Add raw DTLS fingerprints

2025-10-14 05:11:19 -04:00 · 2024-12-19 00:33:48 +01:00 · 2024-12-19 00:33:48 +01:00 · 0976198523
commit 0976198523
parent fd9f08d986
6 changed files with 60 additions and 17 deletions
--- a/client/snowflake.go
+++ b/client/snowflake.go
@ -126,6 +126,9 @@ func socksAcceptLoop(ln *pt.SocksListener, config sf.ClientConfig, shutdown chan
 			if arg, ok := conn.Req.Args.Get("covertdtls-config"); ok {
 				config.CovertDTLSConfig = arg
 			}
+			if arg, ok := conn.Req.Args.Get("covertdtls-fingerprint"); ok {
+				config.CovertDTLSFingerprint = arg
+			}
 			transport, err := sf.NewSnowflakeClient(config)
 			if err != nil {
 				conn.Reject()
@ -177,7 +180,8 @@ func main() {
 	max := flag.Int("max", DefaultSnowflakeCapacity,
 		"capacity for number of multiplexed WebRTC peers")
 	versionFlag := flag.Bool("version", false, "display version info to stderr and quit")
-	covertDTLSConfig := flag.String("covertdtls-config", "", "Configuration of dtls mimicking and randomization: mimic, randomize, randomizemimic")
+	covertDTLSConfig := flag.String("covertdtls-config", "", "Configuration of DTLS mimicking and randomization: mimic, randomize, randomizemimic")
+	covertDTLSfingerprint := flag.String("covertdtls-fingerprint", "", "Mimicking of a raw DTLS fingerprint")

 	// Deprecated
 	oldLogToStateDir := flag.Bool("logToStateDir", false, "use -log-to-state-dir instead")
@ -236,15 +240,16 @@ func main() {
 	}

 	config := sf.ClientConfig{
-		BrokerURL:          *brokerURL,
-		AmpCacheURL:        *ampCacheURL,
-		SQSQueueURL:        *sqsQueueURL,
-		SQSCredsStr:        *sqsCredsStr,
-		FrontDomains:       frontDomains,
-		ICEAddresses:       iceAddresses,
-		KeepLocalAddresses: *keepLocalAddresses || *oldKeepLocalAddresses,
-		Max:                *max,
-		CovertDTLSConfig:   *covertDTLSConfig,
+		BrokerURL:             *brokerURL,
+		AmpCacheURL:           *ampCacheURL,
+		SQSQueueURL:           *sqsQueueURL,
+		SQSCredsStr:           *sqsCredsStr,
+		FrontDomains:          frontDomains,
+		ICEAddresses:          iceAddresses,
+		KeepLocalAddresses:    *keepLocalAddresses || *oldKeepLocalAddresses,
+		Max:                   *max,
+		CovertDTLSConfig:      *covertDTLSConfig,
+		CovertDTLSFingerprint: *covertDTLSfingerprint,
 	}

 	// Begin goptlib client process.