From e98bb5ecadbfe8b8002565576517ddbdb4db83c4 Mon Sep 17 00:00:00 2001
From: Vadim Vetrov <vetrovvd@gmail.com>
Date: Sat, 4 Jan 2025 17:47:49 +0300
Subject: [PATCH] Implement sni-detection brute for QUIC

---
 src/quic.c | 10 +++++++---
 src/tls.c  |  4 +++-
 src/tls.h  |  9 +++++++++
 3 files changed, 19 insertions(+), 4 deletions(-)

diff --git a/src/quic.c b/src/quic.c
index 958beeb..3f2f77d 100644
--- a/src/quic.c
+++ b/src/quic.c
@@ -391,9 +391,13 @@ pl_incr:
 	}
 
 out:
-	ret = analyze_tls_message(
-		section, crypto_message, crypto_message_len, &tlsv
-	);
+	if (section->sni_detection == SNI_DETECTION_BRUTE) {
+		ret = bruteforce_analyze_sni_str(section, crypto_message, crypto_message_len, &tlsv);
+	} else {
+		ret = analyze_tls_message(
+			section, crypto_message, crypto_message_len, &tlsv
+		);
+	}
 
 	free(crypto_message);
 	return tlsv;
diff --git a/src/tls.c b/src/tls.c
index ad07c98..7bf3cd5 100644
--- a/src/tls.c
+++ b/src/tls.c
@@ -28,11 +28,13 @@
 #include <unistd.h>
 #endif
 
-static int bruteforce_analyze_sni_str(
+int bruteforce_analyze_sni_str(
 	const struct section_config_t *section,
 	const uint8_t *data, size_t dlen,
 	struct tls_verdict *vrd
 ) {
+	*vrd = (struct tls_verdict){0};
+
 	if (section->all_domains) {
 		vrd->target_sni = 1;
 		vrd->sni_len = 0;
diff --git a/src/tls.h b/src/tls.h
index 12acb00..cd9828f 100644
--- a/src/tls.h
+++ b/src/tls.h
@@ -55,6 +55,15 @@ int analyze_tls_message(
 	struct tls_verdict *tlsv
 );
 
+/**
+ * Tries to bruteforce over the packet and match domains as plain text
+ */
+int bruteforce_analyze_sni_str(
+	const struct section_config_t *section,
+	const uint8_t *data, size_t dlen,
+	struct tls_verdict *vrd
+);
+
 
 /**
  * Processes the packet and finds TLS Client Hello information inside it.