byedpi/desync.c

290 lines
6.8 KiB
C
Raw Normal View History

2023-06-12 04:00:33 +00:00
#include <stdio.h>
2023-06-12 08:01:40 +00:00
#include <string.h>
2023-06-03 19:52:10 +00:00
2024-02-18 20:20:52 +00:00
#ifndef _WIN32
#include <unistd.h>
#include <time.h>
#include <sys/time.h>
#include <sys/socket.h>
#include <arpa/inet.h>
#include <netinet/tcp.h>
#include <sys/mman.h>
#ifdef __linux__
#include <sys/sendfile.h>
#define _sendfile(outfd, infd, start, len) sendfile(outfd, infd, start, len)
#else
#include <sys/uio.h>
#define _sendfile(outfd, infd, start, len) sendfile(infd, outfd, start, len, 0, 0)
#endif
2023-06-03 19:52:10 +00:00
2024-02-18 20:20:52 +00:00
#ifdef MFD_CLOEXEC
#include <sys/syscall.h>
#define memfd_create(name, flags) syscall(__NR_memfd_create, name, flags);
#else
#define memfd_create(name, flags) fileno(tmpfile())
#endif
2023-06-03 19:52:10 +00:00
#else
2024-02-18 20:20:52 +00:00
#include <winsock2.h>
#include <ws2tcpip.h>
2023-06-03 19:52:10 +00:00
#endif
#include <params.h>
#include <packets.h>
2024-02-18 20:20:52 +00:00
#include <error.h>
2023-06-03 19:52:10 +00:00
2023-07-30 11:23:11 +00:00
static inline int get_family(struct sockaddr *dst)
{
if (dst->sa_family == AF_INET6) {
struct sockaddr_in6 *d6 = (struct sockaddr_in6 *)dst;
static char *pat = "\0\0\0\0\0\0\0\0\0\0\xff\xff";
if (!memcmp(&d6->sin6_addr, pat, 12)) {
return AF_INET;
}
}
return dst->sa_family;
}
2023-07-03 17:59:39 +00:00
int setttl(int fd, int ttl, int family) {
int _ttl = ttl;
2023-07-30 11:23:11 +00:00
2023-07-03 17:59:39 +00:00
if (family == AF_INET) {
2023-07-30 11:23:11 +00:00
if (setsockopt(fd, IPPROTO_IP,
2024-02-18 20:20:52 +00:00
IP_TTL, (char *)&_ttl, sizeof(_ttl)) < 0) {
uniperror("setsockopt IP_TTL");
2023-07-03 17:59:39 +00:00
return -1;
}
}
2023-07-30 11:23:11 +00:00
else if (setsockopt(fd, IPPROTO_IPV6,
2024-02-18 20:20:52 +00:00
IPV6_UNICAST_HOPS, (char *)&_ttl, sizeof(_ttl)) < 0) {
uniperror("setsockopt IPV6_UNICAST_HOPS");
2023-07-03 17:59:39 +00:00
return -1;
}
return 0;
}
2024-03-01 15:00:25 +00:00
#ifndef _WIN32
static inline void delay(long mk)
{
struct timespec time = {
.tv_nsec = mk * 1000
};
nanosleep(&time, 0);
}
#else
#define delay(mk) {}
#endif
2024-02-18 20:20:52 +00:00
#ifndef _WIN32
2023-07-30 11:23:11 +00:00
int fake_attack(int sfd, char *buffer,
size_t n, int cnt, int pos, int fa)
2023-06-03 19:52:10 +00:00
{
struct packet pkt = cnt != IS_HTTP ? fake_tls : fake_http;
size_t psz = pkt.size;
int ffd = memfd_create("name", O_RDWR);
if (ffd < 0) {
2024-02-24 17:44:54 +00:00
uniperror("memfd_create");
2023-06-03 19:52:10 +00:00
return -1;
}
char *p = 0;
int status = -1;
while (status) {
if (ftruncate(ffd, pos) < 0) {
2024-02-24 17:44:54 +00:00
uniperror("ftruncate");
2023-06-03 19:52:10 +00:00
break;
}
p = mmap(0, pos, PROT_WRITE, MAP_SHARED, ffd, 0);
if (p == MAP_FAILED) {
2024-02-24 17:44:54 +00:00
uniperror("mmap");
2023-08-20 13:30:03 +00:00
p = 0;
2023-06-03 19:52:10 +00:00
break;
}
memcpy(p, pkt.data, psz < pos ? psz : pos);
2023-07-03 17:59:39 +00:00
if (setttl(sfd, params.ttl, fa) < 0) {
2023-06-03 19:52:10 +00:00
break;
}
2023-07-03 17:59:39 +00:00
if (_sendfile(sfd, ffd, 0, pos) < 0) {
uniperror("sendfile");
2023-06-03 19:52:10 +00:00
break;
}
2023-06-12 08:01:40 +00:00
struct timespec delay = {
.tv_nsec = params.sfdelay * 1000
};
nanosleep(&delay, 0);
2023-06-03 19:52:10 +00:00
memcpy(p, buffer, pos);
2023-07-03 17:59:39 +00:00
if (setttl(sfd, params.def_ttl, fa) < 0) {
2023-06-03 19:52:10 +00:00
break;
}
if (send(sfd, buffer + pos, n - pos, 0) < 0) {
uniperror("send");
2023-06-03 19:52:10 +00:00
break;
}
status = 0;
}
if (p) munmap(p, pos);
close(ffd);
return status;
}
2024-02-18 20:20:52 +00:00
#endif
2023-06-03 19:52:10 +00:00
2023-07-30 11:23:11 +00:00
int disorder_attack(int sfd, char *buffer,
ssize_t n, int pos, int fa)
2023-06-03 19:52:10 +00:00
{
int bttl = 1;
2023-07-03 17:59:39 +00:00
if (setttl(sfd, bttl, fa) < 0) {
2023-06-03 19:52:10 +00:00
return -1;
}
if (send(sfd, buffer, pos, 0) < 0) {
2024-02-18 20:20:52 +00:00
uniperror("send");
2023-06-03 19:52:10 +00:00
return -1;
}
2023-07-03 17:59:39 +00:00
if (setttl(sfd, params.def_ttl, fa) < 0) {
2023-06-03 19:52:10 +00:00
return -1;
}
if (send(sfd, buffer + pos, n - pos, 0) < 0) {
2024-02-18 20:20:52 +00:00
uniperror("send");
2023-06-03 19:52:10 +00:00
return -1;
}
return 0;
}
2024-02-29 17:07:59 +00:00
int oob_attack(int sfd, char *buffer,
ssize_t n, int pos, int fa)
{
2024-03-01 15:00:25 +00:00
int size = oob_data.size;
char *data = oob_data.data;
2024-02-29 17:07:59 +00:00
2024-03-01 15:00:25 +00:00
if (pos < n && size) {
char rchar = buffer[pos];
buffer[pos] = data[0];
if (send(sfd, buffer, pos + 1, MSG_OOB) < 0) {
uniperror("send");
buffer[pos] = rchar;
return -1;
}
buffer[pos] = rchar;
size--;
data++;
if (size) {
delay(params.sfdelay);
}
2024-02-29 17:07:59 +00:00
}
2024-03-01 15:00:25 +00:00
else {
if (send(sfd, buffer, pos, 0) < 0) {
2024-02-29 17:07:59 +00:00
uniperror("send");
return -1;
}
2024-03-01 15:00:25 +00:00
}
for (int i = 0; i < size; i++) {
if (send(sfd, data + i, 1, MSG_OOB) < 0) {
uniperror("send");
return -1;
}
if (size != 1) {
delay(params.sfdelay);
2024-02-29 17:07:59 +00:00
}
}
if (send(sfd, buffer + pos, n - pos, 0) < 0) {
uniperror("send");
return -1;
}
return 0;
}
2024-02-18 14:19:11 +00:00
int desync(int sfd, char *buffer, size_t bfsize,
2023-07-07 20:07:27 +00:00
ssize_t n, struct sockaddr *dst)
2023-06-03 19:52:10 +00:00
{
int pos = params.split;
char *host = 0;
int len = 0, type = 0;
2023-07-30 11:23:11 +00:00
int fa = get_family(dst);
2023-07-03 17:59:39 +00:00
2023-06-03 19:52:10 +00:00
if ((len = parse_tls(buffer, n, &host))) {
type = IS_HTTPS;
}
else if ((len = parse_http(buffer, n, &host, 0))) {
type = IS_HTTP;
}
2023-08-20 13:30:03 +00:00
if (len && host) {
LOG(LOG_S, "host: %.*s\n", len, host);
}
2024-02-18 14:19:11 +00:00
2023-06-03 19:52:10 +00:00
if (type == IS_HTTP && params.mod_http) {
2024-02-24 17:44:54 +00:00
LOG(LOG_S, "modify HTTP: n=%ld\n", n);
2023-06-03 19:52:10 +00:00
if (mod_http(buffer, n, params.mod_http)) {
LOG(LOG_E, "mod http error\n");
2023-06-03 19:52:10 +00:00
return -1;
}
}
2024-02-18 14:19:11 +00:00
else if (type == IS_HTTPS && params.tlsrec) {
int o = params.tlsrec_pos;
if (params.tlsrec_sni) {
o += (host - buffer - 5);
2024-02-18 14:19:11 +00:00
}
else if (o < 0) {
o += n;
}
2024-02-24 17:44:54 +00:00
LOG(LOG_S, "tlsrec: pos=%d, n=%ld\n", o, n);
2024-02-18 14:19:11 +00:00
n = part_tls(buffer, bfsize, n, o);
}
if (params.split_host) {
if (host)
pos += (host - buffer);
else
pos = 0;
2023-07-30 11:23:11 +00:00
}
else if (pos < 0) {
2023-06-03 19:52:10 +00:00
pos += n;
2023-07-30 11:23:11 +00:00
}
2024-02-24 17:44:54 +00:00
LOG(LOG_L, "split-pos=%d, n=%ld\n", pos, n);
2023-06-03 19:52:10 +00:00
2023-10-16 12:44:24 +00:00
if (params.custom_ttl) {
if (setttl(sfd, params.def_ttl, fa) < 0) {
return -1;
}
}
2023-06-03 19:52:10 +00:00
if (pos <= 0 || pos >= n ||
params.attack == DESYNC_NONE ||
2023-07-30 11:23:11 +00:00
(!type && params.de_known))
2023-06-03 19:52:10 +00:00
{
if (send(sfd, buffer, n, 0) < 0) {
2024-02-18 20:20:52 +00:00
uniperror("send");
2023-06-03 19:52:10 +00:00
return -1;
}
}
else switch (params.attack) {
2024-02-18 20:20:52 +00:00
#ifndef _WIN32
2023-06-03 19:52:10 +00:00
case DESYNC_FAKE:
2023-07-03 17:59:39 +00:00
return fake_attack(sfd, buffer, n, type, pos, fa);
2024-02-18 20:20:52 +00:00
#endif
2023-06-03 19:52:10 +00:00
case DESYNC_DISORDER:
2023-07-03 17:59:39 +00:00
return disorder_attack(sfd, buffer, n, pos, fa);
2023-06-03 19:52:10 +00:00
2024-02-29 17:07:59 +00:00
case DESYNC_OOB:
return oob_attack(sfd, buffer, n, pos, fa);
2023-06-03 19:52:10 +00:00
case DESYNC_SPLIT:
default:
if (send(sfd, buffer, pos, 0) < 0) {
2024-02-18 20:20:52 +00:00
uniperror("send");
2023-06-03 19:52:10 +00:00
return -1;
}
if (send(sfd, buffer + pos, n - pos, 0) < 0) {
2024-02-18 20:20:52 +00:00
uniperror("send");
2023-06-03 19:52:10 +00:00
return -1;
}
}
return 0;
2023-07-07 20:07:27 +00:00
}