Open ghost opened 2 years ago
Hello, currently you cannot use this feature on Windows since by default it uses the SChannel TLS provider which does not allow to configure cipher suites on a per-request basis, unless you manually change them from your windows policies. You can only use this feature on macOS/Linux if you installed the latest openssl
library.
There is already an issue where I mention this https://github.com/openbullet/OpenBullet2/issues/691
Also on macOS/Linux you need to use RuriLibHttp
(which does not support HTTP 2.0) in order to use this feature, or you can use SystemNet
(which supports HTTP 2.0) but I'm pretty sure it only works with socks4/4a/5 proxies (not with HTTP proxies, not without proxies).
To sum it up...
RuriLibHttp with latest openssl
Does not support HTTP/2.0
OS | SOCKS 4/4a/5 | Http | No proxy |
---|---|---|---|
Windows | |||
Linux | ✔️ | ✔️ | ✔️ |
macOS | ✔️ | ✔️ | ✔️ |
SystemNet with latest openssl
Supports HTTP/2.0
OS | SOCKS 4/4a/5 | Http | No proxy |
---|---|---|---|
Windows | |||
Linux | ✔️ | ||
macOS | ✔️ |
Explanation on why this is like it is https://stackoverflow.com/questions/72064030/how-to-use-openssl-with-tls-in-net-core-on-windows
Please try and let me know. I will leave this open as it's a bit more informative.
Thanks a lot for the reply. Didn't know it doesn't work on windows. I'll try use it on linux. For anyone wondering, how to randomize JA3 fingerprint on windows, I used CycleTLS library for NodeJS (https://github.com/Danny-Dasilva/CycleTLS)
const initCycleTLS = require('cycletls');
// Typescript: import initCycleTLS from 'cycletls';
(async () => {
// Initiate CycleTLS
const cycleTLS = await initCycleTLS();
// Send request
const response = await cycleTLS('https://ja3er.com/json', {
body: '',
ja3: '771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49162-49161-49171-49172-51-57-47-53-10,0-23-65281-10-11-35-16-5-51-43-13-45-28-21,29-23-24-25-256-257,0',
userAgent: 'Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:87.0) Gecko/20100101 Firefox/87.0',
proxy: 'http://username:password@hostname.com:443'
}, 'get');
console.log(response);
// Cleanly exit CycleTLS
cycleTLS.exit();
})();
You can also use this code with Openbullet2 nodejs interop block. You can create an array with JA3 fingerprints downloaded from here: https://ja3er.com/downloads.html and then just take random item from array. It worked perfectly for me on Windows 11 + OpenBullet2.
I also wish something like this could be implemented in OpenBullet, since randomizing only ciphers is kinda weak randomization. Thanks!
I also wish something like this could be implemented in OpenBullet, since randomizing only ciphers is kinda weak randomization.
Yes this is something I intend to do, I just don't have much time to work on OB2 since I have another job that is taking up most of my time.
Also, thank you so much for the very helpful insight on ja3 and the nodejs library, I will definitely take a look at it as soon as I find some time!
I also wanted to add that it's not necessary to install linux in a VM or buy a VPS or anything like that to try this, you can just install docker and spin up an openbullet2
container, it will already have openssl
included and you will be able to try the custom cipher suites in a matter of minutes! You can find a tutorial for this here
Thanks a lot for the reply. Didn't know it doesn't work on windows. I'll try use it on linux. For anyone wondering, how to randomize JA3 fingerprint on windows, I used CycleTLS library for NodeJS
hey? can u explain more install details about CycleTLS for windows +openbullet 2? thank u
bump
At today there is an project made in c# https://github.com/mnickw/CycleTLS-dotnet,
You could add this proyect into openbullet2, or looking for a way to compile into DLL the go module inside the main project https://github.com/Danny-Dasilva/CycleTLS
Version of the software
0.2.4
Operating system
Windows Server 2019
Browser / Native
Chrome
What happened?
According to https://github.com/salesforce/ja3
You can view your tls fingerprint here: https://ja3er.com/ or here in JSON format: https://ja3er.com/json
I made a small project to get JA3 fingerprint of Openbullet2(code provided below).
After sending multiple requests, JA3 fingerprint hash was identical for all of them. Next, I changed Http Library to SystemNet and switched on Use Custom Cipher Suites, according to how JA3 fingerprinting works, the hash should change as one of five values is Accepted Ciphers, leaving only of the default listed chipers in OpenBullet2, the hash stayed identical to what I got previously. Proof: https://prnt.sc/D4LP4AEw4bsO and https://prnt.sc/gekBrmu8Mz13 So, my conclusion is: Custom Cipher Suites does not work as it should, giving various custom chipers should change TLS fingerprint to bypass WAF of such companies as Akamai, etc.
Article to better understand how spoofing JA3 works: https://medium.com/cu-cyber/impersonating-ja3-fingerprints-b9f555880e42
Relevant LoliCode if needed