Closed vellrya closed 9 months ago
Padding extension (21) is well implemented and fully supported by (*Fingerprinter).FingerprintClientHello
.
I used the following code to establish a connection successfully with a remote server (slightly modified based on TestUTLSHandshakeClientFingerprintedSpecFromRaw
.
Will you be able to provide a minimal example where you call (*Fingerprinter).FingerprintClientHello
with proper padding extension and yield a ClientHelloSpec
that is not well padded?
Also, in terms of the upstream (crypto/tls
), they simply don't care.
Hmm, that's interesting) Yes, your example actually works, but I have a ClientHello sample where the error is reproduced. Can I send it to the email listed in your profile, as I'm not sure I can publicly disclose the URL of a 3rd party site?
Original ClientHello: Fingerptined ClientHello:
The padding seems to have been lost
Can I send it to the email listed in your profile
That would work.
Please include your original pcap as well as your example code, so I can give it a look. Possibly it is due to how it is parsed/read into your program.
After inspecting your use case and check with uTLS's implementation, here's what I find:
uTLS uses BoringPaddingStyle
, which pads only when the length of a ClientHello is greater than 255 bytes (0xFF
): https://github.com/refraction-networking/utls/blob/d39ed1bc7dd1dd061b984046b23ea3c89b84dd99/u_tls_extensions.go#L1052-L1063
Your ClientHello is not long enough and according to BoringSSL it should not be padded. If you still want it to be padded, for now temporarily you can manually change the GetPaddingLen
to a function that always return 512-length
or something. I will try to open a pull request to add an AlwaysPadToXXX
to be used for parsed fingerprints since it is better to honor the choice of these input fingerprints even when they are non-standard.
Hello. I'm using FingerprintClientHello and noticed that it doesn't support padding extension (21), which makes the ja3 fingerprint do not match the original fp in some cases.
There was a proposal in the original library to add support for this extension, but in 3 years it was still not implemented: https://github.com/golang/go/issues/39271
How difficult is it to implement this?