Update branch

clean.sh

 #!/bin/bash
 
-# WSSSH: Warp-Powered Stefy's Spatial Secure Hyperdrive Clean Script
-# Clean script for removing build artifacts from WSSSH tools
+# clean.sh - Cleanup script for wsssh project
+# Calls build.sh --clean with all passed arguments
 #
 # Copyright (C) 2024 Stefy Lanza <stefy@nexlab.net> and SexHack.me
 #
@@ -18,5 +18,8 @@
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <https://www.gnu.org/licenses/>.
 
-# Use build.sh --clean for consistent cleaning
-./build.sh --clean --novenv
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+cd "$SCRIPT_DIR"
+
+# Pass all arguments to build.sh --clean
+exec ./build.sh --clean "$@"

wsssd/server.py

@@ -241,6 +241,9 @@ async def shutdown_server(ws_server, cleanup_coro, flask_thread):
 
 async def run_server():
     """Main server function"""
+    # Create new process group to avoid receiving SIGINT from terminal
+    os.setpgrp()
+
     args = load_config()
 
     # Set global variables

wssshd2/assets.h

@@ -29,8 +29,8 @@ extern const char *terminal_html;
 extern const char *users_html;
 
 // Embedded images
-extern const unsigned char *image_jpg;
-extern size_t image_jpg_len;
+extern unsigned char image_jpg[];
+extern unsigned int image_jpg_len;
 
 // Function to get asset by path
 const char *get_embedded_asset(const char *path, size_t *size);

wssshd2/web.c

@@ -34,7 +34,9 @@
 #include "assets.h"
 #include "websocket.h"
 #include "html_pages/index_page.h"
+#include "html_pages/login_page.h"
 #include "html_pages/terminal_page.h"
+#include "html_pages/users_page.h"
 
 // Embedded web assets are defined in assets.c
 
@@ -377,8 +379,7 @@ static void handle_request(int client_fd, const http_request_t *req) {
             char *html = generate_index_html(username, is_admin);
             send_response(client_fd, 200, "OK", "text/html", html, strlen(html), NULL, NULL);
         } else if (strcmp(req->path, "/login") == 0) {
-            const char *asset = get_embedded_asset("/login", NULL);
-            send_response(client_fd, 200, "OK", "text/html", asset, strlen(asset), NULL, NULL);
+            send_response(client_fd, 200, "OK", "text/html", login_page_html, strlen(login_page_html), NULL, NULL);
         } else if (strcmp(req->path, "/logout") == 0) {
             send_response(client_fd, 302, "Found", "text/html", NULL, 0, "session_id=; Max-Age=0; Path=/", NULL);
             return;
@@ -387,8 +388,7 @@ static void handle_request(int client_fd, const http_request_t *req) {
                 send_response(client_fd, 403, "Forbidden", "text/html", "Access denied", 13, NULL, NULL);
                 return;
             }
-            const char *asset = get_embedded_asset("/users.html", NULL);
-            send_response(client_fd, 200, "OK", "text/html", asset, strlen(asset), NULL, NULL);
+            send_response(client_fd, 200, "OK", "text/html", users_page_html, strlen(users_page_html), NULL, NULL);
         } else if (strncmp(req->path, "/terminal/", 9) == 0) {
             if (!username) {
                 send_response(client_fd, 302, "Found", "text/html", NULL, 0, NULL, NULL);

wssshd2/websocket_protocol.c

@@ -163,8 +163,6 @@ static bool ws_parse_frame_header(const uint8_t *buffer, size_t len, ws_frame_he
     // Limit to 10MB to prevent excessive memory allocation
     const size_t MAX_PAYLOAD_SIZE = 10 * 1024 * 1024; // 10MB
     if (header->payload_len > MAX_PAYLOAD_SIZE) {
-        printf("[DEBUG] ws_parse_frame_header: Payload too large: %llu bytes (max: %zu)\n",
-               (unsigned long long)header->payload_len, MAX_PAYLOAD_SIZE);
         return false; // Reject frames with excessively large payloads
     }
 
@@ -263,17 +261,14 @@ bool ws_perform_handshake(ws_connection_t *conn) {
 // Send WebSocket frame
 bool ws_send_frame(ws_connection_t *conn, uint8_t opcode, const void *data, size_t len) {
     if (!conn) {
-        printf("[DEBUG] ws_send_frame: Connection is NULL\n");
         return false;
     }
 
     if (conn->state != WS_STATE_OPEN) {
-        printf("[DEBUG] ws_send_frame: Connection not in OPEN state (state=%d)\n", conn->state);
         return false;
     }
 
     if (!conn->ssl) {
-        printf("[DEBUG] ws_send_frame: SSL connection is NULL\n");
         return false;
     }
 
@@ -289,7 +284,6 @@ bool ws_send_frame(ws_connection_t *conn, uint8_t opcode, const void *data, size
     size_t frame_len = header_len + len;
     uint8_t *frame = malloc(frame_len);
     if (!frame) {
-        printf("[DEBUG] ws_send_frame: Failed to allocate frame buffer\n");
         return false;
     }
 
@@ -317,8 +311,6 @@ bool ws_send_frame(ws_connection_t *conn, uint8_t opcode, const void *data, size
         memcpy(frame + header_len, data, len);
     }
 
-    printf("[DEBUG] ws_send_frame: Sending frame with opcode=%d, len=%zu, frame_len=%zu\n", opcode, len, frame_len);
-
     // Send frame with partial write handling and retry logic
     int total_written = 0;
     int retry_count = 0;
@@ -329,18 +321,15 @@ bool ws_send_frame(ws_connection_t *conn, uint8_t opcode, const void *data, size
         int written = SSL_write(conn->ssl, frame + total_written, to_write);
         if (written <= 0) {
             int ssl_error = SSL_get_error(conn->ssl, written);
-            printf("[DEBUG] ws_send_frame: SSL_write failed at offset %d, ssl_error=%d\n", total_written, ssl_error);
 
             // Check for recoverable SSL errors
             if ((ssl_error == SSL_ERROR_WANT_READ || ssl_error == SSL_ERROR_WANT_WRITE ||
                  ssl_error == SSL_ERROR_SSL || ssl_error == SSL_ERROR_SYSCALL) && retry_count < max_retries - 1) {
                 retry_count++;
-                printf("[DEBUG] ws_send_frame: Recoverable SSL error, retrying (%d/%d)\n", retry_count, max_retries);
                 // Exponential backoff: wait longer between retries
                 usleep(10000 * (1 << retry_count)); // 10ms, 20ms, 40ms, 80ms
                 continue; // Retry the write operation
             } else {
-                printf("[DEBUG] ws_send_frame: Fatal SSL error %d after %d retries\n", ssl_error, retry_count);
                 // Don't mark connection as closed on send failures - let receive failures handle connection closure
             }
 
@@ -352,11 +341,9 @@ bool ws_send_frame(ws_connection_t *conn, uint8_t opcode, const void *data, size
     }
 
     if (total_written < (int)frame_len) {
-        printf("[DEBUG] ws_send_frame: Write incomplete after retries: %d/%d bytes written\n", total_written, (int)frame_len);
         free(frame);
         return false;
     }
-    printf("[DEBUG] ws_send_frame: SSL_write returned %d (expected %zu)\n", total_written, frame_len);
     free(frame);
     return total_written == (int)frame_len;
 }
@@ -369,17 +356,12 @@ bool ws_receive_frame(ws_connection_t *conn, uint8_t *opcode, void **data, size_
     uint8_t header[14];
     int bytes_read = SSL_read(conn->ssl, header, 2);
     if (bytes_read <= 0) {
-        int ssl_error = SSL_get_error(conn->ssl, bytes_read);
-        printf("[DEBUG] ws_receive_frame: SSL_read failed, bytes_read=%d, ssl_error=%d\n", bytes_read, ssl_error);
         return false;
     }
     if (bytes_read != 2) {
-        printf("[DEBUG] ws_receive_frame: Expected 2 header bytes, got %d\n", bytes_read);
         return false;
     }
 
-    printf("[DEBUG] ws_receive_frame: Header bytes: 0x%02x 0x%02x\n", header[0], header[1]);
-
     // Determine minimum header size needed for parsing
     uint8_t payload_len_indicator = header[1] & 0x7F;
     size_t min_header_size = 2;
@@ -396,7 +378,6 @@ bool ws_receive_frame(ws_connection_t *conn, uint8_t *opcode, void **data, size_
         while (total_read < (int)(min_header_size - 2)) {
             bytes_read = SSL_read(conn->ssl, header + 2 + total_read, min_header_size - 2 - total_read);
             if (bytes_read <= 0) {
-                printf("[DEBUG] ws_receive_frame: Failed to read extended header\n");
                 return false;
             }
             total_read += bytes_read;
@@ -409,7 +390,6 @@ bool ws_receive_frame(ws_connection_t *conn, uint8_t *opcode, void **data, size_
     if (masked) {
         bytes_read = SSL_read(conn->ssl, header + min_header_size, 4);
         if (bytes_read != 4) {
-            printf("[DEBUG] ws_receive_frame: Failed to read masking key\n");
             return false;
         }
         total_header_size += 4;
@@ -417,13 +397,11 @@ bool ws_receive_frame(ws_connection_t *conn, uint8_t *opcode, void **data, size_
 
     // Validate header size
     if (total_header_size > sizeof(header)) {
-        printf("[DEBUG] ws_receive_frame: Header size %zu exceeds buffer size %zu\n", total_header_size, sizeof(header));
         return false;
     }
 
     ws_frame_header_t frame_header;
     if (!ws_parse_frame_header(header, total_header_size, &frame_header)) {
-        printf("[DEBUG] ws_receive_frame: Failed to parse complete frame header\n");
         return false;
     }
 
@@ -439,15 +417,11 @@ bool ws_receive_frame(ws_connection_t *conn, uint8_t *opcode, void **data, size_
     // Protect against memory exhaustion attacks with reasonable limit
     const size_t MAX_SAFE_PAYLOAD = 50 * 1024 * 1024; // 50MB safety limit
     if (frame_header.payload_len > MAX_SAFE_PAYLOAD) {
-        printf("[DEBUG] ws_receive_frame: Payload too large: %llu bytes (max: %zu)\n",
-               (unsigned long long)frame_header.payload_len, MAX_SAFE_PAYLOAD);
         return false;
     }
 
     *data = malloc(frame_header.payload_len + 1); // +1 for null termination
     if (!*data) {
-        printf("[DEBUG] ws_receive_frame: Failed to allocate %llu bytes for payload\n",
-               (unsigned long long)frame_header.payload_len + 1);
         return false;
     }
 
@@ -460,9 +434,6 @@ bool ws_receive_frame(ws_connection_t *conn, uint8_t *opcode, void **data, size_
 
         bytes_read = SSL_read(conn->ssl, (char *)*data + total_read, to_read);
         if (bytes_read <= 0) {
-            int ssl_error = SSL_get_error(conn->ssl, bytes_read);
-            printf("[DEBUG] ws_receive_frame: SSL_read failed during payload, bytes_read=%d, ssl_error=%d\n",
-                   bytes_read, ssl_error);
             free(*data);
             return false;
         }
@@ -471,8 +442,6 @@ bool ws_receive_frame(ws_connection_t *conn, uint8_t *opcode, void **data, size_
 
     // Verify we read the complete payload
     if (total_read != frame_header.payload_len) {
-        printf("[DEBUG] ws_receive_frame: Incomplete payload read: %zu/%llu\n",
-               total_read, (unsigned long long)frame_header.payload_len);
         free(*data);
         return false;
     }

wssshd2/websocket_protocol.h

@@ -73,6 +73,9 @@ bool ws_perform_handshake(ws_connection_t *conn);
 bool ws_send_frame(ws_connection_t *conn, uint8_t opcode, const void *data, size_t len);
 bool ws_receive_frame(ws_connection_t *conn, uint8_t *opcode, void **data, size_t *len);
 
+// Connection health monitoring
+bool ws_connection_is_healthy(ws_connection_t *conn);
+
 // Utility functions
 char *ws_compute_accept_key(const char *key);
 void ws_mask_data(uint8_t *data, size_t len, const uint8_t *mask);

wssshtools/configure.sh

@@ -45,6 +45,13 @@ if ! pkg-config --exists openssl; then
     exit 1
 fi
 
+# Check for zlib development libraries
+if ! pkg-config --exists zlib; then
+    echo "Error: zlib development libraries not found."
+    echo "Please install zlib-dev or zlib1g-dev package."
+    exit 1
+fi
+
 echo "All required tools found."
 
 # Generate Makefile
@@ -52,8 +59,8 @@ cat > Makefile << 'EOF'
 # Makefile for wssshtools
 
 CC = gcc
-CFLAGS = -Wall -Wextra -O2 -D_GNU_SOURCE $(shell pkg-config --cflags openssl)
-LDFLAGS = $(shell pkg-config --libs openssl)
+CFLAGS = -Wall -Wextra -O2 -D_GNU_SOURCE $(shell pkg-config --cflags openssl) $(shell pkg-config --cflags zlib)
+LDFLAGS = $(shell pkg-config --libs openssl) $(shell pkg-config --libs zlib)
 
 # Source files
 LIB_SRCS = libwsssht/wssshlib.c libwsssht/websocket.c libwsssht/wssh_ssl.c libwsssht/tunnel.c libwsssht/utils.c libwsssht/modes.c libwsssht/threads.c libwsssht/control_messages.c libwsssht/data_messages.c

wssshtools/libwsssht/modes.c

@@ -1110,6 +1110,7 @@ void *handle_connection(void *arg) {
         close(accepted_sock);
         return NULL;
     }
+    memset(new_tunnel, 0, sizeof(tunnel_t));
 
     // Initialize tunnel structure
     generate_request_id(new_tunnel->request_id, sizeof(new_tunnel->request_id));

wssshtools/libwsssht/tunnel.c

@@ -227,6 +227,7 @@ void handle_tunnel_request(SSL *ssl, const char *request_id, int debug, const ch
         pthread_mutex_unlock(&tunnel_mutex);
         return;
     }
+    memset(new_tunnel, 0, sizeof(tunnel_t));
 
     // For wssshc: Connect to target TCP endpoint and forward raw TCP data
     struct sockaddr_in target_addr;
@@ -386,6 +387,7 @@ void handle_tunnel_request_with_enc(SSL *ssl, const char *request_id, int debug,
         pthread_mutex_unlock(&tunnel_mutex);
         return;
     }
+    memset(new_tunnel, 0, sizeof(tunnel_t));
 
     // For wssshc: Connect to target TCP endpoint and forward raw TCP data
     struct sockaddr_in target_addr;
@@ -538,6 +540,7 @@ void handle_tunnel_request_with_service_and_enc(SSL *ssl, const char *request_id
         pthread_mutex_unlock(&tunnel_mutex);
         return;
     }
+    memset(new_tunnel, 0, sizeof(tunnel_t));
 
     // For wssshc: Connect to target TCP endpoint and forward raw TCP data
     struct sockaddr_in target_addr;
@@ -2016,6 +2019,7 @@ tunnel_setup_result_t setup_tunnel(const char *wssshd_host, int wssshd_port, con
             tunnel_setup_result_t result = {-1, NULL, NULL, ""};
             return result;
         }
+        memset(new_tunnel, 0, sizeof(tunnel_t));
 
         if (use_buffer) {
             new_tunnel->outgoing_buffer = frame_buffer_init();

wssshtools/wsssht.c

@@ -478,6 +478,7 @@ int main(int argc, char *argv[]) {
         pthread_mutex_destroy(&tunnel_mutex);
         return 1;
     }
+    memset(new_tunnel, 0, sizeof(tunnel_t));
 
     new_tunnel->outgoing_buffer = NULL;
     new_tunnel->incoming_buffer = frame_buffer_init();