marek/i2p.i2p
1
0
Fork 0
forked from I2P_Developers/i2p.i2p
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

Hide HTTP server name (replace by I2PServer) to avoid server detection

Browse Source 
(flaw successfully tested by Adrian Crenshaw -- thanks!).
This commit is contained in:
mathiasdm
2010-12-07 21:38:13 +00:00
parent 26356ce35f
commit 03ff26acc7
2 changed files with 15 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
apps/i2ptunnel/java/src/net/i2p/i2ptunnel/I2PTunnelHTTPServer.java
View File

@@ -192,11 +192,19 @@ public class I2PTunnelHTTPServer extends I2PTunnelServer {
// at java.lang.Thread.run(Thread.java:619) // at java.lang.Thread.run(Thread.java:619)
// at net.i2p.util.I2PThread.run(I2PThread.java:71) // at net.i2p.util.I2PThread.run(I2PThread.java:71)
try { try {
serverin = _webserver.getInputStream(); serverin = _webserver.getInputStream();
} catch (NullPointerException npe) { } catch (NullPointerException npe) {
throw new IOException("getInputStream NPE"); throw new IOException("getInputStream NPE");
} }
CompressedResponseOutputStream compressedOut = new CompressedResponseOutputStream(browserout); CompressedResponseOutputStream compressedOut = new CompressedResponseOutputStream(browserout);
//Change headers to protect server identity
StringBuilder command = new StringBuilder(128);
Properties headers = readHeaders(serverin, command);
headers.setProperty("Server", "I2PServer");
String modifiedHeaders = formatHeaders(headers, command);
compressedOut.write(modifiedHeaders.getBytes());
Sender s = new Sender(compressedOut, serverin, "server: server to browser"); Sender s = new Sender(compressedOut, serverin, "server: server to browser");
if (_log.shouldLog(Log.INFO)) if (_log.shouldLog(Log.INFO))
_log.info("Before pumping the compressed response"); _log.info("Before pumping the compressed response");
@@ -328,7 +336,7 @@ public class I2PTunnelHTTPServer extends I2PTunnelServer {
/** ridiculously long, just to prevent OOM DOS @since 0.7.13 */ /** ridiculously long, just to prevent OOM DOS @since 0.7.13 */
private static final int MAX_HEADERS = 60; private static final int MAX_HEADERS = 60;
private Properties readHeaders(InputStream in, StringBuilder command) throws IOException { private static Properties readHeaders(InputStream in, StringBuilder command) throws IOException {
Properties headers = new Properties(); Properties headers = new Properties();
StringBuilder buf = new StringBuilder(128); StringBuilder buf = new StringBuilder(128);
@@ -348,8 +356,8 @@ public class I2PTunnelHTTPServer extends I2PTunnelServer {
} }
} }
} }
if (trimmed > 0) //if (trimmed > 0)
getTunnel().getContext().statManager().addRateData("i2ptunnel.httpNullWorkaround", trimmed, 0); // getTunnel().getContext().statManager().addRateData("i2ptunnel.httpNullWorkaround", trimmed, 0);
int i = 0; int i = 0;
while (true) { while (true) {

3
history.txt
View File

@@ -1,3 +1,6 @@
2010-12-07 Mathiasdm
* I2PTunnel: Security fix: change server reply
to return 'I2PServer' instead of the actual servername.
2010-12-06 dr|z3d 2010-12-06 dr|z3d
* I2PSnark: * I2PSnark:
- Resolve table header wrapping issue. - Resolve table header wrapping issue.