diff --git a/binaries/aarch64/nfqws b/binaries/aarch64/nfqws index 24c65a1..8c571c7 100755 Binary files a/binaries/aarch64/nfqws and b/binaries/aarch64/nfqws differ diff --git a/binaries/arm/nfqws b/binaries/arm/nfqws index 1b15fdc..abbe4dc 100755 Binary files a/binaries/arm/nfqws and b/binaries/arm/nfqws differ diff --git a/binaries/mips32r1-lsb/nfqws b/binaries/mips32r1-lsb/nfqws index 56a400e..fd950cd 100755 Binary files a/binaries/mips32r1-lsb/nfqws and b/binaries/mips32r1-lsb/nfqws differ diff --git a/binaries/mips32r1-msb/nfqws b/binaries/mips32r1-msb/nfqws index b00e770..4b3c82b 100755 Binary files a/binaries/mips32r1-msb/nfqws and b/binaries/mips32r1-msb/nfqws differ diff --git a/binaries/mips64r2-msb/nfqws b/binaries/mips64r2-msb/nfqws index ae000f0..b2916d7 100755 Binary files a/binaries/mips64r2-msb/nfqws and b/binaries/mips64r2-msb/nfqws differ diff --git a/binaries/ppc/nfqws b/binaries/ppc/nfqws index 1ec9638..b7b4b7c 100755 Binary files a/binaries/ppc/nfqws and b/binaries/ppc/nfqws differ diff --git a/binaries/x86/nfqws b/binaries/x86/nfqws index b8a10d8..877c3e7 100755 Binary files a/binaries/x86/nfqws and b/binaries/x86/nfqws differ diff --git a/binaries/x86_64/nfqws b/binaries/x86_64/nfqws index 78bf3aa..fac967e 100755 Binary files a/binaries/x86_64/nfqws and b/binaries/x86_64/nfqws differ diff --git a/docs/readme.eng.md b/docs/readme.eng.md index 866ece7..4872e77 100644 --- a/docs/readme.eng.md +++ b/docs/readme.eng.md @@ -153,6 +153,7 @@ nfqws takes the following parameters: --dpi-desync-any-protocol=0|1 ; 0(default)=desync only http and tls 1=desync any nonempty data packet --dpi-desync-fake-http= ; file containing fake http request. replacement for built-in --dpi-desync-fake-tls= ; file containing fake TLS ClientHello (for https). replacement for built-in + --dpi-desync-fake-unknown= ; file containing unknown protocol fake payload. default is 256 zeroes --dpi-desync-cutoff=N ; apply dpi desync only to packet numbers less than N --hostlist= ; apply fooling only to the listed hosts (one host per line, subdomains auto apply) ``` diff --git a/docs/readme.txt b/docs/readme.txt index 3f3d071..c3138f5 100644 --- a/docs/readme.txt +++ b/docs/readme.txt @@ -201,6 +201,7 @@ nfqws --dpi-desync-any-protocol=0|1 ; 0(default)=работать только по http request и tls clienthello 1=по всем непустым пакетам данных --dpi-desync-fake-http= ; файл, содержащий фейковый http запрос для dpi-desync=fake, на замену стандартному w3.org --dpi-desync-fake-tls= ; файл, содержащий фейковый tls clienthello для dpi-desync=fake, на замену стандартному w3.org + --dpi-desync-fake-unknown= ; файл, содержащий фейковый пейлоад неизвестного протокола для dpi-desync=fake, на замену стандартным нулям 256 байт --dpi-desync-cutoff=N ; применять dpi desync только к исходящим пакетам по номеру меньше N --hostlist= ; применять дурение только к хостам из листа diff --git a/nfq/desync.c b/nfq/desync.c index ffd499d..618eade 100644 --- a/nfq/desync.c +++ b/nfq/desync.c @@ -230,8 +230,8 @@ packet_process_result dpi_desync_packet(uint8_t *data_pkt, size_t len_pkt, struc { if (!params.desync_any_proto) return res; DLOG("applying tampering to unknown protocol\n") - fake = zeropkt; - fake_size = 256; + fake = params.fake_unknown; + fake_size = params.fake_unknown_size; } if (bHaveHost) diff --git a/nfq/nfqws.c b/nfq/nfqws.c index 49a2046..882f5e6 100644 --- a/nfq/nfqws.c +++ b/nfq/nfqws.c @@ -499,6 +499,7 @@ static void exithelp() " --dpi-desync-any-protocol=0|1\t\t; 0(default)=desync only http and tls 1=desync any nonempty data packet\n" " --dpi-desync-fake-http=\t; file containing fake http request\n" " --dpi-desync-fake-tls=\t; file containing fake TLS ClientHello (for https)\n" + " --dpi-desync-fake-unknown=\t; file containing unknown protocol fake payload\n" " --dpi-desync-cutoff=N\t\t\t; apply dpi desync only to packet numbers less than N\n" " --hostlist=\t\t\t; apply dpi desync only to the listed hosts (one host per line, subdomains auto apply)\n", CTRACK_T_SYN, CTRACK_T_EST, CTRACK_T_FIN, @@ -552,6 +553,7 @@ int main(int argc, char **argv) memcpy(params.fake_tls,fake_tls_clienthello_default,params.fake_tls_size); params.fake_http_size = strlen(fake_http_request_default); memcpy(params.fake_http,fake_http_request_default,params.fake_http_size); + params.fake_unknown_size = 256; params.wscale=-1; // default - dont change scale factor (client) params.ctrack_t_syn = CTRACK_T_SYN; params.ctrack_t_est = CTRACK_T_EST; @@ -607,8 +609,9 @@ int main(int argc, char **argv) {"dpi-desync-any-protocol",optional_argument,0,0},// optidx=25 {"dpi-desync-fake-http",required_argument,0,0},// optidx=26 {"dpi-desync-fake-tls",required_argument,0,0},// optidx=27 - {"dpi-desync-cutoff",required_argument,0,0},// optidx=28 - {"hostlist",required_argument,0,0}, // optidx=29 + {"dpi-desync-fake-unknown",required_argument,0,0},// optidx=28 + {"dpi-desync-cutoff",required_argument,0,0},// optidx=29 + {"hostlist",required_argument,0,0}, // optidx=30 {NULL,0,NULL,0} }; if (argc < 2) exithelp(); @@ -862,14 +865,22 @@ int main(int argc, char **argv) exit_clean(1); } break; - case 28: /* desync-cutoff */ + case 28: /* dpi-desync-fake-unknown */ + params.fake_unknown_size = sizeof(params.fake_unknown); + if (!load_file_nonempty(optarg,params.fake_unknown,¶ms.fake_unknown_size)) + { + fprintf(stderr, "could not read %s\n",optarg); + exit_clean(1); + } + break; + case 29: /* desync-cutoff */ if (!sscanf(optarg, "%u", ¶ms.desync_cutoff)) { fprintf(stderr, "invalid desync-cutoff value\n"); exit_clean(1); } break; - case 29: /* hostlist */ + case 30: /* hostlist */ if (!LoadHostList(¶ms.hostlist, optarg)) exit_clean(1); strncpy(params.hostfile,optarg,sizeof(params.hostfile)); diff --git a/nfq/params.h b/nfq/params.h index 57eaba0..30272ee 100644 --- a/nfq/params.h +++ b/nfq/params.h @@ -43,8 +43,8 @@ struct params_s uint32_t desync_badseq_increment, desync_badseq_ack_increment; char hostfile[256]; strpool *hostlist; - uint8_t fake_http[1460],fake_tls[1460]; - size_t fake_http_size,fake_tls_size; + uint8_t fake_http[1432],fake_tls[1432],fake_unknown[1432]; + size_t fake_http_size,fake_tls_size,fake_unknown_size; bool droproot; uid_t uid; gid_t gid;