main
perf: reuse allocated buffer
This commit is contained in:
commit
c76e21cec0
@ -2,6 +2,7 @@ package packet
|
|||||||
|
|
||||||
import (
|
import (
|
||||||
"bufio"
|
"bufio"
|
||||||
|
"io"
|
||||||
"net"
|
"net"
|
||||||
"net/http"
|
"net/http"
|
||||||
"strings"
|
"strings"
|
||||||
@ -56,12 +57,16 @@ func ParseUrl(raw []byte) {
|
|||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
func NewHttpPacket(raw []byte) (*HttpPacket, error) {
|
func NewHttpPacketFromReader(rdr io.Reader) (*HttpPacket, error) {
|
||||||
pkt := &HttpPacket{raw: raw}
|
sb := strings.Builder{}
|
||||||
|
tee := io.TeeReader(rdr, &sb)
|
||||||
pkt.parse()
|
p := &HttpPacket{}
|
||||||
|
err := parse(p, bufio.NewReader(tee))
|
||||||
return pkt, nil
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
p.raw = []byte(sb.String())
|
||||||
|
return p, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func (p *HttpPacket) Raw() []byte {
|
func (p *HttpPacket) Raw() []byte {
|
||||||
@ -123,8 +128,7 @@ func (p *HttpPacket) Tidy() {
|
|||||||
p.raw = []byte(result)
|
p.raw = []byte(result)
|
||||||
}
|
}
|
||||||
|
|
||||||
func (p *HttpPacket) parse() error {
|
func parse(p *HttpPacket, reader *bufio.Reader) error {
|
||||||
reader := bufio.NewReader(strings.NewReader(string(p.raw)))
|
|
||||||
request, err := http.ReadRequest(reader)
|
request, err := http.ReadRequest(reader)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
@ -152,6 +156,5 @@ func (p *HttpPacket) parse() error {
|
|||||||
}
|
}
|
||||||
|
|
||||||
request.Body.Close()
|
request.Body.Close()
|
||||||
|
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
66
proxy/client_hello.go
Normal file
66
proxy/client_hello.go
Normal file
@ -0,0 +1,66 @@
|
|||||||
|
package proxy
|
||||||
|
|
||||||
|
import (
|
||||||
|
"encoding/binary"
|
||||||
|
"io"
|
||||||
|
)
|
||||||
|
|
||||||
|
const headerLen = 5
|
||||||
|
|
||||||
|
type TLSMessageType byte
|
||||||
|
|
||||||
|
const (
|
||||||
|
TLSInvalid TLSMessageType = 0x0
|
||||||
|
TLSChangeCipherSpec TLSMessageType = 0x14
|
||||||
|
TLSAlert TLSMessageType = 0x15
|
||||||
|
TLSHandshake TLSMessageType = 0x16
|
||||||
|
TLSApplicationData TLSMessageType = 0x17
|
||||||
|
TLSHeartbeat TLSMessageType = 0x18
|
||||||
|
)
|
||||||
|
|
||||||
|
type TlsMessage struct {
|
||||||
|
Header TlsHeader
|
||||||
|
Raw []byte //Header + Payload
|
||||||
|
RawHeader []byte
|
||||||
|
RawPayload []byte
|
||||||
|
}
|
||||||
|
|
||||||
|
type TlsHeader struct {
|
||||||
|
Type TLSMessageType
|
||||||
|
ProtoVersion uint16 // major | minor
|
||||||
|
PayloadLen uint16
|
||||||
|
}
|
||||||
|
|
||||||
|
func ReadTlsMessage(r io.Reader) (*TlsMessage, error) {
|
||||||
|
var rawHeader [5]byte
|
||||||
|
_, err := io.ReadFull(r, rawHeader[:])
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
|
||||||
|
header := TlsHeader{
|
||||||
|
Type: TLSMessageType(rawHeader[0]),
|
||||||
|
ProtoVersion: binary.BigEndian.Uint16(rawHeader[1:3]),
|
||||||
|
PayloadLen: binary.BigEndian.Uint16(rawHeader[3:5]),
|
||||||
|
}
|
||||||
|
raw := make([]byte, header.PayloadLen+headerLen)
|
||||||
|
copy(raw[0:headerLen], rawHeader[:])
|
||||||
|
_, err = io.ReadFull(r, raw[headerLen:])
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
hello := &TlsMessage{
|
||||||
|
Header: header,
|
||||||
|
Raw: raw,
|
||||||
|
RawHeader: raw[:headerLen],
|
||||||
|
RawPayload: raw[headerLen:],
|
||||||
|
}
|
||||||
|
return hello, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func IsClientHello(message *TlsMessage) bool {
|
||||||
|
// According to RFC 8446 section 4.
|
||||||
|
// first byte (Raw[5]) of handshake message should be 0x1 - means client_hello
|
||||||
|
return message.Header.Type == TLSHandshake &&
|
||||||
|
message.Raw[5] == 0x1
|
||||||
|
}
|
@ -39,7 +39,7 @@ func (pxy *Proxy) handleHttp(lConn *net.TCPConn, pkt *packet.HttpPacket, ip stri
|
|||||||
|
|
||||||
log.Debug("[HTTP] New connection to the server ", pkt.Domain(), " ", rConn.LocalAddr())
|
log.Debug("[HTTP] New connection to the server ", pkt.Domain(), " ", rConn.LocalAddr())
|
||||||
|
|
||||||
go Serve(rConn, lConn, "[HTTP]", lConn.RemoteAddr().String(), pkt.Domain(), pxy.timeout)
|
go Serve(rConn, lConn, "[HTTP]", lConn.RemoteAddr().String(), pkt.Domain(), pxy.timeout, pxy.bufferSize)
|
||||||
|
|
||||||
_, err = rConn.Write(pkt.Raw())
|
_, err = rConn.Write(pkt.Raw())
|
||||||
if err != nil {
|
if err != nil {
|
||||||
@ -49,5 +49,5 @@ func (pxy *Proxy) handleHttp(lConn *net.TCPConn, pkt *packet.HttpPacket, ip stri
|
|||||||
|
|
||||||
log.Debug("[HTTP] Sent a request to ", pkt.Domain())
|
log.Debug("[HTTP] Sent a request to ", pkt.Domain())
|
||||||
|
|
||||||
Serve(lConn, rConn, "[HTTP]", lConn.RemoteAddr().String(), pkt.Domain(), pxy.timeout)
|
Serve(lConn, rConn, "[HTTP]", lConn.RemoteAddr().String(), pkt.Domain(), pxy.timeout, pxy.bufferSize)
|
||||||
}
|
}
|
||||||
|
@ -45,11 +45,12 @@ func (pxy *Proxy) handleHttps(lConn *net.TCPConn, exploit bool, initPkt *packet.
|
|||||||
log.Debug("[HTTPS] Sent 200 Connection Estabalished to ", lConn.RemoteAddr())
|
log.Debug("[HTTPS] Sent 200 Connection Estabalished to ", lConn.RemoteAddr())
|
||||||
|
|
||||||
// Read client hello
|
// Read client hello
|
||||||
clientHello, err := ReadBytes(lConn)
|
m, err := ReadTlsMessage(lConn)
|
||||||
if err != nil {
|
if err != nil || !IsClientHello(m) {
|
||||||
log.Debug("[HTTPS] Error reading client hello from the client", err)
|
log.Debug("[HTTPS] Error reading client hello from the client", err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
clientHello := m.Raw
|
||||||
|
|
||||||
log.Debug("[HTTPS] Client sent hello ", len(clientHello), "bytes")
|
log.Debug("[HTTPS] Client sent hello ", len(clientHello), "bytes")
|
||||||
|
|
||||||
@ -60,7 +61,7 @@ func (pxy *Proxy) handleHttps(lConn *net.TCPConn, exploit bool, initPkt *packet.
|
|||||||
// lConn.SetLinger(3)
|
// lConn.SetLinger(3)
|
||||||
// rConn.SetLinger(3)
|
// rConn.SetLinger(3)
|
||||||
|
|
||||||
go Serve(rConn, lConn, "[HTTPS]", rConn.RemoteAddr().String(), initPkt.Domain(), pxy.timeout)
|
go Serve(rConn, lConn, "[HTTPS]", rConn.RemoteAddr().String(), initPkt.Domain(), pxy.timeout, pxy.bufferSize)
|
||||||
|
|
||||||
if exploit {
|
if exploit {
|
||||||
log.Debug("[HTTPS] Writing chunked client hello to ", initPkt.Domain())
|
log.Debug("[HTTPS] Writing chunked client hello to ", initPkt.Domain())
|
||||||
@ -77,7 +78,7 @@ func (pxy *Proxy) handleHttps(lConn *net.TCPConn, exploit bool, initPkt *packet.
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
Serve(lConn, rConn, "[HTTPS]", lConn.RemoteAddr().String(), initPkt.Domain(), pxy.timeout)
|
Serve(lConn, rConn, "[HTTPS]", lConn.RemoteAddr().String(), initPkt.Domain(), pxy.timeout, pxy.bufferSize)
|
||||||
}
|
}
|
||||||
|
|
||||||
func splitInChunks(bytes []byte, size int) [][]byte {
|
func splitInChunks(bytes []byte, size int) [][]byte {
|
||||||
|
38
proxy/io.go
38
proxy/io.go
@ -9,8 +9,6 @@ import (
|
|||||||
log "github.com/sirupsen/logrus"
|
log "github.com/sirupsen/logrus"
|
||||||
)
|
)
|
||||||
|
|
||||||
const BUF_SIZE = 1024
|
|
||||||
|
|
||||||
func WriteChunks(conn *net.TCPConn, c [][]byte) (n int, err error) {
|
func WriteChunks(conn *net.TCPConn, c [][]byte) (n int, err error) {
|
||||||
total := 0
|
total := 0
|
||||||
for i := 0; i < len(c); i++ {
|
for i := 0; i < len(c); i++ {
|
||||||
@ -25,37 +23,27 @@ func WriteChunks(conn *net.TCPConn, c [][]byte) (n int, err error) {
|
|||||||
return total, nil
|
return total, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func ReadBytes(conn *net.TCPConn) ([]byte, error) {
|
func ReadBytes(conn *net.TCPConn, dest []byte) ([]byte, error) {
|
||||||
ret := make([]byte, 0)
|
n, err := readBytesInternal(conn, dest)
|
||||||
buf := make([]byte, BUF_SIZE)
|
return dest[:n], err
|
||||||
|
}
|
||||||
|
|
||||||
for {
|
func readBytesInternal(conn *net.TCPConn, dest []byte) (int, error) {
|
||||||
n, err := conn.Read(buf)
|
totalRead, err := conn.Read(dest)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
switch err.(type) {
|
switch err.(type) {
|
||||||
case *net.OpError:
|
case *net.OpError:
|
||||||
return nil, errors.New("timed out")
|
return totalRead, errors.New("timed out")
|
||||||
default:
|
default:
|
||||||
return nil, err
|
return totalRead, err
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
ret = append(ret, buf[:n]...)
|
return totalRead, nil
|
||||||
|
|
||||||
if n < BUF_SIZE {
|
|
||||||
break
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if len(ret) == 0 {
|
func Serve(from *net.TCPConn, to *net.TCPConn, proto string, fd string, td string, timeout int, bufferSize int) {
|
||||||
return nil, io.EOF
|
|
||||||
}
|
|
||||||
|
|
||||||
return ret, nil
|
|
||||||
}
|
|
||||||
|
|
||||||
func Serve(from *net.TCPConn, to *net.TCPConn, proto string, fd string, td string, timeout int) {
|
|
||||||
proto += " "
|
proto += " "
|
||||||
|
buf := make([]byte, bufferSize)
|
||||||
for {
|
for {
|
||||||
if timeout > 0 {
|
if timeout > 0 {
|
||||||
from.SetReadDeadline(
|
from.SetReadDeadline(
|
||||||
@ -63,7 +51,7 @@ func Serve(from *net.TCPConn, to *net.TCPConn, proto string, fd string, td strin
|
|||||||
)
|
)
|
||||||
}
|
}
|
||||||
|
|
||||||
buf, err := ReadBytes(from)
|
bytesRead, err := ReadBytes(from, buf)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
if err == io.EOF {
|
if err == io.EOF {
|
||||||
log.Debug(proto, "Finished ", fd)
|
log.Debug(proto, "Finished ", fd)
|
||||||
@ -73,7 +61,7 @@ func Serve(from *net.TCPConn, to *net.TCPConn, proto string, fd string, td strin
|
|||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
if _, err := to.Write(buf); err != nil {
|
if _, err := to.Write(bytesRead); err != nil {
|
||||||
log.Debug(proto, "Error Writing to ", td)
|
log.Debug(proto, "Error Writing to ", td)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
@ -13,6 +13,8 @@ import (
|
|||||||
"github.com/xvzc/SpoofDPI/util"
|
"github.com/xvzc/SpoofDPI/util"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
const BUFFER_SIZE = 1024
|
||||||
|
|
||||||
type Proxy struct {
|
type Proxy struct {
|
||||||
addr string
|
addr string
|
||||||
port int
|
port int
|
||||||
@ -20,6 +22,7 @@ type Proxy struct {
|
|||||||
resolver *dns.DnsResolver
|
resolver *dns.DnsResolver
|
||||||
windowSize int
|
windowSize int
|
||||||
allowedPattern []*regexp.Regexp
|
allowedPattern []*regexp.Regexp
|
||||||
|
bufferSize int
|
||||||
}
|
}
|
||||||
|
|
||||||
func New(config *util.Config) *Proxy {
|
func New(config *util.Config) *Proxy {
|
||||||
@ -30,6 +33,7 @@ func New(config *util.Config) *Proxy {
|
|||||||
windowSize: *config.WindowSize,
|
windowSize: *config.WindowSize,
|
||||||
allowedPattern: config.AllowedPattern,
|
allowedPattern: config.AllowedPattern,
|
||||||
resolver: dns.NewResolver(config),
|
resolver: dns.NewResolver(config),
|
||||||
|
bufferSize: BUFFER_SIZE,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -57,16 +61,15 @@ func (pxy *Proxy) Start() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
go func() {
|
go func() {
|
||||||
b, err := ReadBytes(conn.(*net.TCPConn))
|
pkt, err := packet.NewHttpPacketFromReader(conn)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
log.Debug("[PROXY] Request from ", conn.RemoteAddr(), "\n\n", string(b))
|
log.Debug("[PROXY] Request from ", conn.RemoteAddr(), "\n\n", string(pkt.Raw()))
|
||||||
|
|
||||||
pkt, err := packet.NewHttpPacket(b)
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Debug("[PROXY] Error while parsing request: ", string(b))
|
log.Debug("[PROXY] Error while parsing request: ", string(pkt.Raw()))
|
||||||
conn.Close()
|
conn.Close()
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
@ -58,7 +58,6 @@ when not given, the client hello packet will be sent in two parts:
|
|||||||
fragmentation for the first data packet and the rest
|
fragmentation for the first data packet and the rest
|
||||||
`)
|
`)
|
||||||
config.Version = flag.Bool("v", false, "print spoof-dpi's version; this may contain some other relevant information")
|
config.Version = flag.Bool("v", false, "print spoof-dpi's version; this may contain some other relevant information")
|
||||||
|
|
||||||
var allowedPattern StringArray
|
var allowedPattern StringArray
|
||||||
flag.Var(
|
flag.Var(
|
||||||
&allowedPattern,
|
&allowedPattern,
|
||||||
|
Loading…
Reference in New Issue
Block a user