search

Danny-Dasilva / CycleTLS

Spoof TLS/JA3 fingerprints in GO and Javascript
GNU General Public License v3.0
893 stars 170 forks source link

uTlsConn.Handshake() error: remote error: tls: error decoding message #160

Closed Tsyklop closed 10 months ago

Tsyklop commented 2 years ago

Description

I use last version of cycle-tls. Site works on http/2

JA3: 771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49162-49161-49171-49172-156-157-47-53,0-23-65281-10-11-35-16-5-34-51-43-13-45-28-21,29-23-24-25-0-1,0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0

Headers:

"accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8" "accept-encoding": "gzip, deflate, br" "accept-language": "ru-RU,ru;q=0.8,en-US;q=0.5,en;q=0.3" "host": "site.de" "sec-fetch-dest": "document" "sec-fetch-mode": "navigate" "sec-fetch-site": "none" "sec-fetch-user": "?1" "TE": "trailers" "upgrade-insecure-requests": "1" "user-agent: "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0"

https://tools.scrapfly.io/api/fp/ja3?extended=1 gives me next ja3 token: 772,4865-4867-4866-49195-49199-52393-52392-49196-49200-49162-49161-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-45-28-41,0-1-2-3-4-5,0

https://tls.peet.ws/api/clean gives me next ja3 token:
771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49162-49161-49171-49172-156-157-47-53,0-23-65281-10-11-35-16-5-34-51-43-13-45-28-21,29-23-24-25-0-1,0

ja3 tokens above not working - tls: error decoding message.

But the next token works, but its for Chrome:

771,4865-4866-4867-49195-49199-49196-49200-52393-52392-49171-49172-156-157-47-53,0-23-65281-10-11-35-16-5-13-18-51-45-43-27-17513-21,29-23-24,0

Golang Version: 1.18.5

Issue Type

Bug

Operating System

Windows 10

Node Version

Node 14.x

Golang Version

Other

Relevant Log Output

Get "https://site.de/ru-de/": uTlsConn.Handshake() error: remote error: tls: error decoding message
kasiusm commented 2 years ago

But the next token works, but its for Chrome: 771,4865-4866-4867-49195-49199-49196-49200-52393-52392-49171-49172-156-157-47-53,0-23-65281-10-11-35-16-5-13-18-51-45-43-27-17513-21,29-23-24,0

it's weird to get 771, it can't be chrome, 771 is tls 1.2, chrome is tls 1.3 (772). most of online ja3 fp are out of date, you should check https://scrapfly.io/web-scraping-tools/ja3-fingerprint which seems to be the most accurate

itschasa commented 1 year ago

i found a fix for myself

make sure you dont have 41 in your SSLExtension part of the ja3. 41 = pre_shared_key cycletls cant use this when it doesnt know/have the shared key already i don't know whether its ja3 will update to show it does after its got a shared_key

yang520f commented 1 year ago

772 is never a valid number for TLS

I think It's wired. When I access to https://scrapfly.io/web-scraping-tools/ja3-fingerprint, I truly get 772, I failed to use it in cycle-tls for I get the same wrong msg. However, it's ok when I use 771.

Danny-Dasilva commented 10 months ago

I made some updates to what happens when you pass 771 and added support for the pre-shared key extension. This should no longer be an issue but feel free to reopen if you encounter anything

https://github.com/Danny-Dasilva/CycleTLS/blob/f6c898f1bb298f3d6dd7fcfdfb531d950cc587a3/cycletls/utils.go#L303