dpyproxy 2.2.0__py3-none-any.whl

modules/http/HttpUtils.py

@@ -0,0 +1,94 @@
+class HttpUtils:
+    @staticmethod
+    def insert(s: str, insertion: str, num: int, position: str, index: int = None) -> str:
+        """
+        Inserts a string into another string a specified number of times at a specified position.
+        :param s: string to insert into
+        :param insertion: string to insert
+        :param num: number of times to insert
+        :param position: position to insert at, either "start", "end", "middle", "random", or "index"
+        :param index: index to insert at if position is
+        :return: modified string
+        """
+        if position == "start":
+            result = num * insertion + s
+        if position == "end":
+            result = s + num * insertion
+        if position == "middle" or position == "random":
+            index = len(s) // 2
+            result = s[:index] + num * insertion + s[index:]
+        if position == "index" and index is not None:
+            result = s[:index] + num * insertion + s[index:]
+        return result
+
+    @staticmethod
+    def replace(s: str, replacement: str, num: int, start_index: int, end_index: int) -> str:
+        """
+        Replaces a part of a string with another string a specified number of times.
+        :param s: string to replace in
+        :param replacement: string to replace with
+        :param num: number of times to replace
+        :param start_index: start index of part to replace
+        :param end_index: end index of part to replace
+        :return: modified string
+        """
+        return s[:start_index] + num * replacement + s[end_index:]
+
+    @staticmethod
+    def duplicate(s: str, start_index: int, end_index: int) -> str:
+        """
+        Duplicates a part of a string with another string a specified number of times.
+        :param s: string to duplicate in
+        :param start_index: start index of part to duplicate in
+        :param end_index: end index of part to duplicate in
+        :return: modified string
+        """
+        return 2 * s[start_index:end_index]
+
+    @staticmethod
+    def index_host_header(data_list: list[list[str]], number: int = 1) -> int:
+        """
+        Indexes all host headers.
+        :param data_list: list of host headers
+        :param number: number of host headers
+        :return: indexed host headers
+        """
+        count = 0
+        for i, line in enumerate(data_list):
+            if "HOST" in line[0].upper():
+                count += 1
+                if count == number:
+                    return i
+        return -1
+
+    @staticmethod
+    def index_content_length_header(data_list: list[list[str]], number: int = 1) -> int:
+        """
+        Indexes all content length headers.
+        :param data_list: list of content length headers
+        :param number: number of content length headers
+        :return: indexed content length headers
+        """
+        count = 0
+        for i, line in enumerate(data_list):
+            if "CONTENT-LENGTH" in line[0].upper():
+                count += 1
+                if count == number:
+                    return i
+        return -1
+
+    @staticmethod
+    def index_transfer_encoding_header(data_list: list[list[str]], number: int = 1) -> int:
+        """
+        Indexes all transfer encoding headers.
+        :param data_list: list of transfer encoding headers
+        :param number: number of transfer encoding headers
+        :return: indexed transfer encoding headers
+        """
+        count = 0
+        for i, line in enumerate(data_list):
+            if "TRANSFER-ENCODING" in line[0].upper():
+                count += 1
+                if count == number:
+                    return i
+        return -1

modules/tls/TcpProxy.py

@@ -0,0 +1,106 @@
+import logging
+import select
+import socket
+import threading
+
+from enumerators.TcpProxyMode import TcpProxyMode
+from enumerators.TlsVersion import TlsVersion
+from network.NetworkAddress import NetworkAddress
+from network.tcp.TcpConnectionHandler import TcpConnectionHandler
+from network.tcp.WrappedTcpSocket import WrappedTcpSocket
+
+
+class TcpProxy:
+    """
+    Proxy server
+    """
+
+    def __init__(
+        self,
+        address: NetworkAddress,
+        timeout: int = 120,
+        record_version: str = TlsVersion.DEFAULT.value,
+        record_frag: bool = False,
+        tcp_frag: bool = False,
+        frag_size: int = 20,
+        http_strategy: int = None,
+        http_smuggling_uncensored_url: str = "",
+        dns_server: NetworkAddress = None,
+        disabled_modes: list[TcpProxyMode] = None,
+        forward_proxy: NetworkAddress = None,
+        forward_proxy_mode: TcpProxyMode = TcpProxyMode.HTTPS,
+        forward_proxy_resolve_address: bool = False,
+    ):
+        # timeout for socket reads and message reception
+        self.timeout = timeout
+        # own port
+        self.address = address
+        # record header version settings
+        self.record_version = record_version
+        # record fragmentation settings
+        self.record_frag = record_frag
+        self.tcp_frag = tcp_frag
+        self.frag_size = frag_size
+        # http manipulation strategy
+        self.http_strategy = http_strategy
+        self.http_smuggling_uncensored_url = http_smuggling_uncensored_url
+        # whether to use dot for domain resolution
+        self.dns_server = dns_server
+        self.disabled_modes = disabled_modes
+        if self.disabled_modes is None:
+            self.disabled_modes = []
+        # settings for another proxy to contact further down the line
+        self.forward_proxy = forward_proxy
+        self.forward_proxy_mode = forward_proxy_mode
+        self.forward_proxy_resolve_address = forward_proxy_resolve_address
+        self.server = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+        self.server.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
+        self.continue_processing = True
+
+    def handle(self, client_socket: WrappedTcpSocket, address: NetworkAddress):
+        return TcpConnectionHandler(
+            client_socket,
+            address,
+            self.timeout,
+            self.record_version,
+            self.record_frag,
+            self.tcp_frag,
+            self.frag_size,
+            self.http_strategy,
+            self.http_smuggling_uncensored_url,
+            self.dns_server,
+            self.disabled_modes,
+            self.forward_proxy,
+            self.forward_proxy_mode,
+            self.forward_proxy_resolve_address,
+        ).handle()
+
+    def start(self):
+        """
+        Starts the proxy. After calling the proxy is listening for connections.
+        :return:
+        """
+        # opening server socket
+        self.server.bind((self.address.host, self.address.port))
+        self.server.listen()
+        print(f"### Started TCP proxy on {self.address.host}:{self.address.port} ###")
+        if self.dns_server:
+            logging.debug(f"Using DNS server {self.dns_server}")
+        if self.forward_proxy:
+            logging.debug(f"Using forward proxy {self.forward_proxy}")
+        while self.continue_processing:
+            readable, _, _ = select.select([self.server], [], [], 1)
+            if not readable:
+                continue
+            # listen for incoming connections
+            try:
+                client_socket, address = self.server.accept()
+            except OSError:
+                logging.error("### Socket closed by OS. Stopping TCP Proxy ###")
+                return
+            address = NetworkAddress(address[0], address[1])
+            client_socket = WrappedTcpSocket(self.timeout, client_socket)
+            logging.info(f"request from {address.host}:{address.port}")
+            # spawn a new thread that runs the function handle()
+            threading.Thread(target=self.handle, args=(client_socket, address)).start()
+        logging.info("### Stopped proxy ###")

modules/tls/TlsModule.py

@@ -0,0 +1,173 @@
+import logging
+import string
+from argparse import ArgumentParser, BooleanOptionalAction, Namespace
+
+from enumerators.TcpProxyMode import TcpProxyMode
+from enumerators.TlsVersion import TlsVersion
+from modules.Module import Module
+from modules.tls.TcpProxy import TcpProxy
+from network.NetworkAddress import NetworkAddress
+
+
+class TlsModule(Module):
+    """
+    Implements circumvention methods for the TLS SNI censorship. Currently, implements options for a general TCP socket
+    as TLS is the only TCP-based protocol we support. In future version, those should be abstracted into their own
+    module.
+    """
+
+    def __init__(self, parser: ArgumentParser):
+        super().__init__(parser)
+        self.proxy: TcpProxy | None = None
+        self.dns_server = None
+
+    @staticmethod
+    def register_parameters(parser: ArgumentParser):
+
+        def list_of_modes(arg):
+            return list(map(lambda x: TcpProxyMode(x), arg.split(",")))
+
+        def record_header_version(arg):
+            try:
+                return TlsVersion.__getitem__(arg).value
+            except KeyError:
+                if len(arg) == 4 and all(c in string.hexdigits for c in arg):
+                    return arg
+                else:
+                    logging.error(
+                        f"{arg} not a predefined TLS version, not 2 bytes long or contains non-hex characters."
+                    )
+                    exit()
+
+        tls_module = parser.add_argument_group("TLS Module")
+
+        tls_module.add_argument(
+            "--tls_disabled_modes",
+            type=list_of_modes,
+            choices=TcpProxyMode,
+            default=[],
+            help="List of proxy modes to ignore. By default, all none are disabled. Hence, all are enabled",
+        )
+
+        tls_module.add_argument("--tls_timeout", type=int, default=10, help="Connection timeout in seconds")
+
+        tls_module.add_argument("--tls_host", type=str, default="localhost", help="Address the proxy server runs on")
+
+        tls_module.add_argument("--tls_port", type=int, default=4433, help="Port the proxy server runs on")
+
+        tls_module.add_argument(
+            "--tls_record_version",
+            type=record_header_version,
+            default=TlsVersion.DEFAULT.name,
+            help=f"Overwrites the TLS version in the TLS record with the given bytes. Pre-defined "
+            f"values {[x.name for x in TlsVersion]} or 2 byte long values such as 0303 or "
+            f"FFFF can be provided.",
+        )
+
+        tls_module.add_argument(
+            "--tls_record_frag",
+            default=True,
+            action=BooleanOptionalAction,
+            help="Whether to use record fragmentation to forwarded TLS handshake messages",
+        )
+
+        tls_module.add_argument(
+            "--tls_tcp_frag",
+            default=True,
+            action=BooleanOptionalAction,
+            help="Whether to use TCP fragmentation to forwarded messages.",
+        )
+
+        tls_module.add_argument("--tls_frag_size", type=int, default=20, help="Bytes in each TCP/TLS record fragment")
+
+        tls_module.add_argument(
+            "--tls_dns_server_ip",
+            type=str,
+            default=None,
+            help="DNS server IP for all DNS queries of the TLS module. If not given, the DNS server started by the "
+            "DNS module us used. If DNS module is not used, the OS default DNS server is used.",
+        )
+
+        tls_module.add_argument(
+            "--tls_dns_server_port",
+            type=int,
+            default=53,
+            help="DNS server port for all DNS queries. Only set if a DNS server IP is given. If not given, the "
+            "default port 53 is used.",
+        )
+
+        tls_module.add_argument(
+            "--tls_forward_proxy_host",
+            type=str,
+            default="localhost",
+            help="Host of the forward proxy if any is present",
+        )
+
+        tls_module.add_argument(
+            "--tls_forward_proxy_port", type=int, default=None, help="Port the forward proxy server runs on"
+        )
+
+        tls_module.add_argument(
+            "--tls_forward_proxy_mode",
+            type=TcpProxyMode.__getitem__,
+            choices=TcpProxyMode,
+            default=TcpProxyMode.HTTPS,
+            help="The proxy type of the forward proxy",
+        )
+
+        tls_module.add_argument(
+            "--tls_forward_proxy_resolve_address",
+            default=False,
+            action=BooleanOptionalAction,
+            help="""Whether to resolve domains before including them in the HTTP CONNECT request to the
+                                second proxy""",
+        )
+
+    def extract_parameters(self, args: Namespace):
+        server_address = NetworkAddress(args.tls_host, args.tls_port)
+        forward_proxy = None
+        if args.tls_forward_proxy_port is not None:
+            forward_proxy = NetworkAddress(args.tls_forward_proxy_host, args.tls_forward_proxy_port)
+
+        if args.tls_dns_server_ip is not None and self.dns_server is None:
+            self.dns_server = NetworkAddress(args.tls_dns_server_ip, args.tls_dns_server_port)
+
+        if (
+            args.tls_forward_proxy_mode in [TcpProxyMode.HTTP, TcpProxyMode.SNI]
+            and args.tls_forward_proxy_mode != args.proxy_mode
+        ):
+            logging.debug("Forward proxy modes HTTP and SNI only usable if proxy mode is HTTP or SNI respectively.")
+            exit()
+
+        self.proxy = TcpProxy(
+            address=server_address,
+            timeout=args.tls_timeout,
+            record_version=args.tls_record_version,
+            record_frag=args.tls_record_frag,
+            tcp_frag=args.tls_tcp_frag,
+            frag_size=args.tls_frag_size,
+            dns_server=self.dns_server,
+            disabled_modes=args.tls_disabled_modes,
+            forward_proxy=forward_proxy,
+            forward_proxy_mode=args.tls_forward_proxy_mode,
+            forward_proxy_resolve_address=args.tls_forward_proxy_resolve_address,
+        )
+
+    def start(self):
+        self.proxy.start()
+
+    def stop(self):
+        self.proxy.continue_processing = False
+        logging.info("Waiting for proxy to stop")
+
+    def set_dns_server(self, dns_server: NetworkAddress):
+        """
+        Sets the DNS server for the TLS module.
+        :param dns_server: NetworkAddress of the DNS server to use.
+        """
+        if not self.dns_server:
+            self.dns_server = NetworkAddress(
+                "127.0.0.1" if dns_server.host == "0.0.0.0" else dns_server.host, dns_server.port
+            )
+        else:
+            logging.warning("DNS server manually overwritten in TLS module. Not setting address of DNS module server.")