added dns parsing but in leaky manner

Author: shadowy-pycoder

README.md

@@ -528,7 +528,7 @@ Check proxy logs for traffic from other devices from your LAN
 
 ### UDP support
 
-`GoHPTS` has UDP support that can be enabled in `tproxy` mode. For this setup to work you need to connect to a socks5 server capable of serving UDP connections (`UDP ASSOCIATE`). For example, you can use [https://github.com/wzshiming/socks5](https://github.com/wzshiming/socks5) to deploy UDP capable UDP server on some remote or local machine. Once you have the server to connect to, run the following command:
+`GoHPTS` has UDP support that can be enabled in `tproxy` mode. For this setup to work you need to connect to a socks5 server capable of serving UDP connections (`UDP ASSOCIATE`). For example, you can use [https://github.com/wzshiming/socks5](https://github.com/wzshiming/socks5) to deploy UDP capable socks5 server on some remote or local machine. Once you have the server to connect to, run the following command:
 
 ```shell
 sudo env PATH=$PATH gohpts -s remote -Tu :8989 -M tproxy -auto -mark 100 -d
@@ -539,7 +539,7 @@ This command will configure your operating system and setup server on `0.0.0.0:8
 To test it locally, you can combine UDP transparent proxy with `-arpspoof` flag. For example:
 
 1. Setup VM on your system with any Linux distributive that supports `tproxy` (Kali Linux, for instance).
-2. Enable `Bridged` network so that VM could access your host machine.
+2. Enable `bridged` network so that VM could access your host machine.
 3. Move `gohpts` binary to VM (via `ssh`, for instance) or build it there in case of different OS/arch.
 4. On your VM run the following command:
 

colorize.go

@@ -21,7 +21,7 @@ var (
 		`(?:\[(?:[0-9a-fA-F:.]+)\]|(?:\d{1,3}\.){3}\d{1,3})(?::(6553[0-5]|655[0-2]\d|65[0-4]\d{2}|6[0-4]\d{3}|[1-5]?\d{1,4}))?`,
 	)
 	domainPattern = regexp.MustCompile(
-		`\b(?:[a-zA-Z0-9-]{1,63}\.)+(?:com|net|org|io|co|uk|ru|de|edu|gov|info|biz|dev|app|ai)(?::(6553[0-5]|655[0-2]\d|65[0-4]\d{2}|6[0-4]\d{3}|[1-5]?\d{1,4}))?\b`,
+		`\b(?:[a-zA-Z0-9-]{1,63}\.)+(?:com|net|org|io|co|uk|ru|de|edu|gov|info|biz|dev|app|ai|tv)(?::(6553[0-5]|655[0-2]\d|65[0-4]\d{2}|6[0-4]\d{3}|[1-5]?\d{1,4}))?\b`,
 	)
 	jwtPattern  = regexp.MustCompile(`\beyJ[A-Za-z0-9_-]{10,}\.[A-Za-z0-9_-]{10,}\.[A-Za-z0-9_-]{10,}\b`)
 	authPattern = regexp.MustCompile(
@@ -187,9 +187,9 @@ func colorizeHTTP(
 
 func colorizeTLS(req *layers.TLSClientHello, resp *layers.TLSServerHello, id string, nocolor bool) string {
 	var sb strings.Builder
+	sb.WriteString(fmt.Sprintf("%s ", colorizeTimestamp(time.Now(), nocolor)))
+	sb.WriteString(id)
 	if nocolor {
-		sb.WriteString(fmt.Sprintf("%s ", colorizeTimestamp(time.Now(), nocolor)))
-		sb.WriteString(id)
 		sb.WriteString(fmt.Sprintf(" %s ", req.TypeDesc))
 		if req.Length > 0 {
 			sb.WriteString(fmt.Sprintf(" Len: %d", req.Length))
@@ -224,8 +224,6 @@ func colorizeTLS(req *layers.TLSClientHello, resp *layers.TLSServerHello, id str
 			sb.WriteString(fmt.Sprintf(" ExtLen: %d", resp.ExtensionLength))
 		}
 	} else {
-		sb.WriteString(fmt.Sprintf("%s ", colorizeTimestamp(time.Now(), nocolor)))
-		sb.WriteString(id)
 		sb.WriteString(colors.Magenta(fmt.Sprintf(" %s ", req.TypeDesc)).Bold())
 		if req.Length > 0 {
 			sb.WriteString(colors.BeigeBg(fmt.Sprintf(" Len: %d", req.Length)).String())
@@ -263,6 +261,98 @@ func colorizeTLS(req *layers.TLSClientHello, resp *layers.TLSServerHello, id str
 	return sb.String()
 }
 
+func colorizeRData(rec *layers.ResourceRecord) string {
+	var rdata string
+	switch rd := rec.RData.(type) {
+	case *layers.RDataA:
+	case *layers.RDataAAAA:
+		rdata = fmt.Sprintf("%s %s ", colors.LightBlue(rec.Type.Name), colors.Gray(rd.Address.String()))
+	case *layers.RDataNS:
+		rdata = fmt.Sprintf("%s %s ", colors.LightBlue(rec.Type.Name), colors.Gray(rd.NsdName))
+	case *layers.RDataCNAME:
+		rdata = fmt.Sprintf("%s %s ", colors.LightBlue(rec.Type.Name), colors.Gray(rd.CName))
+	case *layers.RDataSOA:
+		rdata = fmt.Sprintf("%s %s ", colors.LightBlue(rec.Type.Name), colors.Gray(rd.PrimaryNS))
+	case *layers.RDataMX:
+		rdata = fmt.Sprintf("%s %s %s ", colors.LightBlue(rec.Type.Name), colors.Gray(fmt.Sprintf("%d", rd.Preference)), colors.Gray(rd.Exchange))
+	case *layers.RDataTXT:
+		rdata = fmt.Sprintf("%s %s ", colors.LightBlue(rec.Type.Name), colors.Gray(rd.TxtData))
+	default:
+		rdata = fmt.Sprintf("%s ", colors.LightBlue(rec.Type.Name))
+	}
+	return rdata
+}
+
+func colorizeDNS(req, resp *layers.DNSMessage, id string, nocolor bool) string {
+	var sb strings.Builder
+	sb.WriteString(fmt.Sprintf("%s ", colorizeTimestamp(time.Now(), nocolor)))
+	sb.WriteString(id)
+	if nocolor {
+		sb.WriteString(fmt.Sprintf(" DNS %s (%s) %#04x ", req.Flags.OPCodeDesc, req.Flags.QRDesc, req.TransactionID))
+		for _, rec := range req.Questions {
+			sb.WriteString(fmt.Sprintf("%s %s ", rec.Type.Name, rec.Name))
+		}
+		for _, rec := range req.AnswerRRs {
+			sb.WriteString(rec.Summary())
+		}
+		for _, rec := range req.AuthorityRRs {
+			sb.WriteString(rec.Summary())
+		}
+		for _, rec := range req.AdditionalRRs {
+			sb.WriteString(rec.Summary())
+		}
+		sb.WriteString("\n")
+		sb.WriteString(fmt.Sprintf("%s ", colorizeTimestamp(time.Now(), nocolor)))
+		sb.WriteString(id)
+		sb.WriteString(fmt.Sprintf(" DNS %s (%s) %#04x ", resp.Flags.OPCodeDesc, resp.Flags.QRDesc, resp.TransactionID))
+		for _, rec := range resp.Questions {
+			sb.WriteString(fmt.Sprintf("%s %s ", rec.Type.Name, rec.Name))
+		}
+		for _, rec := range resp.AnswerRRs {
+			sb.WriteString(rec.Summary())
+		}
+		for _, rec := range resp.AuthorityRRs {
+			sb.WriteString(rec.Summary())
+		}
+		for _, rec := range resp.AdditionalRRs {
+			sb.WriteString(rec.Summary())
+		}
+	} else {
+		sb.WriteString(colors.Gray(fmt.Sprintf(" DNS %s (%s)", req.Flags.OPCodeDesc, req.Flags.QRDesc)).Bold())
+		sb.WriteString(colors.Beige(fmt.Sprintf(" %#04x ", req.TransactionID)).String())
+		for _, rec := range req.Questions {
+			sb.WriteString(fmt.Sprintf("%s %s ", colors.LightBlue(rec.Type.Name), colors.Gray(rec.Name)))
+		}
+		for _, rec := range req.AnswerRRs {
+			sb.WriteString(colorizeRData(rec))
+		}
+		for _, rec := range req.AuthorityRRs {
+			sb.WriteString(colorizeRData(rec))
+		}
+		for _, rec := range req.AdditionalRRs {
+			sb.WriteString(colorizeRData(rec))
+		}
+		sb.WriteString("\n")
+		sb.WriteString(fmt.Sprintf("%s ", colorizeTimestamp(time.Now(), nocolor)))
+		sb.WriteString(id)
+		sb.WriteString(colors.Blue(fmt.Sprintf(" DNS %s (%s)", resp.Flags.OPCodeDesc, resp.Flags.QRDesc)).Bold())
+		sb.WriteString(colors.Beige(fmt.Sprintf(" %#04x ", resp.TransactionID)).String())
+		for _, rec := range resp.Questions {
+			sb.WriteString(fmt.Sprintf("%s %s ", colors.LightBlue(rec.Type.Name), colors.Gray(rec.Name)))
+		}
+		for _, rec := range resp.AnswerRRs {
+			sb.WriteString(colorizeRData(rec))
+		}
+		for _, rec := range resp.AuthorityRRs {
+			sb.WriteString(colorizeRData(rec))
+		}
+		for _, rec := range resp.AdditionalRRs {
+			sb.WriteString(colorizeRData(rec))
+		}
+	}
+	return sb.String()
+}
+
 func highlightPatterns(line string, nocolor bool) (string, bool) {
 	matched := false
 
@@ -377,7 +467,7 @@ func colorizeConnections(srcRemote, srcLocal, dstRemote, dstLocal net.Addr, id s
 }
 
 func colorizeConnectionsTransparent(
-	srcRemote, srcLocal, dstRemote, dstLocal net.Addr,
+	srcRemote, srcLocal, dstLocal, dstRemote net.Addr,
 	dst,
 	id string,
 	nocolor bool,

gohpts.go

@@ -288,6 +288,9 @@ func New(conf *Config) *proxyapp {
 			p.logger.Fatal().Err(err).Msg("")
 		}
 	}
+	if network.AddrEqual(p.tproxyAddr, p.tproxyAddrUDP) {
+		p.logger.Fatal().Msgf("%s: address already in use", p.tproxyAddrUDP)
+	}
 	p.auto = conf.Auto
 	if p.auto && runtime.GOOS != "linux" {
 		p.logger.Fatal().Msg("Auto setup is available only on linux systems")
@@ -690,7 +693,6 @@ func (p *proxyapp) handleForward(w http.ResponseWriter, r *http.Request) {
 	var resp *http.Response
 	var chunked bool
 	var respBodySaved []byte
-	p.httpClient.Timeout = timeout
 	if network.IsLocalAddress(r.Host) {
 		resp = p.doReq(w, req, nil)
 	} else {
@@ -879,7 +881,7 @@ func (p *proxyapp) handleTunnel(w http.ResponseWriter, r *http.Request) {
 		if p.json {
 			sniffdata = append(
 				sniffdata,
-				fmt.Sprintf("{\"connection\":{\"src_remote\":%s,\"src_local\":%s,\"dst_local\":%s,\"dst_remote\":%s}}",
+				fmt.Sprintf("{\"connection\":{\"src_remote\":%q,\"src_local\":%q,\"dst_local\":%q,\"dst_remote\":%q}}",
 					srcConn.RemoteAddr(), srcConn.LocalAddr(), dstConn.LocalAddr(), dstConn.RemoteAddr()),
 			)
 			j, err := json.Marshal(&layers.HTTPMessage{Request: r})
@@ -1205,14 +1207,29 @@ func (p *proxyapp) gatherSniffData(req, resp layers.Layer, sniffdata *[]string,
 				*sniffdata = append(*sniffdata, colorizeTLS(chs, shs, id, p.nocolor))
 			}
 		}
+	case *layers.DNSMessage:
+		rest := resp.(*layers.DNSMessage)
+		if p.json {
+			j1, err := json.Marshal(reqt)
+			if err != nil {
+				return err
+			}
+			j2, err := json.Marshal(rest)
+			if err != nil {
+				return err
+			}
+			*sniffdata = append(*sniffdata, string(j1), string(j2))
+		} else {
+			*sniffdata = append(*sniffdata, colorizeDNS(reqt, rest, id, p.nocolor))
+		}
 	}
 	return nil
 }
 
 func (p *proxyapp) sniffreporter(wg *sync.WaitGroup, sniffdata *[]string, reqChan, respChan <-chan layers.Layer, id string) {
 	defer wg.Done()
 	sniffdatalen := len(*sniffdata)
-	var reqTLSQueue, respTLSQueue, reqHTTPQueue, respHTTPQueue []layers.Layer
+	var reqTLSQueue, respTLSQueue, reqHTTPQueue, respHTTPQueue, reqDNSQueue, respDNSQueue []layers.Layer
 	for {
 		select {
 		case req, ok := <-reqChan:
@@ -1224,6 +1241,8 @@ func (p *proxyapp) sniffreporter(wg *sync.WaitGroup, sniffdata *[]string, reqCha
 					reqTLSQueue = append(reqTLSQueue, req)
 				case *layers.HTTPMessage:
 					reqHTTPQueue = append(reqHTTPQueue, req)
+				case *layers.DNSMessage:
+					reqDNSQueue = append(reqDNSQueue, req)
 				}
 			}
 		case resp, ok := <-respChan:
@@ -1245,6 +1264,12 @@ func (p *proxyapp) sniffreporter(wg *sync.WaitGroup, sniffdata *[]string, reqCha
 					} else if len(reqHTTPQueue) == 0 && len(respHTTPQueue) == 1 {
 						respHTTPQueue = respHTTPQueue[1:]
 					}
+				case *layers.DNSMessage:
+					if len(reqDNSQueue) > 0 || len(respDNSQueue) == 0 {
+						respDNSQueue = append(respDNSQueue, resp)
+					} else if len(reqDNSQueue) == 0 && len(respDNSQueue) == 1 {
+						respDNSQueue = respDNSQueue[1:]
+					}
 				}
 			}
 		}
@@ -1270,6 +1295,22 @@ func (p *proxyapp) sniffreporter(wg *sync.WaitGroup, sniffdata *[]string, reqCha
 			reqTLSQueue = reqTLSQueue[1:]
 			respTLSQueue = respTLSQueue[1:]
 
+			err := p.gatherSniffData(req, resp, sniffdata, id)
+			if err == nil && len(*sniffdata) > sniffdatalen {
+				if p.json {
+					p.snifflogger.Log().Msg(fmt.Sprintf("[%s]", strings.Join(*sniffdata, ",")))
+				} else {
+					p.snifflogger.Log().Msg(strings.Join(*sniffdata, "\n"))
+				}
+			}
+			*sniffdata = (*sniffdata)[:sniffdatalen]
+		}
+		if len(reqDNSQueue) > 0 && len(respDNSQueue) > 0 {
+			req := reqDNSQueue[0]
+			resp := respDNSQueue[0]
+			reqDNSQueue = reqDNSQueue[1:]
+			respDNSQueue = respDNSQueue[1:]
+
 			err := p.gatherSniffData(req, resp, sniffdata, id)
 			if err == nil && len(*sniffdata) > sniffdatalen {
 				if p.json {

tproxy_linux.go

@@ -198,7 +198,7 @@ func (ts *tproxyServer) handleConnection(srcConn net.Conn) {
 			sniffheader = append(
 				sniffheader,
 				fmt.Sprintf(
-					"{\"connection\":{\"tproxy_mode\":%s,\"src_remote\":%s,\"src_local\":%s,\"dst_local\":%s,\"dst_remote\":%s,\"original_dst\":%s}}",
+					"{\"connection\":{\"tproxy_mode\":%q,\"src_remote\":%q,\"src_local\":%q,\"dst_local\":%q,\"dst_remote\":%q,\"original_dst\":%q}}",
 					ts.p.tproxyMode,
 					srcConn.RemoteAddr(),
 					srcConn.LocalAddr(),
@@ -211,8 +211,8 @@ func (ts *tproxyServer) handleConnection(srcConn net.Conn) {
 			connections := colorizeConnectionsTransparent(
 				srcConn.RemoteAddr(),
 				srcConn.LocalAddr(),
-				dstConn.RemoteAddr(),
 				dstConn.LocalAddr(),
+				dstConn.RemoteAddr(),
 				dst, id, ts.p.nocolor)
 			sniffheader = append(sniffheader, connections)
 		}