Open atyachin opened 10 months ago
Sure! We've added the option to add a second proxy using the parameter -upstream
, you can use it like ./ja3proxy -upstream 127.0.0.1:1080
.
You can refer to commit be41733 for more information.
Amazing! Few questions please:
Thanks much!
I have tried using the new -upstream
parameter, but the connection isn't being tunneled through the specified socks proxy. I believe the issue is that CustomDialer is initialized in the line below, but isn't being used anywhere afterwards:
https://github.com/LyleMi/ja3proxy/blob/be41733b1c5029c19c90ba52e9eeb69b3f83be0f/main.go#L39
Steps to reproduce:
# docker-compose.yml
services:
ja3proxy:
image: ghcr.io/lylemi/ja3proxy:latest
build: .
entrypoint:
[
"/app/ja3proxy",
"-cert",
"/app/credentials/cert.pem",
"-key",
"/app/credentials/key.pem",
"-client",
"360Browser",
"-version",
"7.5",
"-upstream",
"tor-socks-proxy:9150"
]
ports:
- 8080:8080
volumes:
- ./credentials:/app/credentials
tor-socks-proxy:
image: peterdavehello/tor-socks-proxy:latest
Then run:
docker compose up -d --build
curl -k --proxy http://localhost:8080/ https://ifconfig.co/ip
IP is the same as when running curl https://ifconfig.co/ip
without a proxy.
I have tried using the new
-upstream
parameter, but the connection isn't being tunneled through the specified socks proxy. I believe the issue is that CustomDialer is initialized in the line below, but isn't being used anywhere afterwards:
It appears that the bug was caused by an incorrect commit, and one file was not properly submitted. Fixed it with new commit now.
Amazing! Few questions please:
1. Does it support proxy authentication in the form of user:pass@proxy_address:port ? 2. Can I set a different proxy per request (this is important since many proxy providers are accepting parameters via the proxy username string). 3. Can I set different ja3 client per request ?
Thanks much!
Regarding your question:
Best Regards
Amazing! Few questions please:
1. Does it support proxy authentication in the form of user:pass@proxy_address:port ? 2. Can I set a different proxy per request (this is important since many proxy providers are accepting parameters via the proxy username string). 3. Can I set different ja3 client per request ?
Thanks much!
I would second the wish for per-request options, which could be set using custom headers:
x-ja3proxy-upstream: socks://upstream-proxy/
x-ja3proxy-client: Chrome
x-ja3proxy-version: 120
The headers could be stripped out before the request is forwarded to the client. This would be great for scraping with a large proxy pool while using programming languages which don't support ja3 customization.
I have written a proof-of-concept for this using goproxy and tls-client: https://github.com/rosahaj/tlsproxy
Per #2 - multiple instances won't work easily since proxy username contains parameters such as session_id, which means that every request may have a different proxy user...
@atyachin support proxy auth now. For 2 and 3, is https://github.com/rosahaj/tlsproxy a suitable solution for you?
@LyleMi I'm currently testing the tlsproxy project. I noticed that it is based on the https://github.com/bogdanfinn/tls-client project for customizing the ja3 fingerprints. Do you know how is that library different from the TLS handshake process that you do in this project?
@LyleMi I'm currently testing the tlsproxy project. I noticed that it is based on the https://github.com/bogdanfinn/tls-client project for customizing the ja3 fingerprints. Do you know how is that library different from the TLS handshake process that you do in this project?
I can comment on that. tls-client is using uTLS under the hood, so the TLS handshake process is the same. Unfortunately tls-client uses https://github.com/bogdanfinn/fhttp instead of net/http, which makes it difficult to integrate with goproxy. tlsproxy currently segfaults on some requests due to a faulty conversion of fhttp responses to http responses - it's really just a proof-of-concept.
A much better approach would be to modify goproxy to use uTLS directly, then leverage goproxy's hook-like functionality to implement per-request options for upstream proxy and TLS fingerprint. At first glance, https://github.com/saucesteals/utlsproxy provides a really good basis for implementing all of the desired features. A mixture between ja3proxy's CA generation process, tlsproxy's API and utlsproxy's custom goproxy implementation would likely produce the most versatile and customizable TLS fingerprint mimicry proxy.
@LyleMi I'm currently testing the tlsproxy project. I noticed that it is based on the https://github.com/bogdanfinn/tls-client project for customizing the ja3 fingerprints. Do you know how is that library different from the TLS handshake process that you do in this project?
Update: I spent some time improving tlsproxy. Instead of tls-client, uTLS is used directly via Snowflake. The current implementation looks pretty stable - I'm able to proxy all Firefox traffic through it and visit any website without issues. So it's usable, but I won't be able to guarantee continued maintenance.
I want you to add support for specifying raw data ja3 in header per request and global config I know that utls supports generating hello client from raw ja3.
const headers = {
'x-tlsproxy-upstream': 'socks5://localhost:1234',
'x-tlsproxy-ja3': '771,4865-4866-4867-49195-49199-49196-49200-52393-52392-49171-49172-156-157-47-53,0-23-65281-10-11-35-16-5-13-18-51-45-43-27-17513,29-23-24,0'
}
What do you think about this?
May be and add return socket with upstream proxy onConnect so that you can write in one open connection with proxy and one tls session? Openning connection with upstream proxy per request may be time consuming. Therefore, I suggest opening a connection on onConnect using the tls configuration from headers onConnect
(Windows CLI) `D:\Dev_Tools\ja3Proxy\ja3proxy-v0.2-windows-amd64>ja3proxy.exe -port 8080 -client Chrome -version 58 -upstream "127.0.0.1:8866" flag provided but not defined: -upstream Usage of ja3proxy.exe: -addr string proxy listen host -cert string proxy tls cert (default "cert.pem") -client string utls client (default "Golang") -debug enable debug -key string proxy tls key (default "key.pem") -port string proxy listen port (default "8080") -version string utls client version (default "0")
D:\Dev_Tools\ja3Proxy\ja3proxy-v0.2-windows-amd64>`
Does ja3proxy-v0.2-windows-amd64.zip
on windows is no update? Why i cant use param of "upstream"?
(Windows CLI) `D:\Dev_Tools\ja3Proxy\ja3proxy-v0.2-windows-amd64>ja3proxy.exe -port 8080 -client Chrome -version 58 -upstream "127.0.0.1:8866" flag provided but not defined: -upstream Usage of ja3proxy.exe: -addr string proxy listen host -cert string proxy tls cert (default "cert.pem") -client string utls client (default "Golang") -debug enable debug -key string proxy tls key (default "key.pem") -port string proxy listen port (default "8080") -version string utls client version (default "0")
D:\Dev_Tools\ja3Proxy\ja3proxy-v0.2-windows-amd64>`
Does
ja3proxy-v0.2-windows-amd64.zip
on windows is no update? Why i cant use param of "upstream"?
This is because v0.2 does not include the latest commit, you can try the new release @wiop93256
Would it be possible to add an option to chain a second proxy between the ja3proxy and the final destination?
So the request would look like: client --> ja3proxy --> other_proxy --> destination server (goal is the pass the modified ja3 signature via the second proxy to the server)
The 2nd proxy params can be passed as parameters to ja3proxy.
Thanks!