search

refraction-networking / utls

Fork of the Go standard TLS library, providing low-level access to the ClientHello for mimicry purposes.
BSD 3-Clause "New" or "Revised" License
1.71k stars 246 forks source link

remote error: tls: missing extension #241

Closed uoosef closed 1 year ago

uoosef commented 1 year ago

hello when im using this code from example folder to implement a simple doh client and accessing this host https://dns.rotunneling.net/dns-query/public

utlsConn := tls.UClient(plainConn, config, tls.HelloCustom)
    spec := tls.ClientHelloSpec{
        TLSVersMax: tls.VersionTLS13,
        TLSVersMin: tls.VersionTLS10,
        CipherSuites: []uint16{
            tls.GREASE_PLACEHOLDER,
            tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
            tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
            tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
            tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
            tls.TLS_AES_128_GCM_SHA256, // tls 1.3
            tls.FAKE_TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
            tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
            tls.TLS_RSA_WITH_AES_256_CBC_SHA,
        },
        Extensions: []tls.TLSExtension{
            &tls.SNIExtension{},
            &tls.SupportedCurvesExtension{Curves: []tls.CurveID{tls.X25519, tls.CurveP256}},
            &tls.SupportedPointsExtension{SupportedPoints: []byte{0}}, // uncompressed
            &tls.SessionTicketExtension{},
            &tls.ALPNExtension{AlpnProtocols: []string{"myFancyProtocol", "http/1.1"}},
            &tls.SignatureAlgorithmsExtension{SupportedSignatureAlgorithms: []tls.SignatureScheme{
                tls.ECDSAWithP256AndSHA256,
                tls.ECDSAWithP384AndSHA384,
                tls.ECDSAWithP521AndSHA512,
                tls.PSSWithSHA256,
                tls.PSSWithSHA384,
                tls.PSSWithSHA512,
                tls.PKCS1WithSHA256,
                tls.PKCS1WithSHA384,
                tls.PKCS1WithSHA512,
                tls.ECDSAWithSHA1,
                tls.PKCS1WithSHA1}},
            &tls.KeyShareExtension{KeyShares: []tls.KeyShare{
                {Group: tls.CurveID(tls.GREASE_PLACEHOLDER), Data: []byte{0}},
                {Group: tls.X25519},
            }},
            &tls.PSKKeyExchangeModesExtension{Modes: []uint8{1}}, // pskModeDHE
            &tls.SupportedVersionsExtension{Versions: []uint16{
                tls.VersionTLS13,
                tls.VersionTLS12,
                tls.VersionTLS11,
                tls.VersionTLS10}},
        },
        GetSessionID: nil,
    }
    err := utlsConn.ApplyPreset(&spec)

    if err != nil {
        return nil, fmt.Errorf("uTlsConn.Handshake() error: %+v", err)
    }

    return utlsConn, nil

i get this error

 Get \"https://dns.rotunneling.net/dns-query/public?dns=AAABAAABAAAAAAAAA3d3dwZnb29nbGUDY29tAAABAAE\": remote error: tls: missing extension

how can i fix this issue ?

gaukas commented 1 year ago

Have you tried using any of the existing parrots from u_parrot.go? It is hard to know which extension is missing from your ClientHelloSpec since it is a general remote error.

gaukas commented 1 year ago

Well, I guess here's some general advice for debugging:

  1. Locate from which line does the error come from
  2. Capture at least one ClientHello from any other client which DOES work
  3. Check the difference in between

If anyone ever encounter the same issue.

uoosef commented 1 year ago

My bad, I forget to call

err = uTlsConn.Handshake()

after setting custom spec, its intersting that it works on some sites without directly calling the handshake for exapmle it works on cloudflare without calling the handshake!

gaukas commented 1 year ago

Hmm. Can you double check with wireshark or tcpdump? Sounds like something related to #75.

gaukas commented 1 year ago

Just check if the ClientHello message got sent is the one you expected or not when you don't explicitly call .Handshake().