Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Trying to add extensions to my rust fingerprint #99

Open
ahmadmarhaba opened this issue Jan 11, 2023 · 2 comments
Open

Trying to add extensions to my rust fingerprint #99

ahmadmarhaba opened this issue Jan 11, 2023 · 2 comments

Comments

@ahmadmarhaba
Copy link

ahmadmarhaba commented Jan 11, 2023
edited
Loading

I am tryin to change my rust client fingerprint by adding (27,17513,41) ext numbers => 771,4865-4866-4867-49195-49199-49196-49200-52393-52392-49171-49172-156-157-47-53,0-23-65281-10-11-35-16-5-13-18-51-45-43-[ 27 ext here ]-[ 17513 ext here ]-21-[ 41 ext here ],29-23-24,0

What I did:

  • Read the openssl doc and the tls ext table https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xml
  • Found a getter ExtensionType::CERT_COMPRESSION, ExtensionType::PADDING but no setter.
  • I am not using actual certificate in my rust client as I also disabled checking for it with verify mode.
  • Calling https://tls.peet.ws/api/clean to read my ja3
  • Tried using clear_option and set_option to add and remove SslOption::NO_COMPRESSION but it did nothing // Disables the use of TLS compression
  • Read the github code and rust doc as all I can find is this about it (2020-12-02 draft-ietf-tls-certificate-compression is now RFC 8879)
  • Using boring / boring-hyper / hyper in my rust client
  • Tried using rustls but not enough supported ciphers.

Do I need to have an actual certificate and find someway to compress it? Did I miss something crucial? If there is a solution, does it work on rest of the ExtensionTypes? Is it not implemented for rust yet?

Tryin to mimic the chrome fingerprint for rust, I already have an app running in electron client and Go (with libraries) both have chrome fingerprint. Now doing it in rust for benchmark.

Any help or advice would be great, thanks alot.

let mut connector = HttpConnector::new();
connector.enforce_http(false);

let mut ssl = SslConnector::builder(SslMethod::tls()).unwrap();

ssl.set_verify(SslVerifyMode::NONE);
ssl.enable_ocsp_stapling();
ssl.enable_signed_cert_timestamps();
ssl.set_alpn_protos(b"\x02h2\x06http/2").unwrap();
ssl.set_cipher_list("ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-CHACHA20-POLY1305,ECDHE-RSA-CHACHA20-POLY1305,ECDHE-RSA-CHACHA20-POLY1305,ECDHE-RSA-AES128-SHA,ECDHE-RSA-AES256-SHA,AES128-GCM-SHA256,AES256-GCM-SHA384,AES128-SHA,AES256-SHA").unwrap();

let ssl = HttpsConnector::with_connector(connector, ssl).unwrap();

let client = Client::builder()
    .pool_max_idle_per_host(0)
    .build::<_, Body>(ssl);

let req = Request::builder()
    .method(Method::GET)
    .uri("https://tls.peet.ws/api/clean")
    .header("user-agent", "my agent")
    .body(Body::from(""))
    .unwrap();

let res = client.request(req).await.unwrap();
let buf = body::to_bytes(res).await.unwrap();
println!("{:#?}", buf);
@AceRogue
Copy link

any idea about this?

@AceRogue
Copy link

It seems that you do not modify tls extensions as well. The order of tls extensions is randomized now in new version of chrome. Do you have any idea to set tls extensions in boring ssl?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@AceRogue @ahmadmarhaba