search

HypePhilosophy / turnt-tls

A NodeJS HttpClient capable of changing your TLS signature to circumvent common fingerprinting methods. Supports pseudo-header order, sustained sessions, and compression.
37 stars 7 forks source link

Fix double content-length header issue #2

Closed danielbrzn closed 1 year ago

danielbrzn commented 1 year ago

While using this library, I was running into errors with POST requests because the Content-Length header was being sent twice. Some servers will refuse to process the request as the headers are considered to be malformed.

In Go, this header is generated automatically in the NewRequest method as long as a body is provided.

The extra code that was added to set the Content-Length is thus not needed and should be removed to avoid issues with POST requests.

Verifying with Burp Suite: Before: previous

After: working

HypePhilosophy commented 1 year ago

Nice catch. I'll merge this once you remove the binaries from the PR.

danielbrzn commented 1 year ago

@HypePhilosophy fixed :)

ActiniumTO commented 1 year ago

I still get issue on POST request trying to send to : import { turnt } from "./turnt"; import { CookieJar } from "tough-cookie"; import { inflateRaw } from "zlib"; import { v4 as uuidv4 } from 'uuid';

var cookieJar = new CookieJar(); process.on("uncaughtException", (err) => { console.warn(err); });

/ setInterval(() => { try { testTLS(); } catch (err) { console.warn(err); } }); /

// testPeetTLS(); // testZalando(); async function testTLS() { let options = { method: "POST", body: '', //proxy: "socks5://foo:bar@168.119.152.155:1080", cookieJar: cookieJar, headers: { "accept": "/", "accept-encoding": "gzip, deflate, br", "accept-language": "en-US,en;q=0.9,he;q=0.8,zh-CN;q=0.7,zh;q=0.6,ru;q=0.5", "content-length": "14", "content-type": "application/json", "custom-deviceid": uuidv4(), "custom-language": "0", "custom-platform": "3", "origin": "https://trading.quantfury.com", "referer": "https://trading.quantfury.com/", "sec-ch-ua": 'Not_A Brand";v="99", "Google Chrome";v="109", "Chromium";v="109"', "sec-ch-ua-mobile": "?0", "sec-ch-ua-platform": 'Windows"', "sec-fetch-dest": "empty", "sec-fetch-mode": "cors", "sec-fetch-site": "same-site", "user-agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36" }, json: {"hey": "hey"} };

let GetResp = await turnt("https://httpbin.org/post", options);

// console.log(GetResp.body);

console.log(GetResp.body, GetResp.status); }

testTLS()