dpyproxy 2.2.0__py3-none-any.whl

network/tcp/TcpConnectionHandler.py

@@ -0,0 +1,264 @@
+import logging
+import socket
+
+from enumerators.TcpProxyMode import TcpProxyMode
+from exception.ParserException import ParserException
+from network.DomainResolver import DomainResolver
+from network.NetworkAddress import NetworkAddress
+from network.protocols.Dns import Dns
+from network.protocols.Http import Http
+from network.protocols.Socksv4 import Socksv4
+from network.protocols.Socksv5 import Socksv5
+from network.protocols.Tls import Tls
+from network.tcp.Forwarder import Forwarder
+from network.tcp.WrappedTcpSocket import WrappedTcpSocket
+from util.constants import (
+    STANDARD_SOCKET_RECEIVE_SIZE,
+    TLS_1_0_HEADER,
+    TLS_1_1_HEADER,
+    TLS_1_2_HEADER,
+    SOCKSv4_HEADER,
+    SOCKSv5_HEADER,
+)
+from util.Util import is_valid_ipv4_address
+
+
+class TcpConnectionHandler:
+    """
+    Handles a single client connection of the proxy server.
+    """
+
+    def __init__(
+        self,
+        connection_socket: WrappedTcpSocket,
+        address: NetworkAddress,
+        timeout: int,
+        record_version: str,
+        record_frag: bool,
+        tcp_frag: bool,
+        frag_size: int,
+        http_strategy: int,
+        http_smuggling_uncensored_url: str,
+        dns_server: NetworkAddress,
+        disabled_modes: list[TcpProxyMode],
+        forward_proxy: NetworkAddress,
+        forward_proxy_mode: TcpProxyMode,
+        forward_proxy_resolve_address: bool,
+    ):
+        self.connection_socket = connection_socket
+        self.address = address
+        self.proxy_mode = None
+        self.timeout = timeout
+        self.record_frag = record_frag
+        self.record_version = record_version
+        self.tcp_frag = tcp_frag
+        self.frag_size = frag_size
+        self.http_strategy = http_strategy
+        self.http_smuggling_uncensored_url = http_smuggling_uncensored_url
+        self.dns_server = dns_server
+        self.disabled_modes = disabled_modes
+        self.forward_proxy = forward_proxy
+        self.forward_proxy_mode = forward_proxy_mode
+        self.forward_proxy_resolve_address = forward_proxy_resolve_address
+
+    def handle(self):
+        """
+        Handles the connection to a single client.
+        :return: None
+        """
+        # determine proxy mode / message type
+        self.proxy_mode = self.get_proxy_mode()
+        if self.proxy_mode in self.disabled_modes:
+            self.info(f"Proxy mode {self.proxy_mode} is disabled. Stopping!")
+            return
+
+        # determine destination address
+        try:
+            final_server_address, http_version = self.get_destination_address()
+        except ParserException as e:
+            logging.warning(f"Could not parse initial proxy message with {e}. Stopping!")
+            return
+
+        # resolve domain if no forward proxy or the forward proxy needs a resolved address
+        if (not is_valid_ipv4_address(final_server_address.host)) and (
+            self.forward_proxy_resolve_address or self.forward_proxy is None
+        ):
+            if self.dns_server:
+                host = DomainResolver.resolve_udp_static_to_ip(
+                    final_server_address.host, resolver=self.dns_server, timeout=self.timeout
+                )
+            else:
+                host = DomainResolver.resolve_local(final_server_address.host)
+            self.debug(f"Resolved {host} from {final_server_address.host}")
+            final_server_address.host = host
+
+        # set correct target
+        if self.forward_proxy is None:
+            target_address = (final_server_address.host, final_server_address.port)
+        else:
+            target_address = (self.forward_proxy.host, self.forward_proxy.port)
+            self.debug(f"Using forward proxy {target_address}")
+
+        # open socket to server
+        try:
+            server_socket = socket.create_connection(target_address)
+        except Exception as e:
+            self.info(f"Could not connect to server due to {e}.")
+            self.connection_socket.try_close()
+            return
+        if self.tcp_frag and self.record_frag:
+            # align record and tcp fragment size
+            server_socket = WrappedTcpSocket(self.timeout, server_socket, self.frag_size + 5)
+        elif self.tcp_frag:
+            server_socket = WrappedTcpSocket(self.timeout, server_socket, self.frag_size)
+        else:
+            server_socket = WrappedTcpSocket(self.timeout, server_socket)
+        logging.info(
+            f"Connected {final_server_address.host}:{final_server_address.port} "
+            f"to {target_address[0]}:{target_address[1]}"
+        )
+
+        self.send_proxy_answer(http_version, server_socket)
+
+        if self.forward_proxy is not None:
+            self.connect_forward_proxy(server_socket, final_server_address, http_version)
+
+        # start proxying
+        Forwarder(
+            self.connection_socket,
+            self.address.__str__(),
+            server_socket,
+            f"{target_address[0]}:{target_address[1]}",
+            self.record_frag,
+            self.record_version,
+            self.frag_size,
+            self.http_strategy,
+            self.http_smuggling_uncensored_url,
+        ).start()
+
+    def get_proxy_mode(self) -> TcpProxyMode:
+        """
+        Determines the mode of the proxy based on the first client message
+        """
+        header = self.connection_socket.peek(3)
+
+        if header.startswith(TLS_1_0_HEADER) or header.startswith(TLS_1_1_HEADER) or header.startswith(TLS_1_2_HEADER):
+            self.debug("Determined SNI Proxy Request")
+            return TcpProxyMode.SNI
+
+        if header.startswith(SOCKSv4_HEADER):
+            self.debug("Determined SOCKSv4 Proxy Request")
+            return TcpProxyMode.SOCKSv4
+
+        if header.startswith(SOCKSv5_HEADER):
+            self.debug("Determined SOCKSv5 Proxy Request")
+            return TcpProxyMode.SOCKSv5
+
+        try:
+            ascii_decoded_header = header.decode("ASCII")
+        except UnicodeDecodeError:
+            raise ParserException(f"Could not determine message type of message {header}")
+        else:
+            if ascii_decoded_header.upper().startswith("CON"):
+                self.debug("Determined HTTPS Proxy Request")
+                return TcpProxyMode.HTTPS
+            else:
+                # assume we have http
+                self.debug("Determined HTTP Proxy Request")
+                return TcpProxyMode.HTTP
+
+    def get_destination_address(self) -> (NetworkAddress, str):
+        """
+        Reads a proxy destination address and returns the host and port of the destination.
+        :return: Host, port, and optional http version of the destination server
+        """
+        http_version = None
+        if self.proxy_mode == TcpProxyMode.HTTP:
+            host, port, http_version = Http.read_http_get(self.connection_socket)
+            self.debug(f"Read host {host} and port {port} from HTTP GET")
+        elif self.proxy_mode == TcpProxyMode.HTTPS:
+            host, port, http_version = Http.read_http_connect(self.connection_socket)
+            self.debug(f"Read host {host} and port {port} from HTTP CONNECT")
+        elif self.proxy_mode == TcpProxyMode.SNI:
+            host, port = Tls.read_sni(self.connection_socket, self.timeout), 443
+            self.debug(f"Read host {host} and port {port} from SNI")
+        elif self.proxy_mode == TcpProxyMode.SOCKSv4:
+            host, port = Socksv4.read_socks4(self.connection_socket)
+            self.debug(f"Read host {host} and port {port} from SOCKSv4")
+        elif self.proxy_mode == TcpProxyMode.SOCKSv5:
+            host, port = Socksv5.read_socks5(self.connection_socket)
+            self.debug(f"Read host {host} and port {port} from SOCKSv5")
+        elif self.proxy_mode == TcpProxyMode.DNS:
+            host, port = Dns.read_dns(self.connection_socket)
+            self.debug(f"Read host {host} and port {port} from DNS")
+        else:
+            raise ParserException("Unknown proxy type")
+        return NetworkAddress(host, port), http_version
+
+    def send_proxy_answer(self, http_version: str, server_socket: WrappedTcpSocket):
+        if self.proxy_mode == TcpProxyMode.HTTPS:
+            # answer with 200 OK
+            self.connection_socket.send(Http.http_200_ok(http_version))
+        elif self.proxy_mode == TcpProxyMode.SOCKSv4:
+            # answer with Socksv4 okay
+            self.connection_socket.send(Socksv4.socks4_ok())
+        elif self.proxy_mode == TcpProxyMode.SOCKSv5:
+            # answer with Socksv5 okay
+            self.connection_socket.send(Socksv5.socks5_ok(server_socket))
+
+    def connect_forward_proxy(
+        self, server_socket: WrappedTcpSocket, final_server_address: NetworkAddress, http_version: str
+    ):
+        try:
+            # send proxy messages if necessary
+            if self.forward_proxy_mode == TcpProxyMode.HTTPS:
+                server_socket.send(Http.connect_message(final_server_address, http_version))
+                self.debug("Sent HTTP CONNECT to forward proxy")
+                # receive HTTP 200 OK
+                answer = server_socket.recv(STANDARD_SOCKET_RECEIVE_SIZE)
+                if not answer.upper().startswith(Http.http_200_ok(http_version)):
+                    raise ParserException(f"Forward proxy rejected the connection with {answer}")
+
+            elif self.forward_proxy == TcpProxyMode.SOCKSv4:
+                server_socket.send(Socksv4.socks4_request(final_server_address))
+                self.debug("Sent SOCKSv4 to forward proxy")
+                # receive SOCKSv4 OK
+                answer = server_socket.recv(STANDARD_SOCKET_RECEIVE_SIZE)
+                if not answer.upper().startswith(Socksv4.socks4_ok()) and len(answer) != 8:
+                    raise ParserException(f"Forward proxy rejected the connection with {answer}")
+
+            elif self.forward_proxy == TcpProxyMode.SOCKSv5:
+                server_socket.send(Socksv5.socks5_auth_methods())
+                self.debug("Sent SOCKSv5 auth methods")
+                answer = server_socket.recv(2)
+                if answer == b"\x05\xff":
+                    raise ParserException("Forward proxy does not support no auth")
+                if answer != b"\x05\x00":
+                    raise ParserException(f"Forward proxy rejected the connection with {answer}")
+                server_socket.send(Socksv5.socks5_request(final_server_address))
+                self.debug("Sent SOCKSv5 to forward proxy")
+                # receive SOCKSv5 OK
+                answer = server_socket.recv(STANDARD_SOCKET_RECEIVE_SIZE)
+                if not answer.upper().startswith(Socksv5.socks5_ok(server_socket)):
+                    self.debug(f"Forward proxy rejected the connection with {answer}")
+        except Exception:
+            self.debug("Could not send proxy message")
+            self.connection_socket.try_close()
+            logging.info("Closed connections")
+            return
+
+    # LOGGER utility functions
+    def _logger_string(self, message: str) -> str:
+        return f"{self.address.host}:{self.address.port}: {message}"
+
+    def debug(self, message: str):
+        logging.debug(self._logger_string(message))
+
+    def warn(self, message: str):
+        logging.warning(self._logger_string(message))
+
+    def error(self, message: str):
+        logging.error(self._logger_string(message))
+
+    def info(self, message: str):
+        logging.info(self._logger_string(message))

network/tcp/WrappedTcpSocket.py

@@ -0,0 +1,30 @@
+import socket
+
+from network.WrappedSocket import WrappedSocket
+
+
+class WrappedTcpSocket(WrappedSocket):
+    """
+    Wraps a socket with useful utility functions.
+    """
+
+    def __init__(self, timeout: int, _socket: socket.socket, tcp_frag_size=0):
+        self.tcp_frag_size = tcp_frag_size
+        super().__init__(timeout, _socket)
+
+    def send(self, data: bytes, *args, **kwargs) -> int:
+        """
+        Wraps send() of the wrapped socket. Split into tcp fragments if given as value.
+        :return: Return value of the wrapped socket's send method
+        """
+        if self.tcp_frag_size <= 0:
+            return self.socket.send(data, *args, **kwargs)
+        else:
+            # split into fragments and send each separately
+            fragments = (data[i : i + self.tcp_frag_size] for i in range(0, len(data), self.tcp_frag_size))
+            total_sent = 0
+            for fragment in fragments:
+                total_sent += self.socket.send(fragment, *args, **kwargs)
+                self.socket.setsockopt(socket.IPPROTO_TCP, socket.TCP_NODELAY, 0)
+                self.socket.setsockopt(socket.IPPROTO_TCP, socket.TCP_NODELAY, 1)
+            return total_sent

test/Sink.py

@@ -0,0 +1,23 @@
+import socket
+
+
+class Sink:
+    def __init__(self, ip: str, port: int):
+        self.socket = None
+        self.ip = ip
+        self.port = port
+
+    def start(self):
+        server = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+        server.bind((self.ip, self.port))
+        server.settimeout(5)
+        server.listen()
+        self.socket = server
+
+    def close(self):
+        self.socket.close()
+
+    def receive_message(self):
+        conn, addr = self.socket.accept()
+        with conn:
+            return conn.recv(65535)

test/test_dns.py

@@ -0,0 +1,98 @@
+from modules.dns.DnsModeDeterminator import DnsModeDeterminator
+
+IP_RANGES = [
+    "8.8.4.0/24",
+    "8.8.8.0/24",
+    "8.34.208.0/20",
+    "8.35.192.0/20",
+    "23.236.48.0/20",
+    "23.251.128.0/19",
+    "34.0.0.0/15",
+    "34.2.0.0/16",
+    "34.3.0.0/23",
+    "34.3.3.0/24",
+    "34.3.4.0/24",
+    "34.3.8.0/21",
+    "34.3.16.0/20",
+    "34.3.32.0/19",
+    "34.3.64.0/18",
+    "34.4.0.0/14",
+    "34.8.0.0/13",
+    "34.16.0.0/12",
+    "34.32.0.0/11",
+    "34.64.0.0/10",
+    "34.128.0.0/10",
+    "35.184.0.0/13",
+    "35.192.0.0/14",
+    "35.196.0.0/15",
+    "35.198.0.0/16",
+    "35.199.0.0/17",
+    "35.199.128.0/18",
+    "35.200.0.0/13",
+    "35.208.0.0/12",
+    "35.224.0.0/12",
+    "35.240.0.0/13",
+    "57.140.192.0/18",
+    "64.15.112.0/20",
+    "64.233.160.0/19",
+    "66.22.228.0/23",
+    "66.102.0.0/20",
+    "66.249.64.0/19",
+    "70.32.128.0/19",
+    "72.14.192.0/18",
+    "74.114.24.0/21",
+    "74.125.0.0/16",
+    "104.154.0.0/15",
+    "104.196.0.0/14",
+    "104.237.160.0/19",
+    "107.167.160.0/19",
+    "107.178.192.0/18",
+    "108.59.80.0/20",
+    "108.170.192.0/18",
+    "108.177.0.0/17",
+    "130.211.0.0/16",
+    "136.22.160.0/20",
+    "136.22.176.0/21",
+    "136.22.184.0/23",
+    "136.22.186.0/24",
+    "136.124.0.0/15",
+    "142.250.0.0/15",
+    "146.148.0.0/17",
+    "152.65.208.0/22",
+    "152.65.214.0/23",
+    "152.65.218.0/23",
+    "152.65.222.0/23",
+    "152.65.224.0/19",
+    "162.120.128.0/17",
+    "162.216.148.0/22",
+    "162.222.176.0/21",
+    "172.110.32.0/21",
+    "172.217.0.0/16",
+    "172.253.0.0/16",
+    "173.194.0.0/16",
+    "173.255.112.0/20",
+    "192.104.160.0/23",
+    "192.158.28.0/22",
+    "192.178.0.0/15",
+    "193.186.4.0/24",
+    "199.36.154.0/23",
+    "199.36.156.0/24",
+    "199.192.112.0/22",
+    "199.223.232.0/21",
+    "207.223.160.0/20",
+    "208.65.152.0/22",
+    "208.68.108.0/22",
+    "208.81.188.0/22",
+    "208.117.224.0/19",
+    "209.85.128.0/17",
+    "216.58.192.0/19",
+    "216.73.80.0/20",
+    "216.239.32.0/19",
+    "216.252.220.0/22",
+]
+DOMAIN = "www.google.dj"
+
+
+def test_auto_mode_works():
+    resolver = DnsModeDeterminator(5, DOMAIN, IP_RANGES, False).generate_working_resolver().__next__()
+    assert resolver is not None

test/test_http.py

@@ -0,0 +1,57 @@
+import socket
+import threading
+import time
+
+import pytest
+
+from modules.tls.TcpProxy import TcpProxy
+from network.NetworkAddress import NetworkAddress
+from test.Sink import Sink
+
+NETWORK_ADDRESS = NetworkAddress("127.0.0.1", 8090)
+CONNECT_DATA = "CONNECT 127.0.0.1:8091 HTTP/1.1\r\n\r\n"
+HTTP_REQUEST = "GET / HTTP/1.1\r\nHost: example.com\r\n\r\n"
+
+
+@pytest.fixture(scope="module")
+def setup_sink():
+    sink = Sink("127.0.0.1", 8091)
+    sink.start()
+    yield sink
+    sink.close()
+
+
+def test_basic_manipulation(setup_sink):
+    data = run_server(TcpProxy(address=NETWORK_ADDRESS, http_strategy=2), setup_sink)
+    assert data.decode() == "GET / OPTIONS\r\nHost: example.com\r\n\r\n"
+
+
+def test_smuggling_manipulation(setup_sink):
+    data = run_server(
+        TcpProxy(address=NETWORK_ADDRESS, http_strategy=101, http_smuggling_uncensored_url="https://www.gov.cn/"),
+        setup_sink,
+    )
+    assert (
+        data.decode()
+        == "GET / HTTP/1.1\r\nHost: www.gov.cn\r\nContent-Length:: 42\r\nTransfer-Encoding: chunked\r\n\r\n0\r\n\r\n"
+        "GET / HTTP/1.1\r\nHost: example.com\r\n\r\n"
+    )
+
+
+def run_server(proxy: TcpProxy, sink: Sink) -> bytes:
+    """
+    Runs the test and return the bytes sent from the proxy to the sink server.
+    """
+    thread = threading.Thread(target=proxy.start)
+    thread.start()
+    time.sleep(1)
+
+    with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:
+        s.connect(("127.0.0.1", 8090))
+        s.sendall(CONNECT_DATA.encode())
+        time.sleep(1)
+        s.sendall(HTTP_REQUEST.encode())
+    ret = sink.receive_message()
+    proxy.server.close()
+    thread.join()
+    return ret

test/test_tls.py

@@ -0,0 +1,63 @@
+import socket
+import threading
+import time
+
+import pytest
+
+from enumerators.TlsVersion import TlsVersion
+from modules.tls.TcpProxy import TcpProxy
+from network.NetworkAddress import NetworkAddress
+from test.Sink import Sink
+
+NETWORK_ADDRESS = NetworkAddress("127.0.0.1", 8080)
+CONNECT_DATA = "CONNECT 127.0.0.1:8081 HTTP/1.1\r\n\r\n"
+TLS_DATA = "16030106210100061d0303b3d78ad49b3066c9b41f466f2b4226bc872ce9b9a3cfc2bb3f58532f9dc2034320bd27d7e698e64187429fb27c25d956020efb22139d2a580f20d84bb19c9648a500461302130313011304c02cc030cca9cca8c0adc02bc02fc0acc023c027c00ac014c009c013009dc09d009cc09c003d003c0035002f009fccaac09f009ec09e006b0067003900330100058eff010001000000000f000d00000a676f6f676c652e636f6d000b000403000102000a001c001a11ec11eb11ed001d0017001e00190018010001010102010301040010000e000c02683208687474702f312e31001600000017000000310000000d00280026090409050906040305030603080708080809080a080b08040805080604010501060103030301002b00050403040303002d00020101003304ea04e811ec04c09f52732ca78d99c9a447fc7ae8e47113f6b886d23b0fe61a0b77680ff30dda340ce80733b159a30a731726ca18a793677c30acf865b60dc669e260366de44be3c14fed8a176980ba5f0b00dda0634f8b8ea387a2b8b514a5b613c8e81289993c750a97a07996b858aef8540178156ba8822a7aa273e81366cce35cfd6313543b4565bba053566494379749e91fa981339a96a043f72402e0403f497aa3d66a382c318677acda56874d72020982227d9822f0e70fe6450798f407aca14ea168331a6199ed49aca49602bfaa785c2787270248beb176dbe046f6f86ca0c9ad42b31e32fc8f091c9217808f160991ae158f7a3a9c02b7938e902ab4c1ab355cb9b803873815a9e86b43c944a3d6b593b83346aff7504622bd617a648da5500c3a85a6076d0bd4272d3767ee5cb3749c08d75a6542f45834ec80bee40277671225e02900fdb6571459d8d7498d8b0e852738a07a3508146066793f87f707115112f74a1c33610f070842f2bbbe3fd3b3c7f089d4249f48883d20c29faa6c852ab3801082614309720df314827c534e66b091302d63319c6f3b91d999627d3c8e56247148103f4f2b19dab1422b192bc594217f634cc5497edf80ab05674cba251f4d0b73565320ad111765727f2223891925a94731afb8bb6c6ad4931df3732a93abb227328557c01d6996858995df8194a6f67a34515446c54439d945c4fb11133601b6d7ae84d70ae83684d7568a0ddb5e0b884b26e9c9fda8c15e9284182a5291c61c1fc0a2afe2accf8429fdc2b077c771ab6b330e915103646b5b152bc97a37350c1367e7827618a4f8569fad8712666babc50543296550b0a54ea6aac713a5c2b310690ab9c212a777d0317bd7c9b05049bd335266d9b2c3d66b2523671d6805aef31c851987b9131bb8bd5ac563a16c0ba6a359d79e19378e5da1bb8d9c7d17001417d69dc8f2667a193af92569ae645b66639076d526b3345c237b2dad74221309617482658de51b3af47ed71c9f92fb4ab5ab001d243c940b186455cefad54b57e8369f0661842a857c97433690351b041605130dd459486e5a2e48aa45e5dc032ad78e839645247342d869a834125ff20329dc079fbfe3bb5b617ddda30faad7a90106098c35c613355ad54cc1ad7a9214091752412380b3c0d9104b0efb72ee48cddd62bb20ba42db808fdab20e525141e73b3ff8a412858349f4da415dc847de0caf08e2800afb328e16adb3e99d911702500c4547f128a61c63173167362bce3ec8b22b82514d3632ad4a40feb95f54882a72907676298f5f482de54a90ff00968d2a41d86c9e353307ec73ae647902ca1837e82644687a1ebab9199e6c3a4282276f4106da4a01daac4726c7225de93414dc8d18e5661dac1dac8856922b678056ceebe7bf9fccb6c295136a43973d00b560a52b0570527249ca4bf6b70ec0306823b3695b213e4b0b3dc9a196f1c8e3e86f53c30d16858ce80180a33c5dfff25b9130636221bd5a682cdfd195eecc36cf236b51f0892ba62edb4b720b51ca3218abe0733cf72317eaa3839d02034b218ffda39b06e4be4a54aafb698060a78e0222933458397d3221d183245b7c3c908351a4a0b4420b73d1bb282d3004fe9aeb55669dc7a2efbd6ff0402598065ac66b24cede6d3dd2111f8e2a976b7a4bd38d9be2e826a1cb8cab7d95fe5fc6d77fbefa1ccf8d000be4d8d13c001d00207d2d6fb8382a8a063ee5aadd099095e13d15edcad631402dfcff0d41da401315001b0003020001"  # noqa: E501
+
+
+@pytest.fixture(scope="module")
+def setup_sink():
+    sink = Sink("127.0.0.1", 8081)
+    sink.start()
+    yield sink
+    sink.close()
+
+
+def test_record_frag(setup_sink):
+    data = run_server(TcpProxy(address=NETWORK_ADDRESS, record_frag=True, frag_size=1), setup_sink)
+    assert data.hex().startswith("160301000101160301000100")
+
+
+def test_record_version(setup_sink):
+    data = run_server(TcpProxy(address=NETWORK_ADDRESS, record_version=TlsVersion.TLS13.value), setup_sink)
+    assert data.hex().startswith("1603040621")
+
+
+def run_server(proxy: TcpProxy, sink: Sink) -> bytes:
+    """
+    Runs the test and return the bytes sent from the proxy to the sink server.
+    """
+    thread = threading.Thread(target=proxy.start)
+    thread.start()
+    time.sleep(1)
+
+    with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:
+        s.connect(("127.0.0.1", 8080))
+        s.sendall(CONNECT_DATA.encode())
+        time.sleep(1)
+        s.sendall(bytes.fromhex(TLS_DATA))
+    ret = sink.receive_message()
+    proxy.server.close()
+    thread.join()
+    return ret
+
+
+## TODO: cant really test this from python without running tcpdump or sth.
+# def test_tcp_frag():
+#     data = run_server(
+#         TcpProxy(
+#             address=NETWORK_ADDRESS,
+#             tcp_frag=True,
+#             frag_size=20
+#         ),
+#         SINK
+#    )

util/DnsAutoModeRuntimeMeasurement.py

@@ -0,0 +1,62 @@
+import logging
+import os
+import statistics
+
+# hack to add parent to pythonpath
+import sys
+
+sys.path.append(os.path.join(os.path.dirname(__file__), ".."))
+
+from enumerators.DnsProxyMode import DnsProxyMode
+from modules.dns.DnsProxy import DnsProxy
+from network.NetworkAddress import NetworkAddress
+
+WIKIMEDIA_RANGES = [
+    "185.15.56.0/22",
+    "91.198.174.0/24",
+    "195.200.68.0/24",
+    "193.46.90.0/24",
+    "198.35.26.0/23",
+    "208.80.152.0/22",
+    "103.102.166.0/24",
+]
+
+IRAN_BLOCK_PAGES = ["10.10.34.34", "10.10.34.35", "10.10.34.36"]
+
+test_amount = 100
+startup_times = []
+for i in range(test_amount):
+    server_address = NetworkAddress("localhost", 4433)
+    resolver_address = NetworkAddress(None, 4433)
+
+    logging.basicConfig(stream=sys.stderr, level=logging.DEBUG)
+
+    proxy = DnsProxy(
+        proxy_mode=DnsProxyMode.AUTO,
+        address=server_address,
+        timeout=3,
+        dns_resolver_address=resolver_address,
+        censored_domain="twitter.com",
+        compare_ip_ranges=IRAN_BLOCK_PAGES,
+        block_page_ips=True,
+        add_sni=True,
+    )
+
+    startup_time = proxy.start(time_measurement_only=True)
+    startup_times.append(startup_time)
+
+# Basic statistics
+average = statistics.mean(startup_times)
+median = statistics.median(startup_times)
+minimum = min(startup_times)
+maximum = max(startup_times)
+stdev = statistics.stdev(startup_times)  # Sample standard deviation
+
+# Print summary
+print("========= Timing Statistics =========")
+print(f"Count:   {len(startup_times)}")
+print(f"Average: {average:.2f} seconds")
+print(f"Median:  {median:.2f} seconds")
+print(f"Min:     {minimum:.2f} seconds")
+print(f"Max:     {maximum:.2f} seconds")
+print(f"Stdev:   {stdev:.2f} seconds")