Comments (5)
Hi, you might want to edit the address list out of your comment. You can get such an address list from here anyway: http://urlblacklist.com/
As for the DNS response, just set the (struct dnsa) addr field to 127.0.0.1, in handle_dns() . This should work.
Also I think I had misunderstood what you meant by 'redirect' in your previous issue.
from torwall.
I had given this a go:
rdnsa->addr = htonl(0x7F000001); // Fake address
(also attempted to reverse the address to account for endian-ness)
(hex of 127.0.0.1)
doesn't seem to pick it up. (although funnily I don't get a 40. address, it's like 0.40.0.1, etc, items on blacklist get unique ip's following that trend, however items not on blacklist get passed through correctly)
This is my current (albeit hacked up) handle_dns:
static int handle_dns(HANDLE handle, PWINDIVERT_ADDRESS addr,
PWINDIVERT_IPHDR iphdr, PWINDIVERT_UDPHDR udphdr, char *data,
size_t data_len)
{
// We only handle standard DNS queries.
if (data_len <= sizeof(struct dnshdr))
return -1;
if (data_len > 512) // Max DNS packet size.
return -1;
struct dnshdr *dnshdr = (struct dnshdr *)data;
data += sizeof(struct dnshdr);
data_len -= sizeof(struct dnshdr);
// Check request:
if (ntohs(dnshdr->options) != 0x0100) // Standard query
return -1;
if (ntohs(dnshdr->qdcount) != 1) // Only 1 req-per-packet supported
return -1;
if (ntohs(dnshdr->ancount) != 0)
return -1;
if (ntohs(dnshdr->nscount) != 0)
return -1;
if (ntohs(dnshdr->arcount) != 0)
return -1;
char name[DNS_MAX_NAME + 8]; // 8 bytes extra.
size_t i = 0;
while (i < data_len && data[i] != 0)
{
size_t len = data[i];
if (i + len >= DNS_MAX_NAME)
return -1;
name[i++] = '.';
for (size_t j = 0; j < len; j++, i++)
name[i] = data[i];
}
if (i >= data_len)
return -1;
name[i++] = '\0';
if (data_len - i != sizeof(struct dnsq))
return -1;
// Generate a fake IP address and associate it with this domain name:
uint32_t fake_addr = domain_lookup_addr(name);
if (fake_addr == 0)
{
// This domain is blocked; so ignore the request.
// Construct a query response:
size_t len = sizeof(struct dnshdr) + data_len + sizeof(struct dnsa);
if (len > 512) // Max DNS packet size.
return -1;
len += sizeof(WINDIVERT_IPHDR) + sizeof(WINDIVERT_UDPHDR) + len;
char buf[len + 8]; // 8 bytes extra.
PWINDIVERT_IPHDR riphdr = (PWINDIVERT_IPHDR)buf;
PWINDIVERT_UDPHDR rudphdr = (PWINDIVERT_UDPHDR)(riphdr + 1);
struct dnshdr *rdnshdr = (struct dnshdr *)(rudphdr + 1);
char *rdata = (char *)(rdnshdr + 1);
memset(riphdr, 0, sizeof(WINDIVERT_IPHDR));
riphdr->Version = 4;
riphdr->HdrLength = sizeof(WINDIVERT_IPHDR) / sizeof(uint32_t);
riphdr->Length = htons(len);
riphdr->Id = htons(0xF00D);
WINDIVERT_IPHDR_SET_DF(riphdr, 1);
riphdr->TTL = 64;
riphdr->Protocol = IPPROTO_UDP;
riphdr->SrcAddr = iphdr->DstAddr;
riphdr->DstAddr = iphdr->SrcAddr;
memset(rudphdr, 0, sizeof(WINDIVERT_UDPHDR));
rudphdr->SrcPort = htons(53); // DNS
rudphdr->DstPort = udphdr->SrcPort;
rudphdr->Length = htons(len - sizeof(WINDIVERT_IPHDR));
rdnshdr->id = dnshdr->id;
rdnshdr->options = htons(0x8180); // Standard DNS response.
rdnshdr->qdcount = htons(1);
rdnshdr->ancount = htons(1);
rdnshdr->nscount = 0;
rdnshdr->arcount = 0;
memcpy(rdata, data, data_len);
struct dnsa *rdnsa = (struct dnsa *)(rdata + data_len);
rdnsa->name = htons(0xC00C);
rdnsa->type = htons(0x0001); // (A)
rdnsa->class = htons(0x0001); // (IN)
rdnsa->ttl = htonl(1) ; // 1 second
rdnsa->length = htons(4);
rdnsa->addr = htonl(0x7F000001); // Fake address
send_packet(handle, &buf, len, addr);
return 1;
debug("Intercept DNS %s\n", (name[0] == '.'? name+1: name));
}
// Re-inject the matching packet.
/*
/
*/
return 0;
}
where I think it's going wrong: the domain_lookup_addr:
// Lookup an address given a domain name. If the name does not exist then
// create one.
extern uint32_t domain_lookup_addr(const char *name0)
{
if (name0[0] == '.')
name0++;
if (domain_blacklist_lookup(blacklist, name0))
{
debug("Block %s\n", name0);
return 0; // Blocked!
}
uint64_t idx0 = (uint64_t)InterlockedIncrement64(&counter);
uint16_t idx = domain_encrypt((uint16_t)idx0);
uint8_t msb = sbox1[(idx0 >> 16) & 0xFF];
uint32_t addr = ADDR_BASE;
if (names[idx] != NULL)
{
// Name table is full!
debug("Block %s (name entry is full)\n", name0);
return 0;
}
size_t len = strlen(name0);
size_t size = sizeof(struct name) + (len + 1) * sizeof(char);
struct name *name = (struct name *)malloc(size);
if (name == NULL)
{
warning("failed to allocate %u bytes for domain name", size);
exit(EXIT_FAILURE);
}
name->ref_count = 1;
name->msb = msb;
memcpy(name->name, name0, len+1);
names[idx] = name;
return addr;
}
although it suggest that it should return before it assigns an address. (hacked up at the moment, sorry for mess, just making it work)
from torwall.
ps: couple addresses to consider for your hosts.deny:
msftncsi.com (microsoft uses this to check network connectivity) -- although to avoid getting "no internet access" errors you might want to craft valid responses: http://blog.superuser.com/2011/05/16/windows-7-network-awareness/
also,
wns.windows.com - windows 8 push notification service, constantly calls home to check for updates. (wireshark it, it might even be a persistent tcp connection)
from torwall.
with further reflection, perhaps a DNS server may be a better route.
I was hoping to filter/redirect silently without tcp/ip manipulation.
from torwall.
I can't really comment on the code. The idea should work so just a matter of debugging. You also should not need domain_lookup_addr() stuff as this is Tallow-specific. Your program should be much simpler.
Thanks for the suggestions regarding extra windows domains. This is definitely a big program with Windows in that it is basically continuously phoning home. Although Tallow is careful not to claim that it provides strong anonymity, it is nevertheless a good idea to block all such domains (also to save on Tor traffic).
from torwall.
Related Issues (20)
- Unable to use self build from Visual Studio 2017 HOT 2
- Using TorWall with SOCKS5 proxy client HOT 1
- unable to run using cmd HOT 2
- Bootstrap fails at 45% HOT 1
- where can i get tor ( not tor browser ) for windows HOT 1
- [Feature request] ProxyWall HOT 3
- [BUG] Failed ot Open WinDivert Filter HOT 3
- Update to latest tor-win32-0.4.2.7 HOT 5
- Will UDP redirection be supported in future? HOT 1
- Allow just setting up proxy at custom port or proxify custom apps HOT 2
- Allow custom UDP ports/ranges to bypass Tor? HOT 3
- Why addr->Outbound value always set to 1 in the send_packet() function ? HOT 1
- βTallow does not intercept TCP ports 9001 and 9030β Do I need to manually configure it in traffic* file? If not, why not? thank you. HOT 1
- Allow RDP connections without Tor HOT 1
- Change Identity and bridge
- please update to latest tor
- Tor is blocked in Russia
- .onion site support HOT 1
- Tallow Disconnects me from internet HOT 1
- Trying to make Tallow work with bridges HOT 7
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. πππ
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google β€οΈ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from torwall.