@omindu/yaksha 1.0.0

package/src/bypass/firewall-evasion.js

@@ -0,0 +1,354 @@
+'use strict';
+
+/**
+ * Yaksha Firewall Evasion
+ * Advanced techniques to bypass firewalls and DPI (Deep Packet Inspection)
+ */
+
+const crypto = require('crypto');
+const Logger = require('../utils/logger');
+
+// Common MTU values
+const MTU_VALUES = [1500, 1492, 1460, 1400, 1280];
+
+class FirewallEvasion {
+  constructor(securityLevel = 'medium', options = {}) {
+    this.securityLevel = securityLevel;
+    this.enabled = options.enabled !== false;
+    this.portHoppingEnabled = options.portHopping !== false;
+    this.portHoppingInterval = options.portHoppingInterval || 100; // packets or seconds
+    this.portRange = options.portRange || [8000, 9000];
+    this.currentPort = null;
+    this.packetCounter = 0;
+    this.mtu = options.mtu || 1500;
+    
+    this.logger = new Logger({ prefix: 'Firewall-Evasion' });
+  }
+
+  /**
+   * Get next port for port hopping
+   */
+  _getNextPort() {
+    const [min, max] = this.portRange;
+    return crypto.randomInt(min, max + 1);
+  }
+
+  /**
+   * Check if port hop is needed
+   */
+  shouldHopPort() {
+    if (!this.portHoppingEnabled) {
+      return false;
+    }
+
+    this.packetCounter++;
+    
+    return this.packetCounter % this.portHoppingInterval === 0;
+  }
+
+  /**
+   * Get current or next port
+   */
+  getPort(force = false) {
+    if (!this.currentPort || force || this.shouldHopPort()) {
+      this.currentPort = this._getNextPort();
+      this.logger.debug(`Port hopping to ${this.currentPort}`);
+    }
+
+    return this.currentPort;
+  }
+
+  /**
+   * Fragment packet into smaller pieces
+   */
+  fragmentPacket(data, fragmentSize = null) {
+    if (!this.enabled) {
+      return [data];
+    }
+
+    if (!fragmentSize) {
+      // Random fragment size between 500 and 1400 bytes
+      fragmentSize = crypto.randomInt(500, 1401);
+    }
+
+    const fragments = [];
+    let offset = 0;
+
+    while (offset < data.length) {
+      const chunkSize = Math.min(fragmentSize, data.length - offset);
+      const fragment = data.slice(offset, offset + chunkSize);
+      fragments.push(fragment);
+      offset += chunkSize;
+    }
+
+    this.logger.debug(`Fragmented ${data.length} bytes into ${fragments.length} fragments`);
+    return fragments;
+  }
+
+  /**
+   * Reassemble fragments
+   */
+  reassembleFragments(fragments) {
+    return Buffer.concat(fragments);
+  }
+
+  /**
+   * Add timing jitter to avoid constant rate traffic
+   */
+  calculateTimingJitter() {
+    if (!this.enabled) {
+      return 0;
+    }
+
+    // Random jitter between 0 and 50ms
+    return crypto.randomInt(0, 51);
+  }
+
+  /**
+   * Adjust MTU to avoid detection
+   */
+  adjustMTU(preferred = null) {
+    if (preferred && MTU_VALUES.includes(preferred)) {
+      this.mtu = preferred;
+      return this.mtu;
+    }
+
+    // Select random common MTU value
+    const index = crypto.randomInt(0, MTU_VALUES.length);
+    this.mtu = MTU_VALUES[index];
+    
+    this.logger.debug(`MTU adjusted to ${this.mtu}`);
+    return this.mtu;
+  }
+
+  /**
+   * Get current MTU
+   */
+  getMTU() {
+    return this.mtu;
+  }
+
+  /**
+   * Apply protocol masquerading (make it look like HTTPS)
+   */
+  masqueradeProtocol(data) {
+    if (!this.enabled) {
+      return data;
+    }
+
+    // Prepend with TLS-like pattern
+    // This is a simplified version - TLS camouflage module handles full implementation
+    const marker = Buffer.from([0x17, 0x03, 0x03]); // TLS Application Data, TLS 1.2
+    const length = Buffer.allocUnsafe(2);
+    length.writeUInt16BE(Math.min(data.length, 16384), 0);
+
+    return Buffer.concat([marker, length, data]);
+  }
+
+  /**
+   * Remove protocol masquerade
+   */
+  unmasqueradeProtocol(data) {
+    if (!this.enabled || data.length < 5) {
+      return data;
+    }
+
+    // Check for TLS marker
+    if (data[0] === 0x17 && data[1] === 0x03 && data[2] === 0x03) {
+      return data.slice(5); // Skip 5-byte TLS header
+    }
+
+    return data;
+  }
+
+  /**
+   * Mimic burst traffic pattern (like video streaming)
+   */
+  generateBurstPattern(totalPackets) {
+    const pattern = [];
+    let remaining = totalPackets;
+
+    while (remaining > 0) {
+      // Burst size: 2-10 packets
+      const burstSize = Math.min(crypto.randomInt(2, 11), remaining);
+      
+      // Send burst
+      for (let i = 0; i < burstSize; i++) {
+        pattern.push({ action: 'send', delay: 0 });
+      }
+
+      remaining -= burstSize;
+
+      // Pause between bursts: 50-200ms
+      if (remaining > 0) {
+        const pauseDuration = crypto.randomInt(50, 201);
+        pattern.push({ action: 'pause', delay: pauseDuration });
+      }
+    }
+
+    return pattern;
+  }
+
+  /**
+   * Apply traffic shaping delay
+   */
+  async applyTrafficShaping(callback, pattern = null) {
+    if (!this.enabled) {
+      await callback();
+      return;
+    }
+
+    if (!pattern) {
+      // Simple random delay
+      const delay = this.calculateTimingJitter();
+      if (delay > 0) {
+        await new Promise(resolve => setTimeout(resolve, delay));
+      }
+      await callback();
+      return;
+    }
+
+    // Apply complex pattern
+    for (const step of pattern) {
+      if (step.action === 'send') {
+        await callback();
+      } else if (step.action === 'pause') {
+        await new Promise(resolve => setTimeout(resolve, step.delay));
+      }
+    }
+  }
+
+  /**
+   * Randomize packet order (within window)
+   */
+  randomizePacketOrder(packets, windowSize = 5) {
+    if (!this.enabled || packets.length <= 1) {
+      return packets;
+    }
+
+    const result = [];
+    const remaining = [...packets];
+
+    while (remaining.length > 0) {
+      const window = Math.min(windowSize, remaining.length);
+      const index = crypto.randomInt(0, window);
+      result.push(remaining.splice(index, 1)[0]);
+    }
+
+    return result;
+  }
+
+  /**
+   * Add decoy packets (fake traffic)
+   */
+  generateDecoyPacket(size = null) {
+    if (!size) {
+      size = crypto.randomInt(100, 1000);
+    }
+
+    return crypto.randomBytes(size);
+  }
+
+  /**
+   * Check if packet should be a decoy
+   */
+  shouldInsertDecoy(probability = 0.1) {
+    return this.enabled && Math.random() < probability;
+  }
+
+  /**
+   * Apply DPI evasion techniques
+   */
+  evadeDPI(data) {
+    if (!this.enabled) {
+      return data;
+    }
+
+    const techniques = [];
+
+    // 1. Encrypt all payload (already done by encryption module)
+    // 2. No plaintext headers
+    // 3. Randomize packet structure
+    
+    // Add random padding
+    const paddingSize = crypto.randomInt(0, 256);
+    if (paddingSize > 0) {
+      const padding = crypto.randomBytes(paddingSize);
+      data = Buffer.concat([data, padding]);
+      techniques.push('padding');
+    }
+
+    // Apply protocol masquerading
+    data = this.masqueradeProtocol(data);
+    techniques.push('masquerade');
+
+    this.logger.debug(`DPI evasion applied: ${techniques.join(', ')}`);
+    return data;
+  }
+
+  /**
+   * Get recommended packet size to avoid detection
+   */
+  getRecommendedPacketSize() {
+    // Common packet sizes seen in HTTPS traffic
+    const commonSizes = [64, 128, 256, 512, 1024, 1400];
+    const index = crypto.randomInt(0, commonSizes.length);
+    return commonSizes[index];
+  }
+
+  /**
+   * Enable firewall evasion
+   */
+  enable() {
+    this.enabled = true;
+    this.logger.info('Firewall evasion enabled');
+  }
+
+  /**
+   * Disable firewall evasion
+   */
+  disable() {
+    this.enabled = false;
+    this.logger.info('Firewall evasion disabled');
+  }
+
+  /**
+   * Enable port hopping
+   */
+  enablePortHopping() {
+    this.portHoppingEnabled = true;
+    this.logger.info('Port hopping enabled');
+  }
+
+  /**
+   * Disable port hopping
+   */
+  disablePortHopping() {
+    this.portHoppingEnabled = false;
+    this.logger.info('Port hopping disabled');
+  }
+
+  /**
+   * Reset packet counter
+   */
+  reset() {
+    this.packetCounter = 0;
+    this.currentPort = null;
+  }
+
+  /**
+   * Get statistics
+   */
+  getStats() {
+    return {
+      enabled: this.enabled,
+      portHopping: this.portHoppingEnabled,
+      currentPort: this.currentPort,
+      packetCounter: this.packetCounter,
+      mtu: this.mtu
+    };
+  }
+}
+
+module.exports = FirewallEvasion;
+module.exports.MTU_VALUES = MTU_VALUES;