Impersonate ClientHello with UtlsGREASEExtension

refraction-networking / utls

Fork of the Go standard TLS library, providing low-level access to the ClientHello for mimicry purposes.

BSD 3-Clause "New" or "Revised" License

1.71k stars 250 forks source link

Impersonate ClientHello with UtlsGREASEExtension #128

Closed chabior closed 2 years ago

chabior commented 2 years ago

Hello

I want to impersonate a request using two Grease Extensions, but when I try to mimic it, a different type value is generated, resulting in a different JA3 fingerprint.

What I do in code: &tls.UtlsGREASEExtension{ Value: 60138, }

But in wireshark it shows different value with every request Screenshot from 2022-10-25 11-10-55

Am I doing something wrong?

gaukas commented 2 years ago

iirc UtlsGREASEExtension at some point gets replaced by a random value: https://github.com/refraction-networking/utls/blob/862fe372d939c53bb10cb4fd11263f3766589892/u_parrots.go#L1934-L1944

But I second that it would be a good idea if we allow mimicking fixed GREASE value, if a certain GREASE value is at all meaningful.

gaukas commented 2 years ago

Perhaps it is a good idea if we check if Value is set (to non-zero) and if so, don't overwrite the value.

gaukas commented 2 years ago

~Implemented in #139.~

~Planning to make it appear in the next tagged version in 2 weeks.~

gaukas commented 2 years ago

Actually after inspecting your usage, you may want to use GenericExtension instead.