-
Notifications
You must be signed in to change notification settings - Fork 4
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Ed Barnard
committed
Nov 13, 2012
1 parent
2687132
commit 0a72743
Showing
2 changed files
with
98 additions
and
3 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,4 +1,13 @@ | ||
udp_obfs | ||
======== | ||
#udp_obfs | ||
|
||
UDP Traffic Obfuscator | ||
A simple program to obfuscate and tunnel UDP traffic across a DPI firewall which blocks your application’s traffic, e.g. OpenVPN. The obfuscation method used is symmetric key XOR “encryption”. Based on udp_redirect (http://www.brokestream.com/udp_redirect.html). | ||
|
||
##How To Use | ||
|
||
This program must be run on a device both inside and outside the firewall. One (probably the external device) needs to be accessible over the public internet. | ||
|
||
Usage: ./udp_obfs our-ip our-port send-to-ip send-to-port | ||
|
||
Example: ./udp_obfs 0.0.0.0 1234 194.243.12.4 4321 | ||
|
||
Note: This program should not be used for securely encrypting traffic. I doubt it would be very hard to find the key from looking at a known application’s traffic stream. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,86 @@ | ||
// gcc -o udp_obfs udp_obfs.c | ||
|
||
/* http://www.brokestream.com/udp_redirect.html | ||
Build: gcc -o udp_redirect udp_redirect.c | ||
udp_redirect.c | ||
Version 2008-11-09 | ||
Copyright (C) 2007 Ivan Tikhonov | ||
This software is provided 'as-is', without any express or implied | ||
warranty. In no event will the authors be held liable for any damages | ||
arising from the use of this software. | ||
Permission is granted to anyone to use this software for any purpose, | ||
including commercial applications, and to alter it and redistribute it | ||
freely, subject to the following restrictions: | ||
1. The origin of this software must not be misrepresented; you must not | ||
claim that you wrote the original software. If you use this software | ||
in a product, an acknowledgment in the product documentation would be | ||
appreciated but is not required. | ||
2. Altered source versions must be plainly marked as such, and must not be | ||
misrepresented as being the original software. | ||
3. This notice may not be removed or altered from any source distribution. | ||
Ivan Tikhonov, kefeer@brokestream.com | ||
*/ | ||
|
||
#include <stdio.h> | ||
#include <stdlib.h> | ||
#include <sys/socket.h> | ||
#include <netinet/in.h> | ||
|
||
int main(int argc, char *argv[]) { | ||
if (argc!=3 && argc!=5) { | ||
printf("Usage: %s our-ip our-port send-to-ip send-to-port\n",argv[0]); | ||
printf("Usage: %s our-ip our-port # echo mode\n",argv[0]); | ||
exit(1); | ||
} | ||
|
||
int key_length = 64; | ||
//char key[key_length]; | ||
char* key = "1234567890123456789012345678901234567890123456789012345678901234"; | ||
|
||
int os=socket(PF_INET,SOCK_DGRAM,IPPROTO_IP); | ||
|
||
struct sockaddr_in a; | ||
a.sin_family=AF_INET; | ||
a.sin_addr.s_addr=inet_addr(argv[1]); a.sin_port=htons(atoi(argv[2])); | ||
if(bind(os,(struct sockaddr *)&a,sizeof(a)) == -1) { | ||
printf("Can't bind our address (%s:%s)\n", argv[1], argv[2]); | ||
exit(1); } | ||
|
||
if(argc==5) { a.sin_addr.s_addr=inet_addr(argv[3]); a.sin_port=htons(atoi(argv[4])); } | ||
|
||
struct sockaddr_in sa; | ||
struct sockaddr_in da; da.sin_addr.s_addr=0; | ||
while(1) { | ||
char buf[65536]; // Better than 65535 for 64bit xor key | ||
int sn=sizeof(sa); | ||
int n=recvfrom(os,buf,sizeof(buf),0,(struct sockaddr *)&sa,&sn); | ||
if(n<=0) continue; | ||
|
||
int i; | ||
for(i = 0; i < n; i++) | ||
{ | ||
// Encrypt/decrypt in place | ||
buf[i] = buf[i] ^ key[i%key_length]; | ||
} | ||
|
||
if(argc==3) { | ||
// Echo mode | ||
sendto(os,buf,n,0,(struct sockaddr *)&sa,sn); | ||
} else if(sa.sin_addr.s_addr==a.sin_addr.s_addr && sa.sin_port==a.sin_port) { | ||
// Send to destination | ||
if(da.sin_addr.s_addr) sendto(os,buf,n,0,(struct sockaddr *)&da,sizeof(da)); | ||
} else { | ||
// Send to source | ||
sendto(os,buf,n,0,(struct sockaddr *)&a,sizeof(a)); | ||
da=sa; | ||
} | ||
} | ||
} |