change SNI obfuscation

http.go

@@ -135,12 +135,9 @@ func (h *httpHandler) Handle(conn net.Conn) {
 	}
 
 	// try to get the actual host.
-	if req.Host != "" {
+	if v := req.Header.Get("Gost-Target"); v != "" {
-		if index := strings.IndexByte(req.Host, '.'); index > 0 {
+		if host, err := decodeServerName(v); err == nil {
-			// try to decode the prefix
+			req.Host = host
-			if name, err := decodeServerName(req.Host[:index]); err == nil {
-				req.Host = name
-			}
 		}
 	}
 

sni.go

@@ -146,7 +146,6 @@ func (c *sniClientConn) obfuscate(p []byte) ([]byte, error) {
 		return b, nil
 	}
 
-	// TODO: HTTP obfuscate
 	buf := &bytes.Buffer{}
 	br := bufio.NewReader(bytes.NewReader(p))
 	for {
@@ -171,12 +170,12 @@ func (c *sniClientConn) obfuscate(p []byte) ([]byte, error) {
 
 		if strings.HasPrefix(s, "Host") {
 			s = strings.TrimSpace(strings.TrimSuffix(strings.TrimPrefix(s, "Host:"), "\r\n"))
-			name := encodeServerName(s) + "." + c.host
+			host := encodeServerName(s)
 			if Debug {
-				log.Logf("[sni] obfuscate: %s -> %s", s, name)
+				log.Logf("[sni] obfuscate: %s -> %s", s, c.host)
 			}
-			buf.WriteString("Host: " + name + "\r\n")
+			buf.WriteString("Host: " + c.host + "\r\n")
-
+			buf.WriteString("Gost-Target: " + host + "\r\n")
 			// drain the remain bytes.
 			io.Copy(buf, br)
 			break
@@ -196,21 +195,31 @@ func readClientHelloRecord(r io.Reader, host string, isClient bool) ([]byte, str
 	if err := clientHello.Decode(record.Opaque); err != nil {
 		return nil, "", err
 	}
+
+	if !isClient {
+		var extensions []dissector.Extension
+
+		for _, ext := range clientHello.Extensions {
+			if ext.Type() == 0xFFFE {
+				if host, err = decodeServerName(string(ext.Bytes()[4:])); err == nil {
+					continue
+				}
+			}
+			extensions = append(extensions, ext)
+		}
+		clientHello.Extensions = extensions
+	}
+
 	for _, ext := range clientHello.Extensions {
 		if ext.Type() == dissector.ExtServerName {
 			snExtension := ext.(*dissector.ServerNameExtension)
-			serverName := snExtension.Name
 			if isClient {
-				snExtension.Name = encodeServerName(serverName) + "." + host
+				clientHello.Extensions = append(clientHello.Extensions,
-			} else {
+					dissector.NewExtension(0xFFFE, []byte(encodeServerName(snExtension.Name))))
-				if index := strings.IndexByte(serverName, '.'); index > 0 {
+			}
-					// try to decode the prefix
+			if host != "" {
-					if name, err := decodeServerName(serverName[:index]); err == nil {
+				snExtension.Name = host
-						snExtension.Name = name
-					}
-				}
 			}
-			host = snExtension.Name
 			break
 		}
 	}

vendor/github.com/ginuerzh/tls-dissector/extension.go

@@ -46,6 +46,16 @@ type unknownExtension struct {
 	raw []byte
 }
 
+func NewExtension(t uint16, data []byte) Extension {
+	ext := &unknownExtension{
+		raw: make([]byte, 2+2+len(data)),
+	}
+	binary.BigEndian.PutUint16(ext.raw[:2], t)
+	binary.BigEndian.PutUint16(ext.raw[2:4], uint16(len(data)))
+	copy(ext.raw[4:], data)
+	return ext
+}
+
 func (ext *unknownExtension) Type() uint16 {
 	return binary.BigEndian.Uint16(ext.raw)
 }

vendor/vendor.json

@@ -99,10 +99,10 @@
 			"revisionTime": "2017-02-05T06:52:49Z"
 		},
 		{
-			"checksumSHA1": "qBQox+0NNTwkyw+a4eMiuMjDxjY=",
+			"checksumSHA1": "ZefD404me5Nm13S6NTsfJ57UApI=",
 			"path": "github.com/ginuerzh/tls-dissector",
-			"revision": "7daf6e2af3aed2de50b3662683f6434297949d2a",
+			"revision": "ede94e83b36efefb6d06e5a29d28e2211b8bd6a9",
-			"revisionTime": "2017-10-25T09:37:20Z"
+			"revisionTime": "2017-10-29T12:10:54Z"
 		},
 		{
 			"checksumSHA1": "fBx0fqiyrl26gkGo14J9pJ8zB2Y=",