From 61bfc6b6d3ad830a8a7569ea31399e93f48dd38d Mon Sep 17 00:00:00 2001 From: cyBerta Date: Mon, 30 May 2022 23:50:50 +0200 Subject: obfuscate vpn traffic using either shapeshfiter or obfsvpn --- .../de/blinkt/openvpn/core/OpenVPNService.java | 17 ++++++++++++++- .../openvpn/core/connection/Obfs4Connection.java | 23 +++++++++++++++------ .../leap/bitmaskclient/base/models/Constants.java | 1 + .../leap/bitmaskclient/eip/VpnConfigGenerator.java | 24 +++++++++++++++++++--- .../pluggableTransports/Obfs4Options.java | 4 +++- .../java/de/blinkt/openvpn/VpnProfileTest.java | 2 +- bitmaskcore | 2 +- 7 files changed, 60 insertions(+), 13 deletions(-) diff --git a/app/src/main/java/de/blinkt/openvpn/core/OpenVPNService.java b/app/src/main/java/de/blinkt/openvpn/core/OpenVPNService.java index d624af80..6edbbab4 100644 --- a/app/src/main/java/de/blinkt/openvpn/core/OpenVPNService.java +++ b/app/src/main/java/de/blinkt/openvpn/core/OpenVPNService.java @@ -43,10 +43,12 @@ import de.blinkt.openvpn.core.VpnStatus.ByteCountListener; import de.blinkt.openvpn.core.VpnStatus.StateListener; import de.blinkt.openvpn.core.connection.Connection; import de.blinkt.openvpn.core.connection.Obfs4Connection; +import se.leap.bitmaskclient.BuildConfig; import se.leap.bitmaskclient.R; import se.leap.bitmaskclient.eip.EipStatus; import se.leap.bitmaskclient.eip.VpnNotificationManager; import se.leap.bitmaskclient.firewall.FirewallManager; +import se.leap.bitmaskclient.pluggableTransports.ObfsVpnClient; import se.leap.bitmaskclient.pluggableTransports.Shapeshifter; import static de.blinkt.openvpn.core.ConnectionStatus.LEVEL_CONNECTED; @@ -89,6 +91,7 @@ public class OpenVPNService extends VpnService implements StateListener, Callbac private Runnable mOpenVPNThread; private VpnNotificationManager notificationManager; private Shapeshifter shapeshifter; + private ObfsVpnClient obfsVpnClient; private FirewallManager firewallManager; private final IBinder mBinder = new IOpenVPNServiceInternal.Stub() { @@ -241,6 +244,9 @@ public class OpenVPNService extends VpnService implements StateListener, Callbac if (shapeshifter != null) { shapeshifter.stop(); shapeshifter = null; + } else if (obfsVpnClient != null) { + obfsVpnClient.stop(); + obfsVpnClient = null; } VpnStatus.updateStateString("NOPROCESS", "VPN STOPPED", R.string.state_noprocess, ConnectionStatus.LEVEL_NOTCONNECTED); } @@ -412,7 +418,12 @@ public class OpenVPNService extends VpnService implements StateListener, Callbac if (mProfile.mUsePluggableTransports && connection instanceof Obfs4Connection) { Obfs4Connection obfs4Connection = (Obfs4Connection) connection; - if (shapeshifter == null) { + if (BuildConfig.use_obfsvpn) { + if (obfsVpnClient == null) { + obfsVpnClient = new ObfsVpnClient(obfs4Connection.getDispatcherOptions()); + obfsVpnClient.start(); + } + } else if (shapeshifter == null) { shapeshifter = new Shapeshifter(obfs4Connection.getDispatcherOptions()); shapeshifter.start(); } @@ -474,6 +485,10 @@ public class OpenVPNService extends VpnService implements StateListener, Callbac Log.d(TAG, "-> stop shapeshifter"); shapeshifter.stop(); shapeshifter = null; + } else if (obfsVpnClient != null) { + Log.d(TAG, "-> stop obfsvpnClient"); + obfsVpnClient.stop(); + obfsVpnClient = null; } try { Thread.sleep(1000); diff --git a/app/src/main/java/de/blinkt/openvpn/core/connection/Obfs4Connection.java b/app/src/main/java/de/blinkt/openvpn/core/connection/Obfs4Connection.java index 82a7a6aa..393afd94 100644 --- a/app/src/main/java/de/blinkt/openvpn/core/connection/Obfs4Connection.java +++ b/app/src/main/java/de/blinkt/openvpn/core/connection/Obfs4Connection.java @@ -1,6 +1,8 @@ package de.blinkt.openvpn.core.connection; +import se.leap.bitmaskclient.BuildConfig; import se.leap.bitmaskclient.pluggableTransports.Obfs4Options; +import se.leap.bitmaskclient.pluggableTransports.ObfsVpnClient; import static se.leap.bitmaskclient.pluggableTransports.Shapeshifter.DISPATCHER_IP; import static se.leap.bitmaskclient.pluggableTransports.Shapeshifter.DISPATCHER_PORT; @@ -16,14 +18,23 @@ public class Obfs4Connection extends Connection { private Obfs4Options options; public Obfs4Connection(Obfs4Options options) { - setUseUdp(false); - setServerName(DISPATCHER_IP); - setServerPort(DISPATCHER_PORT); - setProxyName(""); - setProxyPort(""); + if (BuildConfig.use_obfsvpn) { + setUseUdp(options.udp); + setServerName(options.remoteIP); + setServerPort(options.remotePort); + setProxyName(ObfsVpnClient.SOCKS_IP); + setProxyPort(ObfsVpnClient.SOCKS_PORT); + setProxyType(ProxyType.SOCKS5); + } else { + setUseUdp(false); + setServerName(DISPATCHER_IP); + setServerPort(DISPATCHER_PORT); + setProxyName(""); + setProxyPort(""); + setProxyType(ProxyType.NONE); + } setProxyAuthUser(null); setProxyAuthPassword(null); - setProxyType(ProxyType.NONE); setUseProxyAuth(false); this.options = options; } diff --git a/app/src/main/java/se/leap/bitmaskclient/base/models/Constants.java b/app/src/main/java/se/leap/bitmaskclient/base/models/Constants.java index bde909ba..d7a54fcc 100644 --- a/app/src/main/java/se/leap/bitmaskclient/base/models/Constants.java +++ b/app/src/main/java/se/leap/bitmaskclient/base/models/Constants.java @@ -163,6 +163,7 @@ public interface Constants { String IP_ADDRESS = "ip_address"; String IP_ADDRESS6 = "ip_address6"; String REMOTE = "remote"; + String SOCKS_PROXY = "socks-proxy"; String PORTS = "ports"; String PROTOCOLS = "protocols"; String UDP = "udp"; diff --git a/app/src/main/java/se/leap/bitmaskclient/eip/VpnConfigGenerator.java b/app/src/main/java/se/leap/bitmaskclient/eip/VpnConfigGenerator.java index 5ddb74ab..061c1aa3 100644 --- a/app/src/main/java/se/leap/bitmaskclient/eip/VpnConfigGenerator.java +++ b/app/src/main/java/se/leap/bitmaskclient/eip/VpnConfigGenerator.java @@ -31,6 +31,7 @@ import de.blinkt.openvpn.VpnProfile; import de.blinkt.openvpn.core.ConfigParser; import de.blinkt.openvpn.core.VpnStatus; import de.blinkt.openvpn.core.connection.Connection; +import se.leap.bitmaskclient.BuildConfig; import se.leap.bitmaskclient.base.models.Provider; import se.leap.bitmaskclient.base.utils.ConfigHelper; import se.leap.bitmaskclient.pluggableTransports.Obfs4Options; @@ -46,9 +47,12 @@ import static se.leap.bitmaskclient.base.models.Constants.PROTOCOLS; import static se.leap.bitmaskclient.base.models.Constants.PROVIDER_PRIVATE_KEY; import static se.leap.bitmaskclient.base.models.Constants.PROVIDER_VPN_CERTIFICATE; import static se.leap.bitmaskclient.base.models.Constants.REMOTE; +import static se.leap.bitmaskclient.base.models.Constants.SOCKS_PROXY; import static se.leap.bitmaskclient.base.models.Constants.TRANSPORT; import static se.leap.bitmaskclient.base.models.Constants.TYPE; import static se.leap.bitmaskclient.base.models.Constants.UDP; +import static se.leap.bitmaskclient.pluggableTransports.ObfsVpnClient.SOCKS_IP; +import static se.leap.bitmaskclient.pluggableTransports.ObfsVpnClient.SOCKS_PORT; import static se.leap.bitmaskclient.pluggableTransports.Shapeshifter.DISPATCHER_IP; import static se.leap.bitmaskclient.pluggableTransports.Shapeshifter.DISPATCHER_PORT; @@ -140,7 +144,7 @@ public class VpnConfigGenerator { String cert = transportOptions.getString("cert"); String port = obfs4Transport.getJSONArray(PORTS).getString(0); String ip = gateway.getString(IP_ADDRESS); - return new Obfs4Options(ip, port, cert, iatMode); + return new Obfs4Options(ip, port, cert, iatMode, false); } private String generalConfiguration() { @@ -321,10 +325,24 @@ public class VpnConfigGenerator { return; } + JSONArray ports = obfs4Transport.getJSONArray(PORTS); + if (ports.isNull(0)){ + VpnStatus.logError("Misconfigured provider: no ports defined in obfs4 transport JSON."); + return; + } + String route = "route " + ipAddress + " 255.255.255.255 net_gateway" + newLine; stringBuilder.append(route); - String remote = REMOTE + " " + DISPATCHER_IP + " " + DISPATCHER_PORT + " tcp" + newLine; - stringBuilder.append(remote); + if (BuildConfig.use_obfsvpn) { + String proxy = SOCKS_PROXY + " " + SOCKS_IP + " " + SOCKS_PORT + newLine; + stringBuilder.append(proxy); + + String remote = REMOTE + " " + ipAddress + " " + ports.getString(0) + newLine; + stringBuilder.append(remote); + } else { + String remote = REMOTE + " " + DISPATCHER_IP + " " + DISPATCHER_PORT + " tcp" + newLine; + stringBuilder.append(remote); + } } private String secretsConfiguration() { diff --git a/app/src/main/java/se/leap/bitmaskclient/pluggableTransports/Obfs4Options.java b/app/src/main/java/se/leap/bitmaskclient/pluggableTransports/Obfs4Options.java index 2f9cb732..ab6ea445 100644 --- a/app/src/main/java/se/leap/bitmaskclient/pluggableTransports/Obfs4Options.java +++ b/app/src/main/java/se/leap/bitmaskclient/pluggableTransports/Obfs4Options.java @@ -7,12 +7,14 @@ public class Obfs4Options implements Serializable { public String iatMode; public String remoteIP; public String remotePort; + public boolean udp; - public Obfs4Options(String remoteIP, String remotePort, String cert, String iatMode) { + public Obfs4Options(String remoteIP, String remotePort, String cert, String iatMode, boolean udp) { this.cert = cert; this.iatMode = iatMode; this.remoteIP = remoteIP; this.remotePort = remotePort; + this.udp = udp; } } diff --git a/app/src/test/java/de/blinkt/openvpn/VpnProfileTest.java b/app/src/test/java/de/blinkt/openvpn/VpnProfileTest.java index e8a93b75..34eea5e9 100644 --- a/app/src/test/java/de/blinkt/openvpn/VpnProfileTest.java +++ b/app/src/test/java/de/blinkt/openvpn/VpnProfileTest.java @@ -59,7 +59,7 @@ public class VpnProfileTest { @Test public void toJson_obfs4() throws JSONException { VpnProfile mockVpnProfile = new VpnProfile("mockProfile", OBFS4); - mockVpnProfile.mConnections[0] = new Obfs4Connection(new Obfs4Options("192.168.0.1", "1234", "CERT", "1")); + mockVpnProfile.mConnections[0] = new Obfs4Connection(new Obfs4Options("192.168.0.1", "1234", "CERT", "1", false)); mockVpnProfile.mConnections[0].setUseUdp(false); mockVpnProfile.mLastUsed = 0; String s = mockVpnProfile.toJson(); diff --git a/bitmaskcore b/bitmaskcore index a82335ae..7185b55d 160000 --- a/bitmaskcore +++ b/bitmaskcore @@ -1 +1 @@ -Subproject commit a82335aef6cdd2bd0499d8828d6d479f2ded0876 +Subproject commit 7185b55d5aebb10e2d6b18f990da58aea26c15aa -- cgit v1.2.3