mirror of
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake.git
synced 2025-10-14 05:11:19 -04:00
Add raw DTLS fingerprints
This commit is contained in:
theodorsm
parent
fd9f08d986
commit
0976198523
6 changed files with 60 additions and 17 deletions
|
|
@ -37,6 +37,7 @@ import (
|
|||
|
||||
"github.com/pion/ice/v4"
|
||||
"github.com/pion/webrtc/v4"
|
||||
"github.com/theodorsm/covert-dtls/pkg/fingerprints"
|
||||
"github.com/xtaci/kcp-go/v5"
|
||||
"github.com/xtaci/smux"
|
||||
|
||||
|
|
@ -118,8 +119,9 @@ type ClientConfig struct {
|
|||
// connect to, as specified in the Bridge line of the torrc.
|
||||
BridgeFingerprint string
|
||||
// CommunicationProxy is the proxy address for network communication
|
||||
CommunicationProxy *url.URL
|
||||
CovertDTLSConfig string
|
||||
CommunicationProxy *url.URL
|
||||
CovertDTLSConfig string
|
||||
CovertDTLSFingerprint string
|
||||
}
|
||||
|
||||
// NewSnowflakeClient creates a new Snowflake transport client that can spawn multiple
|
||||
|
|
@ -165,9 +167,12 @@ func NewSnowflakeClient(config ClientConfig) (*Transport, error) {
|
|||
|
||||
eventsLogger := event.NewSnowflakeEventDispatcher()
|
||||
var transport *Transport
|
||||
// TODO: Add fingerprint config
|
||||
|
||||
if config.CovertDTLSConfig != "" {
|
||||
covertDTLSConfig := covertdtls.ParseConfigString(config.CovertDTLSConfig)
|
||||
if config.CovertDTLSFingerprint != "" {
|
||||
covertDTLSConfig.Fingerprint = fingerprints.ClientHelloFingerprint(*&config.CovertDTLSFingerprint)
|
||||
}
|
||||
transport = &Transport{dialer: NewCovertWebRTCDialerWithEventsAndProxy(broker, iceServers, max, eventsLogger, config.CommunicationProxy, &covertDTLSConfig), eventDispatcher: eventsLogger}
|
||||
} else {
|
||||
transport = &Transport{dialer: NewWebRTCDialerWithEventsAndProxy(broker, iceServers, max, eventsLogger, config.CommunicationProxy), eventDispatcher: eventsLogger}
|
||||
|
|
|
|||
|
|
@ -287,7 +287,17 @@ func (c *WebRTCPeer) preparePeerConnection(
|
|||
|
||||
s.SetNet(vnet)
|
||||
|
||||
if covertDTLSConfig.Mimic {
|
||||
if covertDTLSConfig.Fingerprint != "" {
|
||||
mimic := &mimicry.MimickedClientHello{}
|
||||
err = mimic.LoadFingerprint(covertDTLSConfig.Fingerprint)
|
||||
if err != nil {
|
||||
log.Printf("NewPeerConnection ERROR: %s", err)
|
||||
return err
|
||||
}
|
||||
profiles := utils.DefaultSRTPProtectionProfiles()
|
||||
s.SetSRTPProtectionProfiles(profiles...)
|
||||
s.SetDTLSClientHelloMessageHook(mimic.Hook)
|
||||
} else if covertDTLSConfig.Mimic {
|
||||
mimic := &mimicry.MimickedClientHello{}
|
||||
if covertDTLSConfig.Randomize {
|
||||
err = mimic.LoadRandomFingerprint()
|
||||
|
|
|
|||
|
|
@ -126,6 +126,9 @@ func socksAcceptLoop(ln *pt.SocksListener, config sf.ClientConfig, shutdown chan
|
|||
if arg, ok := conn.Req.Args.Get("covertdtls-config"); ok {
|
||||
config.CovertDTLSConfig = arg
|
||||
}
|
||||
if arg, ok := conn.Req.Args.Get("covertdtls-fingerprint"); ok {
|
||||
config.CovertDTLSFingerprint = arg
|
||||
}
|
||||
transport, err := sf.NewSnowflakeClient(config)
|
||||
if err != nil {
|
||||
conn.Reject()
|
||||
|
|
@ -177,7 +180,8 @@ func main() {
|
|||
max := flag.Int("max", DefaultSnowflakeCapacity,
|
||||
"capacity for number of multiplexed WebRTC peers")
|
||||
versionFlag := flag.Bool("version", false, "display version info to stderr and quit")
|
||||
covertDTLSConfig := flag.String("covertdtls-config", "", "Configuration of dtls mimicking and randomization: mimic, randomize, randomizemimic")
|
||||
covertDTLSConfig := flag.String("covertdtls-config", "", "Configuration of DTLS mimicking and randomization: mimic, randomize, randomizemimic")
|
||||
covertDTLSfingerprint := flag.String("covertdtls-fingerprint", "", "Mimicking of a raw DTLS fingerprint")
|
||||
|
||||
// Deprecated
|
||||
oldLogToStateDir := flag.Bool("logToStateDir", false, "use -log-to-state-dir instead")
|
||||
|
|
@ -236,15 +240,16 @@ func main() {
|
|||
}
|
||||
|
||||
config := sf.ClientConfig{
|
||||
BrokerURL: *brokerURL,
|
||||
AmpCacheURL: *ampCacheURL,
|
||||
SQSQueueURL: *sqsQueueURL,
|
||||
SQSCredsStr: *sqsCredsStr,
|
||||
FrontDomains: frontDomains,
|
||||
ICEAddresses: iceAddresses,
|
||||
KeepLocalAddresses: *keepLocalAddresses || *oldKeepLocalAddresses,
|
||||
Max: *max,
|
||||
CovertDTLSConfig: *covertDTLSConfig,
|
||||
BrokerURL: *brokerURL,
|
||||
AmpCacheURL: *ampCacheURL,
|
||||
SQSQueueURL: *sqsQueueURL,
|
||||
SQSCredsStr: *sqsCredsStr,
|
||||
FrontDomains: frontDomains,
|
||||
ICEAddresses: iceAddresses,
|
||||
KeepLocalAddresses: *keepLocalAddresses || *oldKeepLocalAddresses,
|
||||
Max: *max,
|
||||
CovertDTLSConfig: *covertDTLSConfig,
|
||||
CovertDTLSFingerprint: *covertDTLSfingerprint,
|
||||
}
|
||||
|
||||
// Begin goptlib client process.
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue