JA3S Fingerprint Generation Fail

[burpheart]

tlsx version:v1.1.6

Current Behavior:

I've encountered an issue with the generation of JA3S fingerprints in the GetJa3Hash function. The problem lies in the following code snippet:

    if len(clientHello.CipherSuites) != 0 {
        for _, val := range clientHello.CipherSuites {
            byteString = strconv.AppendUint(byteString, uint64(val), 10)
            byteString = append(byteString, dashByte)
        }
        // Replace last dash with a comma
        byteString[len(byteString)-1] = commaByte
    } else {
        byteString = append(byteString, commaByte)
    }

https://github.com/projectdiscovery/tlsx/blob/f60f2bac3f2fd90c4d34ead0eea45758b520a47f/pkg/tlsx/ztls/ja3/ja3.go#L46C1-L55C3

The range function does not guarantee a specific order when iterating over clientHello.CipherSuites. This leads to an unstable JA3S fingerprint generation, even when using the same CipherSuites.

Expected Behavior:

The JA3S fingerprint generation should be stable and consistent when using the same CipherSuites.

Steps To Reproduce:

Run 'tlsx -u https://1.1.1.1:443 -ja3 -silent' Observe that the generated JA3S fingerprint is not consistent.

Anything else:

This could potentially lead to incorrect fingerprint matching and should be addressed. A possible solution could be to sort the CipherSuites before generating the fingerprint to ensure consistent results?

[burpheart]

In addition, the JA3S implementation is completely wrong and should use Server Hello instead of Client Hello The format of the fingerprint is as follows TLSVersion,Cipher,Extensions