From a5060fedf2c9e9367e9e25cc97ce40d662d2765f Mon Sep 17 00:00:00 2001 From: Mikhail Zakharov Date: Fri, 23 Aug 2024 21:10:00 +0200 Subject: [PATCH] `ts-warp.c`: `-D 0..512` DPI bypass fragment sizing --- CHANGELOG.md | 3 +++ README.md | 10 +++++++--- http.c | 4 ++-- network.h | 3 +++ ts-warp.c | 28 ++++++++++++++++++---------- 5 files changed, 33 insertions(+), 15 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index a760a10..7513c41 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,8 @@ # CHANGELOG +* **2024.08.23 Current** + *`ts-warp.c`: `-D 0..512` DPI bypass fragment size by default 0 - disabled; To enable use a positive value, e.g., 2 + * **2024.08.15 ts-warp-1.5.5, gui-warp-1.0.25 (gui-warp-v1.0.30-mac), ns-warp-1.0.7** * `ts-warp.c`, `http.c`: Deep Packet Inspections bypass. Option `-D` to disable it. * `ts-warp.c`: Internal proxy servers allowed making direct connection to destinations diff --git a/README.md b/README.md index 74468c8..f25adf3 100644 --- a/README.md +++ b/README.md @@ -201,13 +201,17 @@ Note, Python 3 interpreter with `tkinter` support is required to run the GUI fro Check [releases](https://github.com/mezantrop/ts-warp/releases) and download macOS standalone precompiled application. Read related [README.md](gui/ports/macOS/README.md) for information and instructions. -### Experimental Deep Packet Inspections bypass +### Experimental Deep Packet Inspections bypass (обход замедления/блокировки, например, YouTube) According to [SpoofDPI](https://github.com/xvzc/SpoofDPI?tab=readme-ov-file#https) project, sending the first 1 byte of a request to the server, and then sending the rest of the data can help to bypass Deep Packet Inspections of HTTPS. -`TS-Warp` has the feature enabled by default. Just use TS-Warp in `Transparent` mode, or point your browser to `TS-Warp` -Internal `HTTP(S)` proxy at default `127.0.0.1:8080` or `SOCKS5` proxy at `127.0.0.1:7080`. +To bypass DPI, start TS-Warp with `-D 0..512` flag, e.g., `-D 2` to enable packet fragmentation, then use TS-Warp +normally in `Transparent` mode, or point your browser to `TS-Warp` Internal `HTTP(S)` proxy at `127.0.0.1:8080` or +`SOCKS5` proxy at `127.0.0.1:7080`. + +If you use macOS, download from [releases](https://github.com/mezantrop/ts-warp/releases) a precompiled `GUI-Warp` +macOS application with DPI bypass option already enabled! ### Contacts diff --git a/http.c b/http.c index 3126c17..349ea30 100644 --- a/http.c +++ b/http.c @@ -120,9 +120,9 @@ int http_client_request(chs cs, struct sockaddr_storage *daddr, char *user, char switch (cs.t) { case CHS_SOCKET: if (sdpi) { - printl(LOG_VERB, "Trying to bypass Deep Packet Inspections"); + printl(LOG_VERB, "Trying to bypass Deep Packet Inspections for HTTP proxy. Fragment size: [%d]", sdpi); - if (send(cs.s, r, 1, 0) == -1 || send(cs.s, r + 1, l - 1, 0) == -1) { + if (send(cs.s, r, sdpi, 0) == -1 || send(cs.s, r + sdpi, l - sdpi, 0) == -1) { printl(LOG_CRIT, "SDPI: Unable to send a request to the HTTP server via socket"); return 1; } diff --git a/network.h b/network.h index f048bcf..f83bbd4 100644 --- a/network.h +++ b/network.h @@ -71,6 +71,9 @@ #define INET_ADDRPORTSTRLEN INET6_ADDRSTRLEN + 6 /* MAX: ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff + ':' + '65535' */ +#define SDPI_FRAGMENTSZ_MAX 512 /* Maximum fragment size to bypass DPI */ + + /* -- Socket conversion macros -------------------------------------------------------------------------------------- */ #define SA_FAMILY(sa) ((struct sockaddr *)&sa)->sa_family diff --git a/ts-warp.c b/ts-warp.c index 6aabf07..078abc0 100644 --- a/ts-warp.c +++ b/ts-warp.c @@ -127,7 +127,7 @@ All parameters are optional: -f Force start -u user A user to run ts-warp, default: nobody - -D Do not try spoofing Deep Packet Inspections + -D 0..512 Deep Packet Inspections bypass fragment size. Default: 0 - disabled. Set any value, e.g., 2 to enable -h This message */ @@ -142,7 +142,9 @@ All parameters are optional: int l_flg = 0; /* User didn't set the log file */ int d_flg = 0; /* Daemon mode */ int f_flg = 0; /* Force start */ - int sdpi = 1; /* Try bypassing DPI */ + + int sdpi = 0; /* Packet fragment size: default 0. Set any + positive value to try tricking DPI */ /* According to https://github.com/xvzc/SpoofDPI?tab=readme-ov-file#https sending the first 1 byte of a request to the server, and then sending the rest of the data can help to bypass Deep Packet Inspections of HTTPS */ @@ -181,7 +183,7 @@ All parameters are optional: #endif - while ((flg = getopt(argc, argv, "T:S:H:c:l:v:t:dp:fu:Dh")) != -1) + while ((flg = getopt(argc, argv, "T:S:H:c:l:v:t:dp:fu:D:h")) != -1) switch(flg) { case 'T': /* Internal Transparent server IP/name */ taddr = strsep(&optarg, ":"); /* IP:PORT */ @@ -238,12 +240,16 @@ All parameters are optional: break; case 'D': - sdpi = 0; + sdpi = toint(optarg); + if (sdpi < 0 || sdpi > SDPI_FRAGMENTSZ_MAX) { + fprintf(stderr, "Fatal: wrong -D value:[%s]\n", optarg); + usage(1); + } break; case 'h': /* Help */ default: - (void)usage(0); + usage(0); } if (!taddr[0]) taddr = LISTEN_DEFAULT; @@ -662,6 +668,9 @@ All parameters are optional: if (!s_ini && isock == Tsock) { /* -- No proxy server found for the destination IP -------------------------------------------------- */ + close(Tsock); + if (Ssock != -1) close(Ssock); + if (Hsock != -1) close(Hsock); printl(LOG_INFO, "No proxy server is defined for the destination: [%s]", inet2str(&daddr.ip_addr, buf)); if ((daddr.ip_addr.ss_family == AF_INET && @@ -1300,19 +1309,18 @@ All parameters are optional: } if (sdpi && rec > 1) { - printl(LOG_VERB, "Trying to bypass Deep Packet Inspections"); + printl(LOG_VERB, "Trying to bypass Deep Packet Inspections. Fragment size: [%d]", sdpi); - if ((snd = send(ssock.s, buf, 1, 0)) == -1) { + if ((snd = send(ssock.s, buf, sdpi < rec ? sdpi : rec, 0)) == -1) { printl(LOG_CRIT, "Error sending data to proxy server"); break; } - int _snd = send(ssock.s, buf + 1, rec - 1, 0); + int _snd = send(ssock.s, buf + snd, rec - snd, 0); if (_snd == -1) { printl(LOG_CRIT, "Error sending data to proxy server"); break; } snd += _snd; - sdpi = 0; /* No need to split more packets */ } else while ((snd = send(ssock.s, buf, rec, 0)) == 0) { printl(LOG_CRIT, "C:[0] -> S:[0] bytes"); @@ -1476,7 +1484,7 @@ All parameters are optional:\n\ -f\t\t Force start\n\ \n\ -u user\t A user to run ts-warp, default: %s. Note, this option has no effect on macOS\n\ - -D\t\t Do not try bypass Deep Packet Inspections\n\ + -D 0..512\t Deep Packet Inspections bypass fragment size. Default: 0 - disabled. Set any value, e.g., 2 to enable\n\ \n\ -h\t\t This message\n\n", PROG_NAME, PROG_VERSION, INI_FILE_NAME, LOG_FILE_NAME, LOG_LEVEL_DEFAULT, PID_FILE_NAME, RUNAS_USER);