Customizable CipherSuites and Extensions
aj3423 opened this issue · 4 comments
Description
In the image below, the left side is captured from an app on android 13, the right side is sent from CycleTls.
Some problems:
- How to remove the "GREASE" in Cipher Suite?
- How to remove the "GREASE" in Extension List?
- Fix the extension PreSharedKey?
Found in the source:
utils.go 241: "41": &utls.GenericExtension{Id: 41}, //FIXME pre_shared_key
I see it's implemented in utls
There is another golang tls library requests using it as:
"41": &utls.UtlsPreSharedKeyExtension{}`
- Customize extension detail, for example the SignatureAlgorithms(9 algorithms with phone but 11 with CycleTls), and lots of extensions are different in detail, need a way for customizing.
The "requests" library mentioned above supports it like:
req := url.NewRequest()
req.TLSExtensions = transport.ToTLSExtensions(&transport.Extensions{
SupportedSignatureAlgorithms: []string{
"ECDSAWithP256AndSHA256", // 0x403
// ...
"PKCS1WithSHA1", // 0x201
},
DelegatedCredentials: []string{
"ECDSAWithP256AndSHA256", // 0x403
// ...
"ECDSAWithSHA1", // 0x203
},
SupportedVersions: []string{
"1.3",
"1.2",
"1.1",
"1.0",
},
KeyShareCurves: []string{
"X25519",
},
})Any idea? Thanks.
Environment: Linux, Golang 1.21.0
Issue Type
Feature Request
Operating System
Linux
Node Version
None
Golang Version
Other
Relevant Log Output
No response
I'll get this implemented, out of curiosity what are you using to inspect a mobile phones cypher suites?
@Danny-Dasilva Thanks. In the image it's Wireshark, I captured packets with PCAPDroid on the phone, it can dump packets to a .pcap file, then transfer it to PC and open with Wireshark.
any updates?
UtlsPreSharedKeyExtension in the requests library above and in utls doesn't get returned when testing against most ja3 sites such as https://tls.peet.ws/, I'm looking into a fix still. The issues with grease should be resolved, and a fully configurable interface is being written