Comments (5)
basil00
commented on June 10, 2024
Hi, you might want to edit the address list out of your comment. You can get such an address list from here anyway: http://urlblacklist.com/
As for the DNS response, just set the (struct dnsa) addr field to 127.0.0.1, in handle_dns() . This should work.
Also I think I had misunderstood what you meant by 'redirect' in your previous issue.
from torwall.
jtokarchuk
commented on June 10, 2024
I had given this a go:
rdnsa->addr = htonl(0x7F000001); // Fake address
(also attempted to reverse the address to account for endian-ness)
(hex of 127.0.0.1)
doesn't seem to pick it up. (although funnily I don't get a 40. address, it's like 0.40.0.1, etc, items on blacklist get unique ip's following that trend, however items not on blacklist get passed through correctly)
This is my current (albeit hacked up) handle_dns:
static int handle_dns(HANDLE handle, PWINDIVERT_ADDRESS addr,
PWINDIVERT_IPHDR iphdr, PWINDIVERT_UDPHDR udphdr, char *data,
size_t data_len)
{
// We only handle standard DNS queries.
if (data_len <= sizeof(struct dnshdr))
return -1;
if (data_len > 512) // Max DNS packet size.
return -1;
struct dnshdr *dnshdr = (struct dnshdr *)data;
data += sizeof(struct dnshdr);
data_len -= sizeof(struct dnshdr);
// Check request:
if (ntohs(dnshdr->options) != 0x0100) // Standard query
return -1;
if (ntohs(dnshdr->qdcount) != 1) // Only 1 req-per-packet supported
return -1;
if (ntohs(dnshdr->ancount) != 0)
return -1;
if (ntohs(dnshdr->nscount) != 0)
return -1;
if (ntohs(dnshdr->arcount) != 0)
return -1;
char name[DNS_MAX_NAME + 8]; // 8 bytes extra.
size_t i = 0;
while (i < data_len && data[i] != 0)
{
size_t len = data[i];
if (i + len >= DNS_MAX_NAME)
return -1;
name[i++] = '.';
for (size_t j = 0; j < len; j++, i++)
name[i] = data[i];
}
if (i >= data_len)
return -1;
name[i++] = '\0';
if (data_len - i != sizeof(struct dnsq))
return -1;
// Generate a fake IP address and associate it with this domain name:
uint32_t fake_addr = domain_lookup_addr(name);
if (fake_addr == 0)
{
// This domain is blocked; so ignore the request.
// Construct a query response:
size_t len = sizeof(struct dnshdr) + data_len + sizeof(struct dnsa);
if (len > 512) // Max DNS packet size.
return -1;
len += sizeof(WINDIVERT_IPHDR) + sizeof(WINDIVERT_UDPHDR) + len;
char buf[len + 8]; // 8 bytes extra.
PWINDIVERT_IPHDR riphdr = (PWINDIVERT_IPHDR)buf;
PWINDIVERT_UDPHDR rudphdr = (PWINDIVERT_UDPHDR)(riphdr + 1);
struct dnshdr *rdnshdr = (struct dnshdr *)(rudphdr + 1);
char *rdata = (char *)(rdnshdr + 1);
memset(riphdr, 0, sizeof(WINDIVERT_IPHDR));
riphdr->Version = 4;
riphdr->HdrLength = sizeof(WINDIVERT_IPHDR) / sizeof(uint32_t);
riphdr->Length = htons(len);
riphdr->Id = htons(0xF00D);
WINDIVERT_IPHDR_SET_DF(riphdr, 1);
riphdr->TTL = 64;
riphdr->Protocol = IPPROTO_UDP;
riphdr->SrcAddr = iphdr->DstAddr;
riphdr->DstAddr = iphdr->SrcAddr;
memset(rudphdr, 0, sizeof(WINDIVERT_UDPHDR));
rudphdr->SrcPort = htons(53); // DNS
rudphdr->DstPort = udphdr->SrcPort;
rudphdr->Length = htons(len - sizeof(WINDIVERT_IPHDR));
rdnshdr->id = dnshdr->id;
rdnshdr->options = htons(0x8180); // Standard DNS response.
rdnshdr->qdcount = htons(1);
rdnshdr->ancount = htons(1);
rdnshdr->nscount = 0;
rdnshdr->arcount = 0;
memcpy(rdata, data, data_len);
struct dnsa *rdnsa = (struct dnsa *)(rdata + data_len);
rdnsa->name = htons(0xC00C);
rdnsa->type = htons(0x0001); // (A)
rdnsa->class = htons(0x0001); // (IN)
rdnsa->ttl = htonl(1) ; // 1 second
rdnsa->length = htons(4);
rdnsa->addr = htonl(0x7F000001); // Fake address
send_packet(handle, &buf, len, addr);
return 1;
debug("Intercept DNS %s\n", (name[0] == '.'? name+1: name));
}
// Re-inject the matching packet.
/*
/
*/
return 0;
}
where I think it's going wrong: the domain_lookup_addr:
// Lookup an address given a domain name. If the name does not exist then
// create one.
extern uint32_t domain_lookup_addr(const char *name0)
{
if (name0[0] == '.')
name0++;
if (domain_blacklist_lookup(blacklist, name0))
{
debug("Block %s\n", name0);
return 0; // Blocked!
}
uint64_t idx0 = (uint64_t)InterlockedIncrement64(&counter);
uint16_t idx = domain_encrypt((uint16_t)idx0);
uint8_t msb = sbox1[(idx0 >> 16) & 0xFF];
uint32_t addr = ADDR_BASE;
if (names[idx] != NULL)
{
// Name table is full!
debug("Block %s (name entry is full)\n", name0);
return 0;
}
size_t len = strlen(name0);
size_t size = sizeof(struct name) + (len + 1) * sizeof(char);
struct name *name = (struct name *)malloc(size);
if (name == NULL)
{
warning("failed to allocate %u bytes for domain name", size);
exit(EXIT_FAILURE);
}
name->ref_count = 1;
name->msb = msb;
memcpy(name->name, name0, len+1);
names[idx] = name;
return addr;
}
although it suggest that it should return before it assigns an address. (hacked up at the moment, sorry for mess, just making it work)
from torwall.
jtokarchuk
commented on June 10, 2024
ps: couple addresses to consider for your hosts.deny:
msftncsi.com (microsoft uses this to check network connectivity) -- although to avoid getting "no internet access" errors you might want to craft valid responses: http://blog.superuser.com/2011/05/16/windows-7-network-awareness/
also,
wns.windows.com - windows 8 push notification service, constantly calls home to check for updates. (wireshark it, it might even be a persistent tcp connection)
from torwall.
jtokarchuk
commented on June 10, 2024
with further reflection, perhaps a DNS server may be a better route.
I was hoping to filter/redirect silently without tcp/ip manipulation.
from torwall.
basil00
commented on June 10, 2024
I can't really comment on the code. The idea should work so just a matter of debugging. You also should not need domain_lookup_addr() stuff as this is Tallow-specific. Your program should be much simpler.
Thanks for the suggestions regarding extra windows domains. This is definitely a big program with Windows in that it is basically continuously phoning home. Although Tallow is careful not to claim that it provides strong anonymity, it is nevertheless a good idea to block all such domains (also to save on Tor traffic).
from torwall.
Related Issues (20)
- Unable to use self build from Visual Studio 2017 HOT 2
- Using TorWall with SOCKS5 proxy client HOT 1
- unable to run using cmd HOT 2
- Bootstrap fails at 45% HOT 1
- where can i get tor ( not tor browser ) for windows HOT 1
- [Feature request] ProxyWall HOT 3
- [BUG] Failed ot Open WinDivert Filter HOT 3
- Update to latest tor-win32-0.4.2.7 HOT 5
- Will UDP redirection be supported in future? HOT 1
- Allow just setting up proxy at custom port or proxify custom apps HOT 2
- Allow custom UDP ports/ranges to bypass Tor? HOT 3
- Why addr->Outbound value always set to 1 in the send_packet() function ? HOT 1
- βTallow does not intercept TCP ports 9001 and 9030β Do I need to manually configure it in traffic* file? If not, why not? thank you. HOT 1
- Allow RDP connections without Tor HOT 1
- Change Identity and bridge
- please update to latest tor
- Tor is blocked in Russia
- .onion site support HOT 1
- Tallow Disconnects me from internet HOT 1
- Trying to make Tallow work with bridges HOT 7
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. πππ
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google β€οΈ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from torwall.