search

saucesteals / utlsproxy

MITM Proxy with TLS mimicry
GNU General Public License v3.0
38 stars 4 forks source link

Record and re-use TLS profiles #6

Open clouedoc opened 5 months ago

clouedoc commented 5 months ago

I am looking to inspect an HTTPS flow with Mitmproxy without altering the TLS fingerprint.

So, I am looking for this kind of setup:

Android device --> Mitmproxy --> proxychains(utlsproxy)

I will document my findings here.

clouedoc commented 5 months ago

From what I read, the main change happens here: https://github.com/saucesteals/goproxy/commit/804168ed02f908bef3f291a4dc65acff477dcecc#diff-9eb708469ebd17cf090b3e0e1a04c074850beb22e94ea3d327ad0610ec7bad32

image
  1. The connection is established between the client and goproxy
  2. The ClientHello of the connection gets sniffed
  3. The ClientHello gets fingerprinted and converted to a ClientHelloSpec, which is a blueprint to create new ClientHello matching the fingerprint.
  4. A new connection gets dialed with our interception certificate and a UTLS client using the clientHelloSpec

I think I can simply record the ClientHello into a file and fingerprint it again and again at runtime. This would have the benefit of keeping ground-truth data in-tree rather than only possibly faulty specs.

TODO

clouedoc commented 5 months ago

Managed to make it work!

I managed to make everything work.

My testing command:

curl -k --proxy localhost:8080 https://tls.peet.ws/api/tls | jq .tls.peetprint_hash

I first set my computer's global proxy to UTLSProxy and directed Safari to a website. It saved the client hello.

I then relaunched with an environment variable that overwrites the ClientHello, pointed to the one I saved. I then used cURL with utlsproxy and managed to get a Safari fingerprint

Next step

clouedoc commented 5 months ago

I will leave this PR open to discuss ClientHello reuse and open a new one concerning upstream proxies.